You should be returning securityFilter not the router. Then the securityFilter does it's thing and moves onto the next restlet chain (router)
jon Marc Lerma wrote: > I'm also confused about the use of filters. I'm trying to apply a security > filter in order to check whether the user is authenticated before accessing > the resources, but it seems to me that it's never being applied. I've tried > to debug the code and the filter is never called before handling a resource. > > Here is the code: > > > @Override > public synchronized Restlet createRoot() { > > > > //Crea un router en el cual se registran las URIs y los recursos > asociados a cada una > > Router router = new Router(getContext()); > > router.attachDefault(RESTLoginResource.class); > router.attach("/login", RESTLoginResource.class); > router.attach("/{userName}", UserResource.class); > > > Filter securityFilter = new Filter(getContext()){ > public int beforeHandle(Request request, Response response){ > > SessionManager sm = > > com.isoco.iwf.webapp.common.Application.getSingleInstance().getSessionManager(); > > > if(sm.getLogged(BaseResource.getHttpServletRequest(request))!=null){ > log.info("User is authenticated"); > return Filter.CONTINUE; > } > else > { > log.info("user must be authenticated "); > return Filter.STOP; > } > > > > } > }; > > securityFilter.setNext(router); > > return router; > } > > > shouldn't the filter be executed before getting to each registered resource ? > > > thanks for your help! > > ------------------------------------------------------ > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2361339 > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2361658