Hello Randy, indeed your custom Verifier will have to query the DB on each request to, well, verify, the provided credentials are valid. You can also build an in-memory (provided the passwords are stored on the DB already encrypted, to tighten security a bit) credentials 'cache' which is populated (reading from the DB) when the system starts, and then your custom Verifier can query that credentials cache instead of the DB.
As you can see, Restlet is very flexible and provides you with many possibilities to handle authentication. OTOH, that flexibility means a little more work on your side to implement the authentication 'architecture' the way you want or need it. On Wed, Jan 26, 2011 at 7:46 PM, Randy Paries <[email protected]> wrote: > Fabian , > thanks for the response. > > that helped, i am now getting closer. > > So there is one last part i am not getting. > > from the book there is the example " > //snippet > > @Override > public Restlet createInboundRoot() { > > Router router = new Router(getContext()); > MapVerifier verifier = new MapVerifier(); > verifier.getLocalSecrets().put("scott", > "tiger".toCharArray()); > > CookieAuthenticator authenticator = > new CookieAuthenticator(getContext(), "Cookie Test"); > > //end snippet > > My usernames and passwords are in a DB > So is the flow, each time someone makes a request I need to query and get the > username/password so i can put it into the verifier? I am thinking that after > they login i will generate somekind of key based on their username/password > and that is what will be passed back and forth or set as a cookie. > > thanks for your help > -- Fabián Mandelbaum IS Engineer ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2700914
