Looking at older conversations about this, it might be a failure to override the login form path. Failing that, I can only offer examples of what works for me.
I had to extend CookieAuthenticator to provide standard challenge behavior. I still use this extension (further extended for my purposes), but it might not be necessary any more: https://gist.github.com/Tembrel/8271777 Here's a Restlet application to serve login and logout resources and a login form resource: https://gist.github.com/Tembrel/8271674 LoginFormResource in my case just serves a Freemarker template representation of a login form: https://gist.github.com/Tembrel/8271929 The Freemarker template is something like this: https://gist.github.com/Tembrel/8271952 HTH On Fri, Jan 3, 2014 at 9:31 AM, Fabian Mandelbaum <[email protected]>wrote: > Hello there, > > I've updated to Reslet 2.2-M6, replaced my HTTP Basic Guard with > CookieAuthenticator, and when trying to access a guarded resource, instead > of the login dialog I got HTTP 401 and this on logs: > > 2014-01-03 11:25:24 0:0:0:0:0:0:0:1%0 - 0:0:0:0:0:0:0:1%0 9000 GET > /res/dojo-release/dijit/themes/claro/images/tooltipGradient.png - 200 - 0 > 6 http://localhost:9000 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; > rv:26.0) Gecko/20100101 Firefox/26.0 > http://localhost:9000/res/dojo-release/dijit/themes/claro/claro.css > > 2014-01-03 11:25:25 0:0:0:0:0:0:0:1%0 - 0:0:0:0:0:0:0:1%0 9000 GET > /workspaces/ - 401 424 0 http://localhost:9000 Mozilla/5.0 (Macintosh; > Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0 > http://localhost:9000/ > > Challenge scheme HTTP_Cookie not supported by the Restlet engine. > > 2014-01-03 11:25:25 0:0:0:0:0:0:0:1%0 - 0:0:0:0:0:0:0:1%0 9000 GET > /favicon.ico - 401 424 0 http://localhost:9000 Mozilla/5.0 (Macintosh; > Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0 - > > Challenge scheme HTTP_Cookie not supported by the Restlet engine. > > 2014-01-03 11:25:25 0:0:0:0:0:0:0:1%0 - 0:0:0:0:0:0:0:1%0 9000 GET > /favicon.ico - 401 424 0 http://localhost:9000 Mozilla/5.0 (Macintosh; > Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0 - > > Challenge scheme HTTP_Cookie not supported by the Restlet engine. > > What's going on? What am I doing wrong? > > Thanks in advance for your help. > > > > > On Fri, Jan 3, 2014 at 7:53 AM, Fabián Mandelbaum > <[email protected]>wrote: > >> Hello Tim, >> >> thanks for your answers. >> >> I've tried, using the example in the Restlet IN ACTION book as a guide, >> what you proposed, the two chained authenticators, and it does not work. >> >> I've chained them like this: >> >> cookieauth -> httpauth -> guarded_resources >> >> I'll test with Restlet 2.2 today, though I don't know if we can switch >> our stable project to the still unstable Restlet 2.2... >> >> BTW, Restlet ppl, any idea on when 2.2 will become 'final'? The roadmap >> page on the Restlet website states Q3 2013... and that's about 3 months ago >> now... >> >> Thanks. >> >> >> On Thu, Jan 2, 2014 at 3:32 PM, Tim Peierls <[email protected]> wrote: >> >>> Not sure how much of this works in Restlet 2.1 -- I use >>> CookieAuthenticator successfully with Restlet 2.2. >>> >>> >>> On Thu, Jan 2, 2014 at 1:32 PM, Tim Peierls <[email protected]> wrote: >>> >>>> It should be possible to chain two different Authenticator instances, >>>> with optional = true on the first, and multiAuthenticating = false on the >>>> second. If the first one succeeds, the second should see >>>> ClientInfo.isAuthenticated() == true and bypass its operation. If the first >>>> one fails, the second one sees ClientInfo.isAuthenticated() == false and >>>> does *not* bypass its operation. >>>> >>>> But before you try that, consider using >>>> CookieAuthenticator<http://restlet.org/learn/javadocs/2.2/jee/ext/org/restlet/ext/crypto/CookieAuthenticator.html>-- >>>> much of the implementation is parameterized and/or overridable. >>>> >>>> >>>> On Thu, Jan 2, 2014 at 7:29 AM, Fabian Mandelbaum < >>>> [email protected]> wrote: >>>> >>>>> Hello there, >>>>> >>>>> our Restlet-based application needs to have users authenticated using >>>>> both cookies and http basic (hopefully to be switched to digest soon) >>>>> authentication (Actually it's either cookies or http auth, but see below >>>>> for auth flow). We also use our own verifier storing credentials on JCR >>>>> and >>>>> set it as the defaultVerifier() for the app's context in >>>>> createInboundRoot(). >>>>> >>>>> I've seen that the ChallengeAuthenticator class only accepts one >>>>> authentication method on its constructor so, a priori, one cannot have a >>>>> Guard that uses more than one auth method. >>>>> >>>>> The authentication workflow with the Guard/Authenticator our app needs >>>>> would be something like this: >>>>> >>>>> 1) If cookie is present, verify it >>>>> 2) if cookie verification passes, all OK, continue processing request >>>>> 3) if cookie verification fails, use HTTP authentication >>>>> >>>>> Is this possible with Restlet 2.1? >>>>> >>>>> I'd appreciate any guide/pointer/idea you may have. Thanks in advance. >>>>> >>>>> -- >>>>> Fabián Mandelbaum >>>>> IS Engineer >>>>> >>>> >>>> >>> >> >> >> -- >> Fabián Mandelbaum >> IS Engineer >> > > > > -- > Fabián Mandelbaum > IS Engineer > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3071200
