You would typically call isInRole() in the ServerResource methods that you override to determine if a particular user can perform some action. You may also want to look at the MethodAuthorizer if you want to allow some users access to all the HTTP methods, but restrict others to GET & POST for example. That way your annotated methods don't have to have authorization code in them, they simply won't be called if the user isn't allowed to call them by the MethodAuthorizer
-Matt On Fri, Apr 15, 2011 at 1:57 AM, Ishaaq Chandy <ish...@gmail.com> wrote: > Hi all, > > Am using Restlet 2.0.6. > > Trying to figure out how to implement fine grained authorization on my > Resources. The authorization checks need to be instance-specific. > > According to > http://wiki.restlet.org/docs_2.0/13-restlet/27-restlet/46-restlet/113-restlet.html, > I should be able to leverage ServerResource.isInRole() for this. However, I > can't see how this works even if I implement that method as I see nothing in > the Restlet source code that actually calls it other that some old > deprecated jaxrs code. > > Suggestions? > > Ishaaq > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2721415
