How do I authenticate user in REST web service?

Question

How do I write the method for user authentication in REST web service? I am beginner with web services.

Answer 1

Authentication itself should be done in a stateless way, so that the REST paradigm is not broken. This means authentication has to occur on every request. this SO question might provide some further details

the esiest method is using HTTP-Basic AUTH (rfc2617) over SSL encrypted connections (https). here are some java examples:

• ericonjava
• my blog entry

another method is using nonces so that you dont have to resend the user/pass combo everytime, but they are a bit more challenging:

• Nonce Usage

there are lots and lots of ways to authenticate users but these 2 are the most often used that dont hold session state on the server side.

hope that helped