We're using Restlet 2.0.8 and have an Application instance overwriting org.restlet.Application#createInboundRoot(). In there, we create the Router instance and return (at the moment) a DigestAuthenticator, like in the code snipped below:
@Override
public synchronized Restlet createInboundRoot() {
log.info("App::createInboundRoot called");
this.authenticator = getAuthenticator();
Router router = new Router(getContext());
router.attach("/echo", EchoResource.class);
router.attach("/status", StatusResource.class);
authenticator.setNext(router);
return authenticator;
}
private ChallengeAuthenticator getAuthenticator() {
DigestAuthenticator auth = new DigestAuthenticator(getContext(), "Guard", "s3cret");
auth.setWrappedVerifier(new SimpleVerifier("user","pass");
auth.setOptional(false);
return auth;
}
What I would like to achieve is:
Is this possible with Restlets?
Best, Chris
This is possible by chaining the DigestAuthenticator (optional: true) and the BasicAuthenticator (optional: false). Pseudo-code:
digestAuth.setNext(basicAuth);
basicAuth.setNext(router);