CakePHP - combine ACL with REST API
i created an application with some models, after that, i used ACL and created some ACOs to protect my Application.
Now i wanted to a开发者_如何学运维dd a RESTful API to my application, so i edited routes.php
with something like that
Router::mapResources('routes');
Router::parseExtensions();
this also works fine, for example going to http://localhost/myapp/routes.json
gives me a json object of my routes if i'm already logged in
shure, somebody cannot do a login with a web-form when he is using my API, so i want to know if it is possible to send the regular login informations with the request using REST Auth Basic (or Digest) and use the working ACL in my App to authenticate and show the result object (or if its wrong, send the right header)
any ideas?
if something is unclear, PLEASE leave a comment
i used the newest cake php version 1.3.3
If you look at other API based services, usually they use token to identify user. For example if there is username matt and he has token 123456, you can give him access to url http://localhost/myapp/123456/routes.json. Then, in your controller, you can authenticate the user by using token.
http digest authentication is possible when javascript is used to handle the authentication process, non-javascript clients default to having the standard popup. Probably they won't mind though.
Info found at http://www.peej.co.uk/articles/http-auth-with-html-forms.html :
The main reason people walk away from using HTTP authentication is that they want control over the look of the login form and most browsers display an awful looking dialog box. So what we need is a way for HTML forms to pass HTTP auth data when it's submitted. The HTML spec provides HTML forms as a way to create queries and to POST urlencoded data to a URL, but can we subvert it?
It comes with a warning :)
Warning: The solution outlined in this article is experimental and might be a complete lie, be warned that your mileage may/will vary.
精彩评论