Hi mstricker, the Guards could do the authentication for you, including decryption and so on, but only for the full resource or not.
I propose to think about to use two different resources - one secured and the other not. But if this is not useful for your application, than you have to implement the authentication in your resource class. Take a look at the Guard class, and how it works. Use the ChallengeResponse is right. best regards Stephan > Hi, > > I am relatively new to Restlet and am facing a problem regarding HTTP > Authentication. > I have a Resource that when handling a POST Request has to decide > dynamically wheter it requires > authentication or not (basically based on the XML the client sends). I want > that the clients can use the HTTP Auth when making the request and do not > have to send username/password in the posted XML, because when posting to > the resource they do not know in advance if they should authenticate in > advance. > I have tried to use the ChallengeResponse object in the constructor of my > Resource, and am able to get the username, but the password I get does not > correspond with the one the client sended, it is somehow encrypted. How can > I get the plaintext password the client sends (its a MD5 hash)? Or can I > somehow convert the password in my database to the same format as the > ChallengeResponse object holds to compare it? > I have seen the Guard object described in the tutorial, but can't figure out > how I can use it to secure my Resource dynamically. > Also your suggested book RESTFful Web Services does not provide an answer to > my question (but to others I had, its a great book btw.). > > any ideas on how to solve this? > > have a nice day > mstricker > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1846075