So I'm trying to use the CookieAuthenticator, but there are some things unclear
to me. The documentation focuses on explaining how to do HTTP Basic or HTTP
Digest, I haven't been able to find an example of HTTP Cookie anywhere, which
is a shame :(
I am using Restlet 2.1.2.
Question 1
------------
According to the documentation:
"public void challenge(Response response,
boolean stale)
This method should be overridden to return a login form representation.
By default, it redirects the user's browser to the getLoginFormPath() URI,
adding the URI of the target resource as a query parameter of name
getRedirectQueryName().
In case the getLoginFormPath() is not set, it calls the parent's method."
How do you override the implementation to return a representation? The return
type is already void.
I now have a path in the router to a ServerResource with the uri of the login
form that 'challenge' redirects to, which returns a Representation of a Form.
Is that what is meant? Then do I have to implement GET, POST, PUT and DELETE,
or only POST, or what?
If not, how should I override 'challenge'?
Question 2
------------
And how do you handle this client side? I want to make my login form in the
same style as the rest of the site. What is the flow when I return the form
from the server side? My client is a javascript web application.
Question 3
------------
When a user is logged in, what do I send on subsequent requests? How do I
handle this in the CookieAuthenticator? The authenticate method expects a
cookie with a username and password, should I send that on every request? What
if I want to use some sort of session security token? I know the server has no
state, but I thought this is where the cookies came into play. I just have
trouble understanding how exactly.
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3059804
