Thank you very much for your answer. I think I would use the "classes" approach using the createInboundRoute as in the book.
How about my second question? Can I attach the authenticator to only some of the methods of my resources? I.e. protect only PUT, POST, and DELETE while keeping GET public? Maybe using roles? Is there some example I can see? If not, I'm thinking about splitting my services in two families of resources /apps/ which will implement authentication and /info which will be public. Do you think it is a good solution? Moreover, do you know of any open-source real web service implementation using restlet? I would like to see some code, tutorials and "Restlet in action" are quite "simple". Thanks again, Sergio ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3078322