Re: Guard, authenticate failure, HTTP 401

[Thierry Boileau]

Hi Diego, if you set this boolean to false, then the behaviour is changed. You obtain a 403 status code when requesting with wrong credentials. You can have a look in the javadocs: http://www.restlet.org/documentation/1.1/api/org/restlet/Guard.html#isRechallengeEnabled() best regards, Thierry Boileau Hi Thierry, Thanks for the test code. Try setting: guard.setRechallengeEnabled(false); br, Diego Thierry Boileau wrote: Hello Diego, I send you my sample code. I receive 401 status code when the authentication fails. Best regards, Thierry Boileau -- Restlet ~ Core developer ~ http://www.restlet.org <http://www.restlet.org/> Noelios Technologies ~ Co-founder ~ http://www.noelios.com <http://www.noelios.com/> Hi Stephan, Thierry, Thanks for the answers, but.. er.. I'm using 1.1.1 fresh from maven repo. Sources pulled from there too. And I am overriding the forbid method, which in 1.1.1 returns CLIENT_ERROR_FORBIDDEN. Check here: http://restlet.tigris.org/source/browse/restlet/tags/1.1/1.1.1/modules/org.restlet/src/org/restlet/Guard.java?rev=3933&view=markup br, Diego Thierry Boileau wrote: Hello Diego, I suppose you are running with Restlet 1.0, since Restlet 1.1 behaves differently (returns 401 status). We think that this behaviour won't be changed in the future. Thus, we kindly encourage you to use Restlet 1.1 or create a subclass and override the "forbid" method (which sets the 403 status). Best regards, Thierry Boileau -- Restlet ~ Core developer ~ http://www.restlet.org <http://www.restlet.org/> Noelios Technologies ~ Co-founder ~ http://www.noelios.com <http://www.noelios.com/> Hello, By default Guard returns 403 (forbidden) if authentication fails? Shouldn't it be 401? 401: The request requires user authentication 403: request, but is refusing to fulfill it as it could be explained in the entity. br, DIego