Ah, I found what I was doing wrong here. I hadn't set a value for the loginFormPath. This caused the CookieAuthenticator to call the ChallengeAuthenticator's challenge method:
public void challenge(Response response, boolean stale) {
if (getLoginFormPath() == null) {
super.challenge(response, stale);
} else {
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3059709
