Hi Romain, I don't if I answered to this question:
> Now it is working but I am wondering about the RoleChecker. My > RoleChecker is like this : > > @SuppressWarnings("deprecation") > private static final class RestletRoleChecker implements RoleChecker { > > public boolean isInRole(Principal principal, String role) { > throw new RuntimeException("[isInRole] was called. We don't know > why this class is needed."); > } > } It was the first design, it isn't needed anymore. I didn't remove it yet. If it does nothing, it should be removed. > and why : > > application.setGuard(guard); //not deprecated > > doesn't work instead. This I can't tell you without have a look in it. Please file a bug. > Because application.setAuthentication is deprecated, how can I use > ClientInfo.getRoles() instead ? You should use the JAX-RS way with interface SecurityContext. best regards Stephan ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2669650