In the end it should be simpler than that. All I need to do is be able to
decode the URL (same as I used as the route to the resource), match it to
the current request (same as the router does) and check the parameters.
Since I did not want to add authorization checks in all my resources
(although it could be done rather cleanly with aspects and annotations), for
the time being I solved it by using an authenticator that extends
ChallengeAuthenticator and overrides authenticate.
I added a method setRoutes to my authenticator to initialise it with the
list of routes:
RouteList routes = router.getRoutes();
authenticator.setRoutes(routes);
Then within the authenticator I can access the matching capabilities of the
routes:
// get the matching route
Route best = this.routes.getBest(request, response, 0);
final String remainingPart =
request.getResourceRef().getRemainingPart(false, true);
// match and add parameters to the request map (or I could use a
fresh map)
best.getTemplate().parse(remainingPart, request.getAttributes());
String username = (String)request.getAttributes().get("username");
String userAuthenticated =
request.getClientInfo().getUser().getIdentifier();
return username.equals(userAuthenticated);
This way everything is centralised within the authenticator.
--
Carles
--
View this message in context:
http://restlet-discuss.1400322.n2.nabble.com/Chaining-an-authorization-filter-after-a-router-tp5231286p5234239.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2627261
