Hey folks, I am trying to secure some parts of a Restlet 2.0 API using HTTP Digest through the DigestAuthenticator class.
In all of the examples I have seen, the DigestAuthenticator expects to receive a wrapped LocalVerifier through setWrappedVerifier(LocalVerifier localVerifier). Also in all of the examples I have seen, the LocalVerifier will return the local secret for an identifier in plain text. I have written a LocalVerifier class that queries a database using the identifier String and I have set up a DigestAuthenticator object that wraps this and secures some Restlets in my API. The problem is that my LocalVerifier class will return passwords from the database that have been hashed as I do not want my users' passwords to exist in the db in plain text. How can I set up the DigestAuthenticator to hash the secret provided by the client request before it digests and compares? (Or am I going about all of this in the wrong way?) Thanks, Finbarr ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2688265
