I have just implemented my first Restlet application (finally :]) and now I'm onto a bigger question. I built a really simple resource called LoginResource, which allows a POST and a GET operation to allow users to login and to check if they're logged in, respectively. Now that I've implemented this and I can actually have a client call the server, "log in," and see a result, how can I actually keep track of whether someone is logged in or not?
My application needs the following:
- I need a way to have a client initially log in and be able to see if they're logged in via a resource.
- I need to provide "secured" access to a list of objects via another resource. It's pretty simple, but it depends on me being able to control access, which as of right now I'm unable to do as I don't have any sense of sessions activated.
Is there an easy way to allow for me to enable sessions and keep users logged in for a time? If this were PHP, this would be my code:
// login.php: login code
$username = $_POST['username'];
$password = $_POST['password'];
if (validate($username, $password)) {
session_start();
$_SESSION['is_logged_in'] = "yarp";开发者_Go百科
echo get_login_success();
} else {
echo get_login_failure();
}
// list.php: display list of objects
if (isset($_SESSION['is_logged_in']))
echo get_object_list();
else
echo get_security_error();
I hate to bring it all back to PHP, but hey, it makes for quick pseudo-code.
Have a look at HTTP Basic, HTTP Digest and HTTP OAuth authentications (all supported by Restlet).
For some clients such as browsers, cookie based authentication is still used in REST but without a server-side sesssion.
Check this link: http://restlet.tigris.org/issues/show_bug.cgi?id=605
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论