Hi everyone,
It's been 2 days now I have started to work with Restlet 2.2-M3.
I've got a main issue and few questions about best practices for you guys.
I want to implement 3 ways to authenticate clients ( via token, basic-auth and
cookie). I have got something like that :
MyTokenAuthenticator tokenAuth = new MyTokenAuthenticator(getContext(),
true);
MyBasicAuthenticator basicAuth = new MyBasicAuthenticator(getContext(),
true);
MyCookieAuthenticator cookieAuth = new MyCookieAuthenticator(getContext(),
false);
Filter accessControlAllowOrigin = new AccessControlAllowOriginFilter();
TokenAuthorizer tokenAuthorizer = new TokenAuthorizer();
Router router = new Router(getContext());
router.attach("/accounts/{account}/customers", CustomersResource.class);
router.attach("/accounts/{account}/customer/{id}", CustomerResource.class);
router.attach("/accounts/{account}/...", ..);
// -- Authenticators
tokenAuth.setNext(basicAuth);
basicAuth.setNext(cookieAuth);
cookieAuth.setNext(accessControlAllowOrigin);
// -- Filters
accessControlAllowOrigin.setNext(tokenAuthorizer);
// -- Authorizers
tokenAuthorizer.setNext(router);
My main issue : I have implemented tokenAuthorizer which checks (only if there
is a token) if the user authenticated can access to the resource linked to that
token. In my authorizer I want to be able to retrieve the {{account}} attribute
in the URI by doing something like that :
request.getAttributes().get(account);
but it doesn't work because we are before the router. I read a couple of posts
about that but it is just a workaround.
first question:
If MyTokenAuthenticator authenticates an user, I don't want to execute the 2
others authenticators, but if it fails, I want to try the next authenticator.
To do so, I have set the multiAuthenticating boolean to false. Is it the good
way to manage that?
second question:
is there a way to execute an authorizer according to the type of
authentication? or do I need to chain authorizers too?
Thank you very much for your help.
ps: do you know that there are a lot of broken links on the online
documentation?
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3060872
