Hi,
I'm trying to secure a set of REST services I've written using Lift. I
came across a very cool snippet that David shared (and that is blogged
in detail here:
http://blog.getintheloop.eu/2011/02/23/http-dispatch-guards-using-partial-function/
). Basically, you can use a partial function to ensure an
authenticated user like this:
LiftRules.dispatch.append(withAuthentication guard MyService)
I really like this method, except that when I try to access a resource
in my service while not authenticated, I get a 404 instead of a 403. I
believe this is because the partial function fails and so MyService is
never added to the dispatch table.
I have services that require auth and others that do not. What is a
good pattern for protecting the ones that require auth?
The only thing I've really come up with is to put the protected
services behind a URL that is easily pattern matched (ie: /api/secure/
resource1). That is easy to do, but I was hoping for something with
the readability of the first approach.
Any suggestions?
Thanks!