web services - Should I include authenticated user within URL scheme? -


given web-service logged-in users, , resources each user. should url scheme include user-id or should association of http request user done via cookie or other means. e.g.

  1. get acme.com/{user-id}/books/{book-id} information included within url
  2. get acme.com/books/{book-id} user-id must obtained session/cookie/header

i 1. (fully specified url), as

  1. there's single url every single resource
  2. it allows authorized impersonation, e.g. authorized support user access users records when necessary.
  3. being self-describing, url can emailed, bookmarked, etc

i can see has problems regarding security - user-id's guessable. therefore proper, tested authorization scheme required.

what considered best-practice? missing anything?

it's use cases. 1 nice side affect of having user id there makes http caching easier on shared client shared cache. there's http varys header, doesn't work when pass authentication cookie. can make sharing of url tougher because url user has them point. can supplement redirect concept such if user gets url someone's else's user id, server can redirect/provide requesting users version of resource (possibly).

if allow anonymous access user id in path can become bit cumbersome/clunky.

most important thing keep in mind (since tagged rest) client should never have have handle user id outside of being part of obtuse url. service should providing url userid filled in user, way clients don't need concern having fill in userid or not , app matures , decide having user id or not having mistake clients still function.


Comments

Post a Comment

Popular posts from this blog

php - failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request -

this code i'm using find latitude , longitude of place: function coords($address){ echo $url="http://maps.googleapis.com/maps/api/geocode/json?address=".$address; $json = file_get_contents(urlencode($url)); $data = json_decode($json, true); print_r($data['results'][0]['geometry']['location']['lat']); print_r($data['results'][0]['geometry']['location']['lng']); } however returns warning: failed open stream: http request failed! http/1.0 400 bad request if use above code in simple procedure works fine not in function. note: have tried curl_init()... method produced same result? instead of encoding whole url encode address part. following code work fine $add='jamshoro phase 2'; $url="http://maps.googleapis.com/maps/api/geocode/json?address=".urlencode($add); $json = file_get_contents($url); $data = json_decode($json, true); print_r($data['r
Read more

java - How to filter a backspace keyboard input -

i have code gives message when key number pressed: txtvalueofclause.addeventfilter(keyevent.key_typed, new eventhandler<keyevent>() { @override public void handle(keyevent t) { char ar[] = t.getcharacter().tochararray(); char ch = ar[t.getcharacter().tochararray().length - 1]; if (!(ch >= '0' && ch <= '9')) { system.out.println("the char entered not number"); t.consume(); } } }); now if press on wrong button , press backspace remove it, error message. how can add backspace input if statement? i have found answer: txtvalueofclause.addeventfilter(keyevent.key_typed, new eventhandler<keyevent>() { @override public void handle(keyevent t) { char ar[] = t.getcharacter().tochararray(); char ch = ar[t.getcharacter().tochar
Read more

java - Show Soft Keyboard when EditText Appears -

i have code in android app, alert dialog , keyboard, , when dialog shown want keyboard appear. not , not sure why? here code: final alertdialog.builder alert = new alertdialog.builder(this); alert.settitle("title"); alert.setmessage("message"); final edittext input = new edittext(this); input.setinputtype(inputtype.type_class_number); alert.setview(input); input.setonfocuschangelistener(new view.onfocuschangelistener() { @override public void onfocuschange(view v, boolean hasfocus) { if (hasfocus) { log.i(tag, "in focus"); inputmethodmanager inputmethodmanager = (inputmethodmanager) getsystemservice(context.input_method_service); inputmethodmanager.showsoftinput(input, inputmethodmanager.show_implicit); } } }); but keyboard not appear though edit text in focus, , tell appear why, doesn't come up? thanks in advance.
Read more