Ok,I've investigated the code and there is no need to supply the Authorization header. The CookieAuthenticator will setup the ChallengeResponse before going into the authentication process. Installation of the ChallengeScheme is not needed. Currently the default challengeresponse is returned on failed authentication from ChallengeAuthenticator which requires the Scheme to create a default challengescheme reply.
As the docs state: the default behaviour is to return the request to the loginform. But I can't find it being implemented. So the docs are wrong or the code is not complete yet. ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2933801
