Till I figure out role stuff, I'm doing it myself, without relying on Restlet APIs.
I have a base ServerResource class performing the security checks against storage (JCR in my case, but the concept is the same, applicable to any storage backend: DB, files, whatever), and all guarded resources extend that base resource. If "instance-specific" means per-request, that is automatically handled by Restlet's ServerResource classes: one instance is created to serve each request. Hope this helps. On Fri, Apr 15, 2011 at 3:03 AM, Ishaaq Chandy <ish...@gmail.com> wrote: > Hi all, > > Am using Restlet 2.0.6. > > Trying to figure out how to implement fine grained authorization on my > Resources. The authorization checks need to be instance-specific. > > According to > http://wiki.restlet.org/docs_2.0/13-restlet/27-restlet/46-restlet/113-restlet.html, > I should be able to leverage ServerResource.isInRole() for this. However, I > can't see how this works even if I implement that method as I see nothing in > the Restlet source code that actually calls it other that some old > deprecated jaxrs code. > > Suggestions? > > Ishaaq -- Fabián Mandelbaum IS Engineer ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2720533
