Announcement Announcement Module
No announcement yet.
General web service architecture question Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • General web service architecture question

    I am in the middle of creating a REST/SOAP webservice for my existing application, and I'm having trouble with the general architecture.

    Currently, my application contains many services that are tied together with a User object. For example, in my web application, a user logs in with some credentials, receives a User object that is lightweight and stored in session, and that object is sent to my services to retrieve data for that user. So it would be common to see services like:

    List<Vote> votes = voteService.findVotesByUser(User user);
    List<Story> stories = storyService.findStoriesByUser(User user);
    etc. All works well in the web application. However, if my goal is to convert these services to RESTful apis, I would envision a url like /rest/stories/{user} that returns XML of stories. But how would I go about enforcing that the service only allows users to retrieve data for themselve and not other users?

    It almost seems like my services should be taking a String username, String password in place of the User object but that doesn't really seem right. Is there some form of security mechanism that can enforce that only users who authenticate themselves can get results for their own User object? Are my service apis flawed with their current approach?

    I'd appreciate any insight - this is not my forte.

  • #2
    You could use xstream to marshal the User object to XML then pass that to your Webservice. The endpoint of your webservice would then unmarshal the XML to a User object and pass that to your service code.


    • #3
      Think what you need is a combination of Spring security interceptor for the rest URL's and within your service, you would need to get back the Logged in user credentials and compare with what the user is requesting.


      • #4
        This sounds like an integration issue. I may advise Spring Integration?