Hi, I am relatively new to Restlet and am facing a problem regarding HTTP Authentication. I have a Resource that when handling a POST Request has to decide dynamically wheter it requires authentication or not (basically based on the XML the client sends). I want that the clients can use the HTTP Auth when making the request and do not have to send username/password in the posted XML, because when posting to the resource they do not know in advance if they should authenticate in advance. I have tried to use the ChallengeResponse object in the constructor of my Resource, and am able to get the username, but the password I get does not correspond with the one the client sended, it is somehow encrypted. How can I get the plaintext password the client sends (its a MD5 hash)? Or can I somehow convert the password in my database to the same format as the ChallengeResponse object holds to compare it? I have seen the Guard object described in the tutorial, but can't figure out how I can use it to secure my Resource dynamically. Also your suggested book RESTFful Web Services does not provide an answer to my question (but to others I had, its a great book btw.).
any ideas on how to solve this? have a nice day mstricker -- View this message in context: http://n2.nabble.com/Questions-about-HTTP-Authentication-tp2655178p2655178.html Sent from the Restlet Discuss mailing list archive at Nabble.com. ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1787812
