Hi, I'm a newbie trying to use Restlet in my project. I'm trying to protect a resource setting a guard. I'm using the MemoryRealm model to secure the resource. I'm adding a new Organization, Group, User and also map the user defined in the component to an application role. I'm also using a class derived from SecretVerifier to validate username/password, where I'm overridden the verify() method. Using this setup, client can authenticate successfully but authorization always fail. Doing some debuging in the code I have found that authorize() method from RoleAuthorizer is failling because the isInRole() method from ClientInfo is returning false. Looking to the implementation of isInRole() implementation, there is a check to see if the Principal instance is an instance of RolePrincipal but in my case Principal is an instance of UserPrincipal and this is the reason for failing. What is the way that this situation could be solved? I've got to the conclusion that if I will extend SecretVerifier and create a RolePrincipal instead of a UserPrincipal will solve the issue, but I'm not sure this is the right way to do it.
Thanks, Gabi ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2055207
