Hello Steve,
I send you an idea of what could be a solution for your problem. It is based
on a filter, placed just after the ClientResource that will handle the
unauthorized response and complete the round trip.
******
ClientResource cr = new ClientResource("http://localhost:8182/";);
cr.setChallengeResponse(new ChallengeResponse(ChallengeScheme.HTTP_DIGEST,
"scott", "tiger".toCharArray()));
Filter filter = new Filter() {
@Override
protected void afterHandle(Request request, Response response) {
if (Status.CLIENT_ERROR_UNAUTHORIZED.equals(response.getStatus()) &&
request.getChallengeResponse() != null) {
ChallengeRequest c1 = null;
for (ChallengeRequest challengeRequest :
response.getChallengeRequests()) {
if
(ChallengeScheme.HTTP_DIGEST.equals(challengeRequest.getScheme())) {
c1 = challengeRequest;
break;
}
}
ChallengeResponse c2 = new ChallengeResponse(c1, response,
request.getChallengeResponse().getIdentifier(),
request.getChallengeResponse().getSecret());
request.setChallengeResponse(c2);
handle(request, response);
} else {
super.afterHandle(request, response);
}
}
};
cr.setNext(filter);
filter.setNext(new Client(Protocol.HTTP));
*****
There are several ways to associate the filter with client resources
depending the calls are issued from an Application, or not. You can also
create subclass of ClientResource, etc.
Best regards,
Thierry Boileau
I've read the following:
>
>
> http://wiki.restlet.org/docs_2.0/13-restlet/27-restlet/46-restlet/112-restlet.html
>
> But I am unable to work how I should protect the following application:
>
> Application app = new Application() {
> @Override
> public synchronized Restlet createInboundRoot() {
> Router router = new Router(getContext());
> router.attach(TestResource.URI, TestResourceImpl.class);
> router.attach(Test2Resource.URI, Test2ResourceImpl.class);
>
> return router;
> }
> };
>
> With a single DIGEST authentication round trip on the client. At the moment
> I need to do this:
>
> ClientResource authResource = new ClientResource("
> http://localhost:8182/foo"; + TestResource.URI);
> TestResource myTest = authResource.wrap(TestResource.class);
> authResource.setChallengeResponse(ChallengeScheme.HTTP_DIGEST,
> "login",
> "secret");
>
> for each and every different ClientResource; they are not transferrable as
> on the server the DIGEST authentication implementation matches on the
> specific URI. I have tried using the Directory class and implementing the
> Digest auth to guard that; but I cannot see how to setup the
> ChallengeResponse on the client.
>
> Any help gratefully accepted.
>
> regards
> Steve
>
> ------------------------------------------------------
>
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2807742
>
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2815741
