I need to restrict access to only certain parts of a web service I’m
building.
Instead of requiring a client to submit their user/pass with each
interaction I’d like to login them in once (currently using
acts_as_authenticated in the rest of the site) and not have to fuss with
it again during that session. Only problem is I can’t use AAA on an
ActionWebService descendant since it relies on methods only available to
ActionController (such as session).
I could make the API controller itself restricted with AAA but then I
have no control over api_methods restrictions - it’s either all or
nothing, AFAICT.
Anybody have any pointers to best practices for this scenario?
dave myron
principal, technical director
contentfree
â?¡ 206.855.5580 phone | 206.774.2767 fax
â? [email protected]
â?? 337 1st ave ne. suite 100, issaquah, wa 98027