What is the best way to go about applying a security model using this library?
Ben
approach similar to the way Flickr does. What would be the best way to
go about applying that?
Regards
Ben
mike amundsen
Support for a cookie-based authentication pattern w/in Exyus is
missing right now. That's a problem.
I have a stand-alone version that does the following:
- check for standard "Authorization Header"
- if exists, handle as usual
- if missing, check for pre-defined cookie ("Exyus-Auth")
- if exists, treat it like a valid Basic Auth HTTP Header
("Authorization: Basic [token]") and handle as usual
- if both fail, throw either 401
this is a partial solution, but not the whole thing. additional work
needs to be done to know when to throw 403 only (no auth dialog) or to
forward to a predfined login page.
the above pattern can be explicitly coded within a Resource class that
you create (derived from one of the base classes). It's a bit of
work, but I've done it.
Let me know if you want to pursue this further and I'll see if i can
work up an example based on some feedback from you.
MCA