I have a project with a CookieAuthenticator and custom Verifier, and I would like to combine this with Spring Security for authorization. Is this possible at all?
My current Restlet configuration sends all requests to the CookieAuthenticator. This part works. The spring configuration is supposed to let all requests to the login and logout page go through, but block every other request for non-admins. My logged in user is no admin. However, when I've successfully logged in, I can then visit all other URL's within my application. Why is the user not blocked by the spring security part? Is there a way to use Spring Security in the enrolement process, or the authorization? I have access to the roles associated with my User, but they are incompatible with org.restlet.security.Role, since the Role class implements org.springframework.security.core.GrantedAuthority. I would really like to use Spring Security since my entire domain model is based on it and I cannot change that (the domain model is also used by other applications that are Spring based). ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3060169
