Re: Guard, authenticate failure, HTTP 401

Tue, 04 Nov 2008 06:25:59 -0800 

Hi Thierry,

Aha, I missed that detail of the design. Case closed.

Thanks,
Diego

Thierry Boileau wrote:
> Hi Diego,
> 
> if you set this boolean to false, then the behaviour is changed. You
> obtain a 403 status code when requesting with wrong credentials.
> You can have a look in the javadocs:
> http://www.restlet.org/documentation/1.1/api/org/restlet/Guard.html#isRechallengeEnabled()
> 
> best regards,
> Thierry Boileau
> 
>> Hi Thierry,
>>
>> Thanks for the test code. Try setting:
>> guard.setRechallengeEnabled(false);
>>
>> br,
>> Diego
>>
>> Thierry Boileau wrote:
>>   
>>> Hello Diego,
>>>
>>> I send you my sample code. I receive 401 status code when the
>>> authentication fails.
>>>  
>>> Best regards,
>>> Thierry Boileau
>>> --
>>> Restlet ~ Core developer ~ http://www.restlet.org <http://www.restlet.org/>
>>> Noelios Technologies ~ Co-founder ~ http://www.noelios.com
>>> <http://www.noelios.com/>
>>>     
>>>> Hi Stephan, Thierry,
>>>>
>>>> Thanks for the answers, but.. er.. I'm using 1.1.1 fresh from maven
>>>> repo. Sources pulled from there too. And I am overriding the forbid
>>>> method, which in 1.1.1 returns CLIENT_ERROR_FORBIDDEN. Check here:
>>>>
>>>> http://restlet.tigris.org/source/browse/restlet/tags/1.1/1.1.1/modules/org.restlet/src/org/restlet/Guard.java?rev=3933&view=markup
>>>>
>>>> br,
>>>> Diego
>>>>
>>>> Thierry Boileau wrote:
>>>>   
>>>>       
>>>>> Hello Diego,
>>>>>
>>>>> I suppose you are running with Restlet 1.0, since Restlet 1.1 behaves
>>>>> differently (returns 401 status).
>>>>> We think that this behaviour won't be changed in the future.
>>>>> Thus, we kindly encourage you to use Restlet 1.1 or create a subclass
>>>>> and override the "forbid" method (which sets the 403 status).
>>>>>
>>>>> Best regards,
>>>>> Thierry Boileau
>>>>> --
>>>>> Restlet ~ Core developer ~ http://www.restlet.org 
>>>>> <http://www.restlet.org/>
>>>>> Noelios Technologies ~ Co-founder ~ http://www.noelios.com
>>>>> <http://www.noelios.com/>
>>>>>
>>>>>  
>>>>>
>>>>>     
>>>>>         
>>>>>> Hello,
>>>>>>
>>>>>> By default Guard returns 403 (forbidden) if authentication fails?
>>>>>> Shouldn't it be 401?
>>>>>>
>>>>>> 401: The request requires user authentication
>>>>>> 403: request, but is refusing to fulfill it as it could be explained in
>>>>>> the entity.
>>>>>>
>>>>>> br,
>>>>>> DIego
>>>>>>   
>>>>>>       
>>>>>>           
>>
>>

Reply via email to