i have a class extending Controller_Rest in which i want to implement a method that will have to validate received data/inputs before i use them to fill a DB table. what is the best practice? shall i just: throw new Exception('some reason'), redirect to 404 or something else? i want client (JAVA application that will call this method) to be notified properly.
You can't redirect in a REST transaction, you need to return a response.
Common practice is to use the HTTP status to signal the result type, such as 200 being a valid response, 204 for no data in result, 405 for invalid function called, 406 for invalid data response, 404 for a not found and 403 for an access denied.
For invalid input (i.e. posted data doesn't validate), both 400 and 409 are used, depending on the situation.
In all cases, the result body can than have a json structure containing additional information, in the case of a failed validation for example the fieldname and the error message.
There are several methods available, so it depends how your application is designed.
By default, a REST controller supports basic auth and digest auth (http authentication) using username and password. If you want something else, you can define a custom 'auth' method, and in there you can do what you want.
Some work stateless (and authenticate at every request), some use the Auth package, and deal with REST the same as with authenticated online users, some have separate authentication, but do use the session to maintain state, and some use external authentication (like OAuth2), and only pass tokens.
And some don't think that is secure enough, and don't use REST at all, but go for SOAP and WSSE.
Donate
