Hello Gabi, from what I understand (from [1] in the user guide, or the code), roles are verified, not users. You can precise the link between a User and a Role (or a Group and a Role, or an Organization and a Role) at the lvel of the MemoryRealm instance, by using the map(*, Role) methods, or by overriding the findRoles(Organization, Set<Group>, User) methods.
best regards, Thierry Boileau [1] http://wiki.restlet.org/developers/212-restlet.html > Hi, > > I'm a newbie trying to use Restlet in my project. > I'm trying to protect a resource setting a guard. I'm using the MemoryRealm > model to secure the resource. I'm adding a new Organization, Group, User and > also map the user defined in the component to an application role. I'm also > using a class derived from SecretVerifier to validate username/password, > where I'm overridden the verify() method. > Using this setup, client can authenticate successfully but authorization > always fail. Doing some debuging in the code I have found that authorize() > method from RoleAuthorizer is failling because the isInRole() method from > ClientInfo is returning false. > Looking to the implementation of isInRole() implementation, there is a check > to see if the Principal instance is an instance of RolePrincipal but in my > case Principal is an instance of UserPrincipal and this is the reason for > failing. > What is the way that this situation could be solved? > I've got to the conclusion that if I will extend SecretVerifier and create a > RolePrincipal instead of a UserPrincipal will solve the issue, but I'm not > sure this is the right way to do it. > > Thanks, > Gabi > > ------------------------------------------------------ > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2055207 > > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2056439
