Hi, I've got an app that gets a custom value in the HTTP Authorization request header. So far I've wrote an Authenticator that checks the validity of the provided values by parsing the Authorization header contents.
There are then 3 different types of authorization rules depending on the URI pattern so I've 3 Authorizer subclasses set as routes from the authenticator which themselves link back to the actual resource subclasses. Logic in these authorizers again uses the contents of the Authorization header to look up the user in ACLs on the resources. Which is all well and good and pretty much works. But I'm getting warnings logged as the Authorization header value is non-standard and no built-in mechanism knows how to parse the value. I'm not using any of the ChallengeResponse or related classes currently but poking around in the code I see that the base Authenticator class tries to parse the Authorization header and in my case it fails. The values in my Authorization header don't really map into the standard attributes on the ChallengeResponse object, it's basically a user id and a hash. But on a quick look it appears to be non-trivial to add the custom code to do the parsing to provide these as say ChallengeResponse#user and ChallengeResponse#secret. Being quite new to Restlet I'm perhaps getting confused between some 1.0 and 2.0 classes as it appeared to me that I need subclass org.restlet.engine.security.AuthenticationHelper but that seemed contrary to the newer org.restlet.security classes. Can anyone elaborate? Thanks, Garry ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2436427
