Fabian
thanks alot for all your help
I now have that working.
--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2701983
Good to hear that :-) Good luck with the rest of your project Randy!
On Wed, Feb 2, 2011 at 3:30 PM, Randy Paries rtpar...@gmail.com wrote:
Fabian
thanks alot for all your help
I now have that working.
--
Fabián Mandelbaum
IS Engineer
Hello Randy. Even with HTTP Basic auth the provided credentials
(user+pass) are encoded. They are not transmitted like this on the
wire:
user=the_user
password=the_password
but, rather, like this, in a standard HTTP header:
Authorization Basic YWRtaW5AY2FsZW5jby5jb206MTExMTEx
That YW...MTEx
Fabián,
sorry i will try to provide more details.
the problem i am having is the what is passed in to
verify in my DBverify(see below) the secret is encrypted and i did not encrypt
it and i do not know where in the process i am doing something incorrect that
it is getting encrypted.
In my
Hello Randy,
you usually know the hash function to encrypt the secret to persist in
encrypted in the DB.
So, you just need to get the secret from the request, apply that
hash/encryption function, and compare it with the already encrypted
value you read from the DB, in the Verifier's verify()
Fabian,
i am getting closer, but i am one step away i think.
each time my service is called i pass in an encrypted string
I decrypt it and in my ChallengeAuthenticator i have
request.setChallengeResponse(
new ChallengeResponse( ChallengeScheme.HTTP_COOKIE, keyArray[1],
Hello Randy,
indeed your custom Verifier will have to query the DB on each request
to, well, verify, the provided credentials are valid. You can also
build an in-memory (provided the passwords are stored on the DB
already encrypted, to tighten security a bit) credentials 'cache'
which is
Fabian ,
thanks for the response.
that helped, i am now getting closer.
So there is one last part i am not getting.
from the book there is the example
//snippet
@Override
public Restlet createInboundRoot() {
Router router = new Router(getContext());
MapVerifier verifier = new
Hello Randy,
'login' is always a hot topic on RESTful applications.
The Restlet flow you mention is basically this:
Client --- Request -- Guard -- Protected Server Resource
it's the Guard (usually org.restlet.security.ChallengeAuthenticator)
the one that authenticates the user, making sure the
Hello,
I am trying to create a RESTful application Server.
I am going to use the RestLet framework.
As i am designing the URL's i have some questions.
This app server is going to be the backend for an iPhone app.
The app will require authentication
So here is where i get a little confused with
10 matches
Mail list logo
