问题
How do I write the method for user authentication in REST web service? I am beginner with web services.
回答1:
Authentication itself should be done in a stateless way, so that the REST paradigm is not broken. This means authentication has to occur on every request. this SO question might provide some further details
the esiest method is using HTTP-Basic AUTH (rfc2617) over SSL encrypted connections (https). here are some java examples:
- ericonjava
- my blog entry
another method is using nonces so that you dont have to resend the user/pass combo everytime, but they are a bit more challenging:
- Nonce Usage
there are lots and lots of ways to authenticate users but these 2 are the most often used that dont hold session state on the server side.
hope that helped
来源:https://stackoverflow.com/questions/5528272/how-do-i-authenticate-user-in-rest-web-service