I want to add authentication to a Seaside app I'm programming.
Particularly to the REST API I implemented by means of a WARestfulFilter. I want to use HTTP authentication against my existing authentication subsystem. But I don't know where to "hook in" the authentication process. Options: 1) Should I have my own Zinc delegate for the API? Authenticating everything before it reaches the ZnSeasideServerAdaptorDelegate? 2) Should I have to use something different than WARestfulFilter and use instead a WARestfulHandler starting at a different URN path? (maybe with a different delegate at that path). E.g. have the "common" seaside delegate installed a myhost/ui/ and the "REST" http authenticated delegate installed at "myhost/api/"? Any suggestion is welcome. -- Regards! |
Hi Esteban,
On 16 Sep 2013, at 04:25, "Esteban A. Maringolo" <[hidden email]> wrote: > I want to add authentication to a Seaside app I'm programming. > > Particularly to the REST API I implemented by means of a WARestfulFilter. I > want to use HTTP authentication against my existing authentication > subsystem. > > But I don't know where to "hook in" the authentication process. > Options: > 1) Should I have my own Zinc delegate for the API? Authenticating everything > before it reaches the ZnSeasideServerAdaptorDelegate? I think both options are valid, but I am only going to answer how to do it in Zinc. You can keep the ZnSeasideServerAdaptorDelegate, authentication in Zinc is orthogonal to request handling. All you have to do is set an authenticator object for the Zn server. Have a look at ZnServer>>#authenticator: and ZnBasicAuthenticator (and its usages in tests). Since authentication is quite specific to most projects, you will probably want to implement your own authenticator. HTH, Sven > 2) Should I have to use something different than WARestfulFilter and use > instead a WARestfulHandler starting at a different URN path? (maybe with a > different delegate at that path). > E.g. have the "common" seaside delegate installed a myhost/ui/ and the > "REST" http authenticated delegate installed at "myhost/api/"? > > > Any suggestion is welcome. > > -- > Regards! > > > > > > > > > -- > View this message in context: http://forum.world.st/Authenticating-requests-of-Seaside-REST-filters-Using-Zinc-tp4708474.html > Sent from the Seaside General mailing list archive at Nabble.com. > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside -- Sven Van Caekenberghe http://stfx.eu Smalltalk is the Red Pill _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
In reply to this post by Esteban A. Maringolo
On Mon, Sep 16, 2013 at 4:25 AM, Esteban A. Maringolo
<[hidden email]> wrote: > I want to add authentication to a Seaside app I'm programming. > > Particularly to the REST API I implemented by means of a WARestfulFilter. I > want to use HTTP authentication against my existing authentication > subsystem. > > But I don't know where to "hook in" the authentication process. > Options: > 1) Should I have my own Zinc delegate for the API? Authenticating everything > before it reaches the ZnSeasideServerAdaptorDelegate? > > 2) Should I have to use something different than WARestfulFilter and use > instead a WARestfulHandler starting at a different URN path? (maybe with a > different delegate at that path). > E.g. have the "common" seaside delegate installed a myhost/ui/ and the Add a WAAuthenticationFilter around it. Cheers Philippe _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Sven, Phillipe,
While I was debugging the request/response cycle I found I could plug in an authenticator in the Zinc delegate. Or as Philippe suggest I can also use the WAAuthenticationFilter. But any of those options will require the authentication also for "normal" requests (it is, no REST) that go to the same URI. The web application is authenticated at the app level (login form, custom WASession class, etc), but all HTTP requests are accepted. On the other hand I want the REST API to authenticate all requests at HTTP level, because it is going to be 100% stateless. Any of the proposed solutions seems to be all-or-nothing authentication at the delegate or seaside app level. Or maybe I'm not understanding something. The only solution I found for this was to have my own Zinc delegate to the REST API, and move everything to different "branches" of the server. It is: * Regular not authenticated ZnSeasideServerAdaptorDelegate handling everything at myserver/webapp/* * HTTP Authentication enabled ZnSeasideServerAdaptorDelegate handling everything at myserver/api/* But maybe there is a simpler option. Thank you! |
On Mon, Sep 16, 2013 at 2:04 PM, Esteban A. Maringolo
<[hidden email]> wrote: > Sven, Phillipe, > > While I was debugging the request/response cycle I found I could plug in an > authenticator in the Zinc delegate. Or as Philippe suggest I can also use > the WAAuthenticationFilter. > > But any of those options will require the authentication also for "normal" > requests (it is, no REST) that go to the same URI. > > The web application is authenticated at the app level (login form, custom > WASession class, etc), but all HTTP requests are accepted. > On the other hand I want the REST API to authenticate all requests at HTTP > level, because it is going to be 100% stateless. > > Any of the proposed solutions seems to be all-or-nothing authentication at > the delegate or seaside app level. Or maybe I'm not understanding something. > > The only solution I found for this was to have my own Zinc delegate to the > REST API, and move everything to different "branches" of the server. > It is: > * Regular not authenticated ZnSeasideServerAdaptorDelegate handling > everything at myserver/webapp/* > * HTTP Authentication enabled ZnSeasideServerAdaptorDelegate handling > everything at myserver/api/* It sort of depends what you request handler set up is. If you have a different request handler for 'webapp' and 'api' then you can add the filter only to 'api'. Otherwise you can subclass WAAuthenticationFilter, override #handleFiltered:, look at the path consumer and decided whether to authenticate or not. Cheers Philippe _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
2013/9/16 Philippe Marschall <[hidden email]>:
> Otherwise you can subclass > WAAuthenticationFilter, override #handleFiltered:, look at the path > consumer and decided whether to authenticate or not. I thought this was some sort of hack, but now you also think about it, maybe it's not. :) I'll use this approach. It will save me from using two different handlers. And I still be able to run the seaside delegate at the root of the Zinc server (/). Regards! _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Free forum by Nabble | Edit this page |