Hi Helen,
If you are in Restlet 1.1, I would suggest writing a simple Filter subclass
and to override the beforeHandle() method.
Check the IP address and if you want to block it, set the status to
Status.CLIENT_ERROR_FORBIDDEN.
This will be simpler than extending Guard. In Restlet 1.2, the new security
API is more flexible and I would suggest to extend the Authorizer
class/filter instead.
Best regards,
Jerome Louvel
--
Restlet ~ Founder and Lead developer ~ http://www.restlet.org
Noelios Technologies ~ Co-founder ~ http://www.noelios.com
-Message d'origine-
De : helen chen [mailto:hc...@aip.org]
Envoyé : vendredi 3 avril 2009 03:00
À : discuss@restlet.tigris.org
Objet : Re: access control
I'm reading the document about the Guard. It looks like when creating a
Guard, I can specify ChallengeScheme.CUSTOM which can be used for IP address
check.
But if I do it, then when should I check the IP address? Does that mean I
have to create a sub class of Guard, override method authenticate() and
authorize()?
Does anyone have ever done this? Is there any sample code I can take a look?
since only server side it check IP address, at client side, I guess I don't
need to do request.setChallengeResponse() for the ChallengeSchema.CUSTOM
right?
I would appreciate if anyone has any ideasabout how to deal with it .
helen
>>> Helen Chen 04/02/09 5:09 PM >>>
Hello there,
I'm having a situation like the following: I need to restrict that only one
ip adddress is allowed to access to a specific uri that is developed by
restlet.
And other pages are open to all.
I know this usually should be done at the web server part. But if I need to
do it through Restlet, Can I use Guard to do it? If yes, does anyone have
example?
Thanks, Helen
--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1593480