RE: Authentication Header

Wed, 05 Mar 2008 00:15:57 -0800 

Hi Jahid,

If you want to work with a custom challenge scheme, you have two sides to
cover. 

The first one defines how to actually use the scheme. It essentially means
setting up a Guard like this:

   myGuard = new Guard(context, new ChallengeScheme("ABC", "myRealm");

If your scheme has non common parameters, beside "identifier/secret" for
example, you might need a Guard subclass.

Now you need the engine to support your scheme, by formatting and parsing
the HTTP headers ("WWW-Authenticate" and "Authorization"). For this you need
to provide an AuthenticationHelper subclass as indicated by Rhett. 

You can either make the engine auto-register it by adding a file
"META-INF/services/com.noelios.restlet.AuthenticationHelper" with the
qualified class name in it, either manually register it as Rhett pointed to.

If you are up to this task, I recommend that you have a look at existing
schemes to see how it is actually used: see the
"com.noelios.restlet.authentication" package.

Best regards,
Jerome  

> -----Message d'origine-----
> De : Rhett Sutphin [mailto:[EMAIL PROTECTED] 
> Envoyé : mardi 4 mars 2008 17:55
> À : discuss@restlet.tigris.org
> Objet : Re: Authentication Header
> 
> Hi,
> 
> On Mar 4, 2008, at 9:59 AM, Jahid wrote:
> 
> > On server side, I am trying to set a header which will look like  
> > this ----
> >
> > "ABC realm="", challenge- 
> > container="salkfadfo823w9283oinfskefn2398wenfdsk";
> >
> > Can anyone tell me how can I achieve that? Here I want to mention  
> > that, I
> > dont/can't change the challenge format. So, don't ask me to do  
> > that :), also i
> > want the challenge to go on server side as 
> "WWW-Authenticate" header  
> > with a
> > status code 201.
> 
> 
> I'm not sure (I haven't tried it yet myself), but I think that you  
> create a ChallengeRequest object and set it in the Response.  In 1.1- 
> M2, it seems like one way to do this would be by extending Guard and  
> overriding the challenge method.  If you are using the reference  
> engine implementation (NRE), you could also implement  
> com.noelios.restlet.authentication.AuthenticationHelper and register  
> your implementation using Engine#registerAuthentication.
> 
> N.b.: like I said before, I haven't tried any of this myself yet.  I  
> just happen to be looking into implementing a custom authentication  
> scheme today.
> 
> Rhett
> 
>

Reply via email to