On Thu, 07 Sep 2006 10:07:12 -0400, Evan DiBiase wrote: > I was able to successfully add authentication support when I was using a > previous Restlet release (unfortunately, I forget which one), but, now, my > clients don't seem to be getting a WWW-Authenticate header, even though > I've walked through the appropriate Restlet code in the debugger and it > *appears* to be setting said header. (I've tried using both my custom > GuardFilter subclass and GuardFilter directly, with identical results.)
I'm glad to report that I believe I've solved this problem. I've created a patch against 1.0b18, and I've submitted it as well as a description of the solution as issue #161. The very short version is that Tomcat 5.5.17 appears to commit its response once its status code is set, and will refuse to add headers once it has been committed. Since Restlet was sending status codes before it sent headers, the response was getting the appropriate 401 status code, but refused to add the "WWW-Authenticate" header. Evan
