How to pass authentication details in a HTTP DELETE request?

 

I'm trying to create a REST API following the HTTP method semantics but I got stuck with the DELETE method.

In my use case, the service is behind a gateway that authenticates the user. This service uses a SSO token that then is used to authenticate the user and get his details. From this point, I'm trying to make a call to my service where I use the id of the resource I want to delete as a path variable but then I don't know how to pass the id of the user for validation.

I've read many posts about the problems of adding a body to a DELETE method. I also think adding a custom header to identify the user is not the right way. Out of the options I have, I think only 2 are sensible:

  • Issue a POST request with the user id as the body. I don't like this one because I'm basically using POST with an identified resource and because semantically sounds wrong to me.
  • Make the request so the user id is a path variable. It would look like this. path/to/service/resourceId/{resourceId}/userId/{userId}. My problem with this one is that in the POST and PUT requests, the userId is part of the body. The API wouldn't look consistent but I guess I could still change the other 2 so the user id is also part of the url.

    • Any suggestions?

    您应该使用HTTP标头参数来传递用户令牌。 

    @DELETE
@Path("/{id}")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Info deleteInfo(
        @HeaderParam("Authorization") String token,
        @PathParam("id") Long id){
}

    HTTP authentication, maybe? That's what it is for, no? See RFC 7235.

    链接地址: http://www.djcxy.com/p/22238.html

    上一篇: 如何避免“One Big Application User”模式?

    下一篇: 如何在HTTP DELETE请求中传递认证详细信息?