1

I am trying to build a basic Web Service on Google's App Engine using the Restlet framework.

I've setup a basic setup and followed Fine-grained Authentication with RESTlet to create a very simple authenticated set of resources. I've tested this in Chrome and it prompts me to login which I do and then that lets me access the resource.

Now, my issue is how do I set this up coming from an Android application? Do I have to pass the credentials to be checked in headers? If so how is this achieved or are there other ways of doing this using Restlet? I've not implemented SSL, but I'm not that bothered about security for this project.

I can't seem to find much information on this area.

Many thanks in advanced.

Community
  • 1
  • 1
James Britton
  • 412
  • 4
  • 13
  • Have you looked at the OAuth authentication? Android is increasing its support for this, but this might require using Google accounts linked to the device. – Jerome Louvel Jan 04 '13 at 12:33
  • As Jerome mentioned, using OAuth2 and Google Account Manager (along with Restlet Android edition) is a way to solve the problem. Have you checked out: http://stackoverflow.com/questions/7107216/android-authentication-to-google-accounts-passed-on-to-google-app-engine - this may have more info for you. I have done this without having to use SSL and would be happy to answer questions. – Richard Berger Jan 04 '13 at 19:20
  • I had thought about using OAuth, but decided against it as I thought it would be inappropriate for this project and more complex. Would it be easier to go with OAuth authentication rather than my current approach? Richard do you know of any good tutorials or examples to get me going that are specific to implementations with using Restlet? Sorry, if these questions seem silly. I'm rather new to using these techniques/technologies. – James Britton Jan 05 '13 at 00:32
  • If I went with OAuth would I be able to give different users access to different resources? As I don't just want all users to have the same access level. Which is another reason I originally avoided OAuth. Mainly because I just didn't know if it would be possible or not. – James Britton Jan 05 '13 at 01:05
  • Hi, I've now looked into using OAuth, but I can't find much documentation/examples can you point me towards anything apart from the main Restlet documentation? Also would using OpenID be beneficial against OAuth? – James Britton Jan 10 '13 at 23:38

0 Answers0