Hi Jao, Personnally, I would handle this inside your target Resource (or ServerResource in Restlet 1.2) subclass. Regarding the representation you could have two or just one defined as a template representation (see FreeMarker and Velocity extensions). Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com
-----Message d'origine----- De : jp [mailto:joaomiguel.pere...@gmail.com] Envoyé : mardi 28 avril 2009 21:42 À : discuss@restlet.tigris.org Objet : RE: Re: securing the whole application Just one more question: Let say that I have the resource User. GET user/{username} -> get the user representation identified by {username} I want to filter the information sent back in the Representation of the user, for example: Let say the user is authenticated in and he requests his profile by using GET user/{username}. He can get all the information of the user profile and even put some modifications back. However if the user is authenticated, he can get only a limited set of that same information and cannot put any kind of change. What is the best approach to deal with this? One alternative may be to have two different representations: One for authenticated users and other for not authenticated users? In this case may we have a Guard, that authenticates the user based on a cookie, for example, and forward the request to the same restlet but to generate different representations based on the outcome of the authentication? May I have your opinions or known best practices around my issue? ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=19676 53 ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1982871