This configuration that Taha suggested seems to do the trick. The error is
gone. I say seems because without it would work sometimes (not sure why
though).
The annotation however dont seem to work. Even if I put them they dont
restrict the access to the method. Any idea why?
@RequiresAuthentication
@GET
@Path("/{id}")
public User getUser(@PathParam("id") Long id) {
return systemManager.getUser(id);
}
Above is the example of the method.
I have a question because I am not sure how should all of this work. In
normal application when the user is authenticated he gets a token and then
that token is used to check his credentials, am i right? When does he gets
that token, presumably in a form of a cookie? Is Shiro responsible for that
or tapestry?
In rest part of the application I can also have a login method, but when and
what returns the cookie to the user? Presumably that something can return
it.
If I dont use the session, and I send the username/password each time, how
should I format the url? Will I always have to use POST and not GET?
If I use GET wont then my url be something like
address/rest/username/passoword/project/all or something along those lines?
Thank you all for your help
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/Tapestry-Tynamo-Rest-and-security-integration-questions-tp5714525p5714572.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
