I have an user object for my restful service, which has an userid and a password. It is just for authorization stuff. Should I do it as a resource like /user/{id} or put it just in a HashMap?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have an user object for my restful service, which has an userid and a password. It is just for authorization stuff. Should I do it as a resource like /user/{id} or put it just in a HashMap?
I have recently written my first RESTful service. I used Basic authentication along with HTTPS. This means any resource which I deemed as requiring authentication rejected any request with a 401 (Unauthorized) response when the Auth header was either absent or did not contain valid credentials.
There is no need for seperate resource to control access.
Having said all that, I readily admit I am not a REST guru or security guru. So there may be other ways of dealing with this, but this one worked just fine for me.
There are many different ways to implement security in a RESTful service and there is not black and white right/wrong ways, just what suits best. I have heard of people using token based authentication and there is also OAuth which is what I will be moving my service to at some point in the future. Well, OAuth2 anyway.