Hello Randy, you usually know the hash function to encrypt the secret to persist in encrypted in the DB.
So, you just need to get the secret from the request, apply that hash/encryption function, and compare it with the already encrypted value you read from the DB, in the Verifier's verify() implementation. Maybe you are encrypting the password twice somehow? I couldn't fully understand what you wrote. What you 'cannot get anything useful from'? Hope the above helps guide you in the right direction... On Sat, Jan 29, 2011 at 3:43 PM, Randy Paries <[email protected]> wrote: > Fabian, > i am getting closer, but i am one step away i think. > > each time my service is called i pass in an encrypted string > > I decrypt it and in my ChallengeAuthenticator i have > request.setChallengeResponse( > new ChallengeResponse( ChallengeScheme.HTTP_COOKIE, keyArray[1], > keyArray[2].toCharArray() )); > > here is my problem > > I have created a class DBVerifier extends SecretVerifier > > i was assuming in the verify method i would query the DB and authenticate, > but the secret is in a format that i can not get anything useful from. > > in the authenticator request.getChallengeResponse().getSecret() gives me what > i need, so i know the correct value is in there. > > thanks for your patience and insight > > randy > > > >> Hello Randy, >> >> indeed your custom Verifier will have to query the DB on each request >> to, well, verify, the provided credentials are valid. You can also >> build an in-memory (provided the passwords are stored on the DB >> already encrypted, to tighten security a bit) credentials 'cache' >> which is populated (reading from the DB) when the system starts, and >> then your custom Verifier can query that credentials cache instead of >> the DB. >> >> As you can see, Restlet is very flexible and provides you with many >> possibilities to handle authentication. OTOH, that flexibility means a >> little more work on your side to implement the authentication >> 'architecture' the way you want or need it. >> >> On Wed, Jan 26, 2011 at 7:46 PM, Randy Paries <rtparies at gmail dot com> >> wrote: >> > Fabian , >> > thanks for the response. >> > >> > that helped, i am now getting closer. >> > >> > So there is one last part i am not getting. >> > >> > from the book there is the example " >> > //snippet >> > >> > @Override >> > public Restlet createInboundRoot() { >> > >> > Router router = new Router(getContext()); >> > MapVerifier verifier = new MapVerifier(); >> > verifier.getLocalSecrets().put("scott", >> > "tiger".toCharArray()); >> > >> > CookieAuthenticator authenticator = >> > new CookieAuthenticator(getContext(), "Cookie Test"); >> > >> > //end snippet >> > >> > My usernames and passwords are in a DB >> > So is the flow, each time someone makes a request I need to query and get >> > the username/password so i can put it into the verifier? I am thinking >> > that after they login i will generate somekind of key based on their >> > username/password and that is what will be passed back and forth or set as >> > a cookie. >> > >> > thanks for your help >> > >> >> >> >> -- >> Fabián Mandelbaum >> IS Engineer > -- Fabián Mandelbaum IS Engineer ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2701455
