The way the restful webservices plugin is implemented, you can't really implement authentication and get back the Servoy user id (at least not reliably). When you make a call to the webservice you can't expect to always be using the same client since the rest_ws plugin uses a pool of clients. The HTTP Auth option on the updated restful webservices plugin should only be used to restrict access to the web service. It should not be used for session info (like to get users id was used on the HTTP Auth) because that goes against the idea of a "Restful" web service. (although I agree it would be nice to be able to get that info)
If you want a statefull web service, where each client gets its own headless client on the server and can save session based info (and add table filters, etc), I can send you a demo of the web services plugin that we use.
The other option would be to request a new feature to support user/tenant filtering in the rest_ws plugin, but in proper restful format. So for example, instead of:
- Code: Select all
http://<serverUrl>/servoy-service/rest_ws/solutionName/formName
You would need an option like:
- Code: Select all
http://<serverUrl>/servoy-service/rest_ws/USERNAME/solutionName/formName
and then combine that with the http auth so that it restricts the authentication to only that USERNAME in the url. That would follow proper restful format, and would work better with the plugin since the USERNAME is being passed in the URL, so you can still do client pooling. The trick is to combine that with the HTTP Auth so that it restricts auth to that URL based on the USERNAME specified.