[SoC] Update on REST API project

Vikas Banjara vikashbanjara at gmail.com
Mon Jun 28 10:08:12 EDT 2010


Hi all,

I have implemented the HTTP basic authentication and HTTP digest
authentication. I have used HTTP authentication hooks in PHP for
implementing this. This implementation has a limitation - it runs only when
PHP is running as an Apache module and is not available in the CGI version.

Implementing basic authentication was quite easy. It involves checking of
the inbuilt variable $_SERVER['PHP_AUTH_USER'] and sending HTTP header
WWW-Authenticate:
Basic realm="Mapbender REST".

Implementing digest authentication was a bit tedious. We need to send nonce
using uniqid() function along with realm and WWW-Authenticate in the http
header. And then followed the RFC 2069 scheme to calculate the hash and
verify the client response.

This authentication implementation is modular and can be easily plugged in
with any REST api call which will be implemented.


I also wrote a basic framework of REST API calls. This includes calss which
will handle and process all REST API requests. Another class for sending
REST response back to the clients. I am using standard HTTP response codes
for sending response. I used this list for reference:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
I am saving the response codes in an ini file. This ini file will be parsed
by the php to respond to REST requests.

With 3 basic module - Authentication, Class for handling REST requests and
Class for sending back response to clients - I am all set to implement the
REST API requests. I have started with mb_users.

Please comment on the progress.

Vikas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/soc/attachments/20100628/24abbfa7/attachment.html


More information about the SoC mailing list