Does an authenticated REST request ALWAYS implies a database request?
https://stackoverflow.com/questions/8917182
-
30-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
I'm using RESTeasy framework to develop my web service. I've managed to set up BASIC authentication, and it is working properly now. Of course, I do plan to use SSL on top of this.
The process is simple (and please read something about HTTP basic Auth if you don't know what this is about):
- Every request is intercepted by a method which analyzes the request header.
- This header is decoded and the username and password are extracted.
- The method then queries the database to check if the username and password match.
- If they match the request proceeds, if they don't, a 401 code is returned.
With this approach, every request implies a request to the database, due to the stateless nature of REST (and HTTP itself).
My question is: Is it possible to don't query the database on every authenticated request?
Possible hints: Some mechanism using cookies?
This question is technologically agnostic.
Just as a side note:
I really feel that there is very little information on this REST authentication matter. It's just OAuth, OAuth, OAuth... If we don't want to authenticate 3rd party applications, information is scattered everywhere and there aren't any concrete examples, like there are using OAuth. If you have any good advises regarding Authentication in REST WebServices, I would love to hear them.
Thank you.
لا يوجد حل صحيح
