[Seaside] Authenticating requests of Seaside REST filters (Using Zinc?)

Sven Van Caekenberghe sven at stfx.eu
Mon Sep 16 08:07:04 UTC 2013

Hi Esteban,

On 16 Sep 2013, at 04:25, "Esteban A. Maringolo" <emaringolo at gmail.com> wrote:

> I want to add authentication to a Seaside app I'm programming.
> Particularly to the REST API I implemented by means of a WARestfulFilter. I
> want to use HTTP authentication against my existing authentication
> subsystem. 
> But I don't know where to "hook in" the authentication process.
> Options:
> 1) Should I have my own Zinc delegate for the API? Authenticating everything
> before it reaches the ZnSeasideServerAdaptorDelegate?

I think both options are valid, but I am only going to answer how to do it in Zinc. You can keep the ZnSeasideServerAdaptorDelegate, authentication in Zinc is orthogonal to request handling. All you have to do is set an authenticator object for the Zn server.

Have a look at ZnServer>>#authenticator: and ZnBasicAuthenticator (and its usages in tests). Since authentication is quite specific to most projects, you will probably want to implement your own authenticator.



> 2) Should I have to use something different than WARestfulFilter and use
> instead a WARestfulHandler starting at a different URN path? (maybe with a
> different delegate at that path).
> E.g. have the "common" seaside delegate installed a myhost/ui/ and the
> "REST" http authenticated delegate installed at "myhost/api/"?
> Any suggestion is welcome.
> --
> Regards!
> --
> View this message in context: http://forum.world.st/Authenticating-requests-of-Seaside-REST-filters-Using-Zinc-tp4708474.html
> Sent from the Seaside General mailing list archive at Nabble.com.
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Sven Van Caekenberghe
Smalltalk is the Red Pill

More information about the seaside mailing list