Hi Stephan, Thierry, Thanks for the answers, but.. er.. I'm using 1.1.1 fresh from maven repo. Sources pulled from there too. And I am overriding the forbid method, which in 1.1.1 returns CLIENT_ERROR_FORBIDDEN. Check here:
http://restlet.tigris.org/source/browse/restlet/tags/1.1/1.1.1/modules/org.restlet/src/org/restlet/Guard.java?rev=3933&view=markup br, Diego Thierry Boileau wrote: > Hello Diego, > > I suppose you are running with Restlet 1.0, since Restlet 1.1 behaves > differently (returns 401 status). > We think that this behaviour won't be changed in the future. > Thus, we kindly encourage you to use Restlet 1.1 or create a subclass > and override the "forbid" method (which sets the 403 status). > > Best regards, > Thierry Boileau > -- > Restlet ~ Core developer ~ http://www.restlet.org <http://www.restlet.org/> > Noelios Technologies ~ Co-founder ~ http://www.noelios.com > <http://www.noelios.com/> > > > >> Hello, >> >> By default Guard returns 403 (forbidden) if authentication fails? >> Shouldn't it be 401? >> >> 401: The request requires user authentication >> 403: request, but is refusing to fulfill it as it could be explained in >> the entity. >> >> br, >> DIego >>
