restful-authentication

I am very confused about this problem. Restfull service make it up to you to decide which way to implement this functionallity. Ive read multiple articles about this problem, but every article says something different. For example some people propopse sessions, but if you do that Web api is losing its "rest fullness". Other people suggest cockies. I dont know if what i am done is actually done right: On login of user i create a cockie which contains UserID(Guid) and on every request which needs user to be logged in i check if this id exsists in the DB. Is it secure enough? Or how should i make

Hey folks, this seems to have been discussion fairly often but I want to make a simple, watered down question around doing authentication with RESTful services. The scenario is as follows: There is a system that houses registered users for an application. The system exposes a RESTful API for accessing these users. There is a front-end application that has a login form. The application can either be internal, or external. The front-end application needs to use the data in the User system to authenticate a user. The question now is how to authenticate a user whose credentials (username/password)

I realize there are a ton of questions on this subject, and I have been researching this for a couple days now. I want to make sure my question is as specific as possible since I have yet to gain a full understanding of the best approach. Currently I have a developed django site, with the web client communicating probably about 95% via a django-piston json REST api. The other 5% is some remaning login functionality that still goes through POST forms with CSRF protection. Ideally I would like to move the remainder also into the REST api. I am at the point now where I need to figure out the best

I am looking for some pointers on how to secure my rest root resource @Path("/employee") public class EmployeeResource { @GET @Produces("text/html") public String get( @QueryParam("name") String empname, @QueryParam("sn") String sn) { // Return a data back. } } I have read post's regarding basic authetication and OAuth, I know the concept but i am looking for ways on how to implement it in code. Thanks Declare an interceptor: <bean id="securityInterceptor" class="AuthenticatorInterceptor"> <property name="users"> <map> <entry key="someuser" value="somepassword"/> </map> </property> Then use it