Hi Bruno, I'm not sure we want to add such a feature in an official build. What don't you apply this change locally on the Restlet source code instead?
Also, if you can come up with a patch that would add a "getChallengeRequests():List<ChallengeRequest>" method on Response and deprecate the current "challengeRequest" property, that could go in 1.1 RC. Of course, that would require doing the proper formatting and parsing to/from the "WWW-Authenticate" header. Best regards, Jerome -----Message d'origine----- De : news [mailto:[EMAIL PROTECTED] De la part de Bruno Harbulot Envoyé : lundi 2 juin 2008 19:31 À : discuss@restlet.tigris.org Objet : Re: Guards and authentication mechanisms Hi Jerome, One think that could help in the short term for experimenting would be to be able to override the standard HTTP headers. I'm thinking of HttpConstants.HEADER_WWW_AUTHENTICATE to be specific, which HttpConverter.addAdditionalHeaders(...) makes impossible to override. It's therefore a bit more tricky to try out responding with multiple WWW-Authenticate headers (Rhett was mentioning this issue in this thread and in <http://restlet.tigris.org/issues/show_bug.cgi?id=457>). Could there be some sort of flag to allow headers to be overridden? Perhaps removing "param.getName().equalsIgnoreCase(HttpConstants.HEADER_WWW_AUTHENTICATE)" in the list of tests might be the easiest. I suppose the only danger would be a maliciously crafted Application served within a container than doesn't require authentication to get the a password via HTTP basic for example. (I'm not sure how many people would run applications they don't trust within a Restlet container at the moment; this is probably unlikely.) If this was a problem, perhaps some sort of connector property along the lines of ALLOW_OVERRIDE_HTTP_HEADERS, defaulting to false, would work I guess. Best wishes, Bruno. Jerome Louvel wrote: > Hi Bruno, > > That sounds good, that for continuing the thinking. For SPNEGO, feel free to > post comments on the RFE: > > "Support SPNEGO authentication" > http://restlet.tigris.org/issues/show_bug.cgi?id=444 > > Best regards, > Jerome >
