Hello there, our Restlet-based application needs to have users authenticated using both cookies and http basic (hopefully to be switched to digest soon) authentication (Actually it's either cookies or http auth, but see below for auth flow). We also use our own verifier storing credentials on JCR and set it as the defaultVerifier() for the app's context in createInboundRoot().
I've seen that the ChallengeAuthenticator class only accepts one authentication method on its constructor so, a priori, one cannot have a Guard that uses more than one auth method. The authentication workflow with the Guard/Authenticator our app needs would be something like this: 1) If cookie is present, verify it 2) if cookie verification passes, all OK, continue processing request 3) if cookie verification fails, use HTTP authentication Is this possible with Restlet 2.1? I'd appreciate any guide/pointer/idea you may have. Thanks in advance. -- Fabián Mandelbaum IS Engineer ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3071085