We are trying to use RESTful Web serivces with apex 4.2 and listener 2.0.1. The documentation talks about securing the web service with Apex Groups, but in our case we are not using Application Express users and groups for our application, we are using CAS (with HTTP Header authentication) for user authentication to the application. Instead, we want to secure the access by the APPLICATION to the RESTful web service. I see some documentation on Basic Auth but there is no explanation of how to use that with the RESTful web services produced at the Workspace level.
I believe I am correct that Group definitions are only valid if you are using Application Express users and thus Application Express standard authentication. CAS passes the userid to the application as :APP_USER but I don't think there is any way to include those users in an Apex Group.