Fabian,
i am getting closer, but i am one step away i think.
each time my service is called i pass in an encrypted string
I decrypt it and in my ChallengeAuthenticator i have
request.setChallengeResponse(
new ChallengeResponse( ChallengeScheme.HTTP_COOKIE, keyArray[1],
keyArray[2].toCharArray() ));
here is my problem
I have created a class DBVerifier extends SecretVerifier
i was assuming in the verify method i would query the DB and authenticate, but
the secret is in a format that i can not get anything useful from.
in the authenticator request.getChallengeResponse().getSecret() gives me what i
need, so i know the correct value is in there.
thanks for your patience and insight
randy
> Hello Randy,
>
> indeed your custom Verifier will have to query the DB on each request
> to, well, verify, the provided credentials are valid. You can also
> build an in-memory (provided the passwords are stored on the DB
> already encrypted, to tighten security a bit) credentials 'cache'
> which is populated (reading from the DB) when the system starts, and
> then your custom Verifier can query that credentials cache instead of
> the DB.
>
> As you can see, Restlet is very flexible and provides you with many
> possibilities to handle authentication. OTOH, that flexibility means a
> little more work on your side to implement the authentication
> 'architecture' the way you want or need it.
>
> On Wed, Jan 26, 2011 at 7:46 PM, Randy Paries <rtparies at gmail dot com>
> wrote:
> > Fabian ,
> > thanks for the response.
> >
> > that helped, i am now getting closer.
> >
> > So there is one last part i am not getting.
> >
> > from the book there is the example "
> > //snippet
> >
> > @Override
> > public Restlet createInboundRoot() {
> >
> > Router router = new Router(getContext());
> > MapVerifier verifier = new MapVerifier();
> > verifier.getLocalSecrets().put("scott",
> > "tiger".toCharArray());
> >
> > CookieAuthenticator authenticator =
> > new CookieAuthenticator(getContext(), "Cookie Test");
> >
> > //end snippet
> >
> > My usernames and passwords are in a DB
> > So is the flow, each time someone makes a request I need to query and get
> > the username/password so i can put it into the verifier? I am thinking that
> > after they login i will generate somekind of key based on their
> > username/password and that is what will be passed back and forth or set as
> > a cookie.
> >
> > thanks for your help
> >
>
>
>
> --
> Fabián Mandelbaum
> IS Engineer
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2701437
