On Dec 14, 2007 8:28 PM, Martin Gilday <[EMAIL PROTECTED]> wrote: > Hi Don, > I think we are using WS-Security, but I have not been too involved in > it. I just wanted to confirm that a reasonable equivalent was > available.
There is no full equivalent for WS-Security, but you can accomplish many of the same things using built-in HTTP features. > Is it possible with the S2 plugin to do one of the classical examples of > getting resources by date e.g. /orders/2007/12/13. It would be great if > you could map that onto something like a Joda MutableDateTime. From the > wiki you just seem to be able to have a single ID parameter set on your > action. I really like the Django approach of a mapping script where you > define regex expressions which map onto functions with all the defined > parameter placeholders. No, at this point, you can't include anything with a slash. Well, you can, but it'll have to be created using normal XWork configuration and perhaps a few wildcards. Don > > Martin. > > > > ----- Original message ----- > From: "Don Brown" <[EMAIL PROTECTED]> > To: "Struts Users Mailing List" <user@struts.apache.org> > Date: Fri, 14 Dec 2007 09:48:03 +1100 > Subject: Re: REST plugin and security > > If you are putting username and password in the soap headers, why not > just use basic authentication for your REST services, which basically > does the same thing? If over the wire security is a problem, use > HTTPS. > > Don > > On Dec 14, 2007 1:44 AM, Martin Gilday <[EMAIL PROTECTED]> wrote: > > Hi, > > We are interested in using the REST plugin to extend customer choice and > > complement our WS-* services. We are particularly interested in the > > multiple response types (.xml, .json etc). One thing I am not sure of > > is how we handle security. Say we have an order (/order/1234.xml), how > > can we protect this so this is only available to the owner of the order? > > In our current system they would provide their username and password in > > the soap security headers. We use Acegi/Spring Security. This is > > probably more of a general REST issue, but I am interested in if the > > plugin helps out at all. > > > > Thanks, > > Martin. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
