Okay, so I’m migrating my system over to being more RESTful and quite
enjoying the process. The obvious thing that happens is you start
thinking about how easy it is for everything to start using the rails
rest interfaces for getting and manipulating data.
But what happens when I want to control who can call an update or
delete? In rails I’d have a before_filter to check authorisation, but
what happens with some other application trying to consume my service
that hasn’t neccessarily logged in to the web page?
How could I replicate the login process in something outside of rails
to make the most of the REST services I’m creating?
Okay, so I’m migrating my system over to being more RESTful
[snip]
But what happens when I want to control who can call an update or
delete? In rails I’d have a before_filter to check authorisation, but
what happens with some other application trying to consume my service
that hasn’t neccessarily logged in to the web page?
How could I replicate the login process in something outside of rails
to make the most of the REST services I’m creating?
You could use an HTTP Authentication scheme (Basic or Digest), such
as the one provided by the restful_authentication plugin[1] for both
HTML and XML requests. I am assuming your services use XML to talk to
each other…