Hi all, FYI, to keep track on this interesting thread, I've updated the existing RFE:
"Support SPNEGO authentication" http://restlet.tigris.org/issues/show_bug.cgi?id=444 Best regards, Jerome -----Message d'origine----- De : news [mailto:[EMAIL PROTECTED] De la part de Bruno Harbulot Envoyé : samedi 9 août 2008 21:16 À : [email protected] Objet : Re: HTTP Negotiate and Basic authentication Hi Roman, Here is my experimental SPNEGO Filter: http://git.kato.mvc.mcc.ac.uk/bruno/spnegofilter.git/ It provides a Negotiate and a Basic challenge at the same time. It works at least for small tests, but it's definitely not ready for production usage. I haven't used much of the existing Guards and related classes; I haven't looked deeply into what would need to be changed for this particular filter yet. You'll need Restlet 1.1-M5 or something close enough if you want to try it out, because it uses multiple challenges (1) and the new context system. It also requires Java 6. Best wishes, Bruno. (1) http://restlet.tigris.org/issues/show_bug.cgi?id=457 Roman Geus wrote: > Hello all > > I'm new to Restlet and would like to implement a REST interface for an > existing application using Restlet and JAX-RS. > > I need to support both HTTP Negotiate and HTTP Basic authentication vs > an Active Directory server. > > The Restlet server should offer both authentication schemes and the > client may choose one of them and send the appropriate credentials. The > Restlet server will then validate the credentials using a Kerberos > server (Active Directory). > > I don't know how to implement the dual HTTP authentication scheme in > Restlet. From looking at the code, it seems, that a custom Guard can > only implement a single scheme. How can I support a second > authentication scheme? > > Also, Negotiate authentication is not supported out-of-the-box and the > Negotiate ChallengeScheme is not predefined. Is it possible to support > the Negotiate scheme without modifying the Restlet code? > > Any help with this (example code, hints, pointers, ...) would be highly > appreciated. > > Thanks, > Roman > > -- > Roman Geus > Paul Scherrer Institut > AIT > Scientific Computing > 5232 Villigen PSI > Switzerland > > Tel: +41 56 310 54 85 > Fax: +41 56 310 36 49 > > e-Mail: [EMAIL PROTECTED] > >
