2

I am migrating Restlet from 1.2 to 2.2.3 and found out Guard is now deprecated. I started using ChallengeAuthenticator (HTTP_BASIC scheme). The issue is here, I used to extend Guard class and override the method checkSecret to authorize app specific credentials.

public class AgentAuthenticationGuard extends Guard {

public AgentAuthenticationGuard(Context context, ChallengeScheme scheme,
        String realm) throws IllegalArgumentException {
    super(context, scheme, realm);
}

 public boolean checkSecret(Request request, String identifier, char[] secret) {
     return SecurityHelper.authorizeAgent( identifier, new String(secret) );
 }

}

If I want to replace Guard with ChallengeRequester, which method I should override? authenticate? how do I get identifier and secret?

jprism
  • 3,239
  • 3
  • 40
  • 56

1 Answers1

1

Apologize for jumping too fast. I think I sorted out. I create the ChallengeAuthenticator as follow

 private ChallengeAuthenticator createAuthenticator() {
    Context context = getContext();
    ChallengeScheme challengeScheme = ChallengeScheme.HTTP_BASIC;
    String realm = "my-web";

    MapVerifier verifier = new MapVerifier();
    verifier.getLocalSecrets().put("user", "password".toCharArray());

    ChallengeAuthenticator authWithChallenge= new ChallengeAuthenticator(context, challengeScheme, realm) {
        @Override
        protected int beforeHandle(Request request, Response response) {
            ChallengeResponse challengeResponse =  request.getChallengeResponse();
            boolean authorized = SecurityHelper.authorizeAgent( challengeResponse.getIdentifier(), new String(challengeResponse.getSecret()) );
            if(authorized)
            {
                response.setStatus(Status.SUCCESS_OK);
                return CONTINUE;
            }

            logger.info("Invalid Credentials!!!");
            return STOP;

        }
    };

    return authWithChallenge;
}

Thanks to https://www.programcreek.com/java-api-examples/index.php?api=org.restlet.security.ChallengeAuthenticator

jprism
  • 3,239
  • 3
  • 40
  • 56