Hi all, Restlet edition for GWT has a different behavior for setting the challenge response. It doesn't manually build the Authorization header like for other editions, but instead pass the credentials to the GWT HTTP request builder.
It does so to be able to leverage your browser's security session, which is able to transparent handle the initial challenge request to automatically resubmit a challenge response. Now, we do have the Java code to manually generate the Authorization header, even if the Base64 class is hard to port to GWT, but I'm not sure if it would work fine and not interfere with browser's security handling. What is you actual use case? Do you want to use a custom challenge scheme? Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com -----Message d'origine----- De : Thierry Boileau [mailto:[email protected]] Envoyé : mercredi 25 novembre 2009 08:55 À : [email protected] Objet : Re: Setting Http Authorization header (part 2) hello Alex, using the sample code available here http://wiki.restlet.org/docs_2.0/188-restlet.html, I've found that 2 requests are received by the server (when clicking on the button labelled "Refresh (Basic authentication)". The first one is not authenticated, the other one is and contains the Authorization header... However at the same time, the code that sends the request (from client side: org.restlet.gwt.engine.http.GwtHttpClientCall sendRequest) is only called once... Is this the current behaviour of the GWT client in hosted mode? We need a bit more investigations. best regards, Thierry Boileau > Hello Jerome and all Restlet fans! > > I have spent my last 2 days trying to set the authorization header to a > certain value, using the restlet gwt api. However, I was unsuccessful, so I > started looking at the source code. You specifically said in the previous > message that "an authorization header" is automatically created for you when > you specify a ChallengeResponse object (also mentioned in wiki), but the > only code that actually does something with the ChallengeResponse object is > located in GwtHttpClientHelper lines 86-92: > > if (request.getChallengeResponse() != null) { > result.getRequestBuilder().setUser( > request.getChallengeResponse().getIdentifier()); > result.getRequestBuilder().setPassword( > String.valueOf(request.getChallengeResponse() > .getSecret())); > } > > I have tried all kind of value combinations, but none showed the > "Authorization" header in Firebug. WHAT AM I MISSING here? PS: I don't need > a password set here, just a association between "Authorization" -> "Id" in > headers map > > Thanks, Alex > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=24241 04 ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2424204
