Suppose, I have a portfolio database and have written a RESTFul wrapper Web Service to expose the data using the GET web method URL. Now I want to make sure that the client is authenticated and authorized as per the security relams and organizations' security business rules to view the data (data being precious and being the intellectual property of an organization). Is there a way where we could sniff in few message handlers before the GET call to the actual respouce, that does the authentication (handler1) followed sequentially by authorization (handler2) and diligently forwarding the request to the resource or to the error.jsp page.
I know SOAP Based service does that pretty well? what's the say on the RESTFul Services?