OFBiz › OFBiz - Notifications

[jira] [Comment Edited] (OFBIZ-4274) Implement a REST Servlet

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

Nicolas Malin (Jira)

[jira] [Comment Edited] (OFBIZ-4274) Implement a REST Servlet

[ https://issues.apache.org/jira/browse/OFBIZ-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16744471#comment-16744471 ]

Mathieu Lirzin edited comment on OFBIZ-4274 at 1/16/19 9:28 PM:
----------------------------------------------------------------

Hello [~mbrohl],

I didn't deeply thought about authentication and REST in the context of OFBiz. My focus has been more on the routing side.

Stateless communication is a constraint of the REST architectural style which allows an architecture to achieve both simplicity, robustness, and performance (via cacheability). Token based authentication is nice in that regards since it satisfies the statelessness constraint of REST, however from what I have heard and read the major drawback of token based authentication is that it makes revocation harder than with traditional stateful session based authentication.

As a consequence I tend to think that OFBiz should be agnostic and let administrators/integrators plug the authentication mechanism that satisfies the requirements of their customers. However I don't have a strong opinion on that subject.

was (Author: mthl):
Hello [~mbrohl],
I didn't deeply thought about authentication and REST in the context of OFBiz. My focus has been more on the routing side.

Stateless communication is a constraint of the REST architectural style which allows an architecture to achieve both simplicity, robustness, and performance (via cacheability). Token based authentication is nice in that regards since it satisfies the statelessness constraint of REST, however from what I have heard and read the major drawback of token based authentication is that it makes revocation harder than with traditional stateful session based authentication.

As a consequence I tend to think that OFBiz should be agnostic and let administrators/integrators plug the authentication mechanism that satisfies the requirements of their customers. However I don't have a strong opinion on that subject.

> Implement a REST Servlet
> ------------------------
>
> Key: OFBIZ-4274
> URL: https://issues.apache.org/jira/browse/OFBIZ-4274
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
> Affects Versions: Trunk
> Reporter: Adrian Crum
> Priority: Major
> Labels: REST
> Attachments: RestExampleSchema.xsd, RestXmlRepresentation.xml, rest-conf.xml, swagger-pos-openapi.png
>
>
> Implement a REST servlet that will map REST requests to OFBiz services. Details are in the comments.
> [here is the discussion which took place on the dev ML|http://markmail.org/message/ai6q2fbksowaayn4]

--
This message was sent by Atlassian JIRA
(v7.6.3#76005)