问题
I have a small application written in Play! which allows user registration and adding some content for registered users which other registered users can view. I'd like to add some REST API to my application with [resteasy] module, and my question is: are there any best practices or known solutions for performing authentication with rest to allow users managing their own content using resteasy in Play! ?
What I'm thinking about now, are two solutions:
- Client sends data and also sends his password and user name in some hashed or encoded form and this data is checked with credentials in database. If there is a match, request action occurs.
- Client authenticates in the first place and is returned sessionId or something which he has to add to all requests (cookie?).
Any help is appreciated.
回答1:
You have some related answers on how to approach security here and here.
Personally I would try to create some OAuth 2 authentication if the API is to be used by 3rd parties. If it is private usage (only your apps will call it) other methods plus SSL should suffice.
来源:https://stackoverflow.com/questions/6296740/authentication-in-play-and-resteasy