TL;DR Some header names such as Authorization have special rules about caching as well as proxy & client handling; your custom header names would not get the special behavior unless you modified every single proxy & client. The point of using the common Authorization: <type> <value> header as defined in RFC7234 is mostly to ensure … Read more
Inject a HttpServletRequest into your Rest Service as such: import javax.servlet.http.HttpServletRequest; @GET @Path(“/yourservice”) @Produces(“text/xml”) public String activate(@Context HttpServletRequest req,@Context SecurityContext context){ String ipAddressRequestCameFrom = requestContext.getRemoteAddr(); // header name is case insensitive String xForwardedForIP = req.getHeader(“X-Forwarded-For”); // if xForwardedForIP is populated use it, else return ipAddressRequestCameFrom String ip = xForwardedForIP != null ? xForwardedForIP : ipAddressRequestCameFrom; … Read more
Jamie Kurtze provides a good explanation of using Basic Authentication here ASP.NET Web API REST Security Basics From my understanding, if you want your requests to be stateless then each request will require the Authentication field to be set Jamie Kurtze wraps the necessary code in a class derived from DelegateHandler, while Rick Strahl checks … Read more
If you want to set the authorization header req.setRequestHeader(‘Authorization’,’Basic ‘ + Base64StringOfUserColonPassword);
Django Rest Framework does not perform authentication in middleware by default for the same reason that Django does not perform authentication in middleware by default: middleware applies to ALL views, and is overkill when you only want to authenticate access to a small portion of your views. Also, having the ability to provide different authentication … Read more
Well, I don’t have any experience with the REST capabilities of WCF, but I did wrestle a lot with understanding the implications of security choices in my WCF security question. As you’ve noticed, there’s a real lack of documentation on WCF out their on the Web, and my REST experience is limited, so take my … Read more
A lot has changed since 2009, so I’m going to throw an answer in here. This answer is drawn from this page on the wiki. CouchDB has a _users database that serves the purpose of defining users. Here’s the gist straight from the wiki: An anonymous user can only create a new document. An authenticated … Read more
As far as web application is concerned web application request should have state, session is the most common way to have state. And when we consider REST API’s requests are preferred to be stateless, but to authenticate and identify user or client there are lot of ways as OP mentioned. Some of the most common … Read more
Rails 3.1 finally comes with API for this: http://api.rubyonrails.org/v3.1.0/classes/ActiveModel/ObserverArray.html#method-i-disable ORM.observers.disable :user_observer # => disables the UserObserver User.observers.disable AuditTrail # => disables the AuditTrail observer for User notifications. # Other models will still notify the AuditTrail observer. ORM.observers.disable :observer_1, :observer_2 # => disables Observer1 and Observer2 for all models. ORM.observers.disable :all # => disables all observers … Read more