I bump this up and simplify the question: here's my actual resource
definition
<bean id="application" class="org.restlet.Application">
<property name="inboundRoot" ref="router" />
</bean>
<bean id="router" class="org.restlet.ext.spring.SpringRouter">
<property name="attachments">
<map>
<entry key="/console" value-ref="beanRouter"/>
<entry key="/public/{page}"
value="com.pipelean.auth.rest.console.HtmlResource"/>
<entry key="/static/{type}/{name}"
value="com.pipelean.auth.rest.console.StaticResource"/>
</map>
</property>
</bean>
<bean id="beanRouter" class="org.restlet.ext.spring.SpringBeanRouter" />
<bean name="/" class="com.pipelean.platform.commons.rest.WelcomeResource"
id="welcome" scope="prototype" />
<bean name="/{page}"
class="com.pipelean.auth.rest.console.HtmlAuthenticatedResource" id="html"
scope="prototype" />
Considered that I only know how to attach authentication in this,
programmatic way, not via spring:
http://restlet-discuss.1400322.n2.nabble.com/How-to-signup-a-ChallengeAuthenticator-when-using-SpringBeanRouter-td5588475.html
what I can't achieve is to have a different authenticator for each entry in
the SpringRouter.
I need that /public and /static to be open to any call, while /console to be
protected and return a 401 to public/signin when someone not authenticated
try to load the page.
This seems a pretty standard behavior that I cannot achieve.
Also actually HtmlResource and StaticResource are designed not to have any
user while HtmlAuthenticatedResource.doInit() loads a userid from the
security context (spring in my case) and populate some data in the HTML
Template. As you understand, I do not want the doInit to be called when the
client is not authenticated, so I need the authenticator to stop the request
before starting to load the resource, and return a 404 with a locationRef.
Thanks.
On Wed, May 4, 2011 at 7:56 PM, Daniele Dellafiore <[email protected]>wrote:
> Hi.
>
> My app has now grow to contain different paths with different
> authentications scheme and context, like:
>
> /api
> /console
> /oauth
>
> Then, there is the host:
>
> <bean id="virtualHost" class="org.restlet.ext.spring.SpringHost">
> <constructor-arg value="" />
> <property name="attachments">
> <map>
> <entry key="/api">
> <ref bean="apiApplication" />
> </entry>
> <entry key="/oauth">
> <ref bean="oauthApplication" />
> </entry>
> <entry key="/console">
> <ref bean="consoleApplication" />
> </entry>
> </map>
> </property>
> </bean>
>
> This happened mainly because I needed to add an Http Basic authn to the API
> and a Cookie authenticator on the console, while the "oauth" context
> requires no authentication and the only way I found to add an authenticator
> and keeping the SpringBeanRouter has been the one I wrote here
> http://restlet-discuss.1400322.n2.nabble.com/How-to-signup-a-ChallengeAuthenticator-when-using-SpringBeanRouter-td5588475.html
>
> Finally, each application has a SpringBeanRouter as inboundRouter so I can
> externalize everything to a spring bean file.
>
> So I need a different application for each "route" with a different
> authentication system
>
> That was fine but now I see some limitations:
>
> 1. /console serve some static html pages and has a cookie authentication.
> If there is no cookie for the client, I redirect it to /signin that is free
> from any authn. For that, I had to create a new app mounted in the host as
> /signin. This is not nice
> 2. as alternative, I can mount it in the oauth application, that would
> become the "authn free application", that keeps together resources of
> different kind: signin is a HTML page, oauth is an api callback page for
> oauth authentication with third party services. Probably I will split the
> api and the html console in different modules in future so this makes no
> sense.
>
> Now, clearly I'm making something wrong in designing this.
>
> Also, other issue:
>
> 3. the /console html application serve some static content like css and js.
> So the application has this resources:
>
> <bean name="/pages/{page}" class="console.HtmlResource" id="html"
> scope="prototype" />
> <bean name="/static/{type}/{name}" class="console.StaticResource"
> id="static" scope="prototype" />
>
> I do not like this. I do not want /pages in my URL for html pages, but I
> have no choice then adding another application. Again, smell.
>
> I think I need to add some different level to route the different part of
> the resources. I'd rather have:
>
> . one application for all those context
> . a sort of first level sub-route that defines the main restlet for /api,
> /console, /static and such with different authentication methods (maybe
> defined via spring)
> . then the SpringBeanRouter way to define the actual resources, like now,
> but not mounted as the application inboundRoot.
>
> Is there a way to achieve this?
>
> Thanks.
>
>
> --
> Daniele Dellafiore
> http://danieledellafiore.net
>
--
Daniele Dellafiore
http://danieledellafiore.net
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2732147
