Re: REST and SecurityComponent - how to properly secure appilaction?

I've forgot... 2 additional question:

1. If I need index() action for API I define function index() in
Orders Controller. But then it works for normal request from browser /
app/orders/index. Ok, there is no view for this action, but is this
ok?
2. Maybe I should define additional global routing prefix in config
for REST API? It'll be easier to dermine API request.

On 9 Lip, 12:15, red <mbu...@gmail.com> wrote:
> Hi,
> I wan't to secure my REST API with basic access authentication. My app
> also contains normal open-public views and admin panel (also secured
> with SecurityComponent and basic authentication).
>
> I've put this peace of code to the controller:
>
> public function beforeFilter() {
>    parent::beforeFilter();
>
>       if (!isset($this->params['admin']) && $this->RequestHandler->isXml()) {
>
>          $this->Security->loginOptions = array('type' => 'basic');
>          $this->Security->loginUsers = array('foo' => 'bar');
>          $this->Security->requireLogin();
>          $this->Security->validatePost = false;
>          }
>
> }
>
> And that works - it checks if there is no admin and is XML request.
>
> But is this protection good enough? Is there any other way to
> recognize that request is from REST API user?
>
> Regards,
> Marcin

Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.

You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en