[Seaside] Re: Authenticating requests of Seaside REST filters (Using Zinc?)

Esteban A. Maringolo emaringolo at gmail.com
Mon Sep 16 12:04:00 UTC 2013

Sven, Phillipe,

While I was debugging the request/response cycle I found I could plug in an
authenticator in the Zinc delegate. Or as Philippe suggest I can also use
the WAAuthenticationFilter.

But any of those options will require the authentication also for "normal"
requests (it is, no REST) that go to the same URI. 

The web application is authenticated at the app level (login form, custom
WASession class, etc), but all HTTP requests are accepted.
On the other hand I want the REST API to authenticate all requests at HTTP
level, because it is going to be 100% stateless.

Any of the proposed solutions seems to be all-or-nothing authentication at
the delegate or seaside app level. Or maybe I'm not understanding something.

The only solution I found for this was to have my own Zinc delegate to the
REST API, and move everything to different "branches" of the server.
It is:
* Regular not authenticated ZnSeasideServerAdaptorDelegate handling
everything at myserver/webapp/*
* HTTP Authentication enabled ZnSeasideServerAdaptorDelegate handling
everything at myserver/api/*

But maybe there is a simpler option.

Thank you!

View this message in context: http://forum.world.st/Authenticating-requests-of-Seaside-REST-filters-Using-Zinc-tp4708474p4708542.html
Sent from the Seaside General mailing list archive at Nabble.com.

More information about the seaside mailing list