If you are putting username and password in the soap headers, why not just use basic authentication for your REST services, which basically does the same thing? If over the wire security is a problem, use HTTPS.
Don On Dec 14, 2007 1:44 AM, Martin Gilday <[EMAIL PROTECTED]> wrote: > Hi, > We are interested in using the REST plugin to extend customer choice and > complement our WS-* services. We are particularly interested in the > multiple response types (.xml, .json etc). One thing I am not sure of > is how we handle security. Say we have an order (/order/1234.xml), how > can we protect this so this is only available to the owner of the order? > In our current system they would provide their username and password in > the soap security headers. We use Acegi/Spring Security. This is > probably more of a general REST issue, but I am interested in if the > plugin helps out at all. > > Thanks, > Martin. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
