Previous
6.14 guard
You should use
'guard' creates a Restlet Guard, which is a special purpose
|
Name |
Description |
|---|---|
|
realm |
Realm to send in HTTP Basic and HTTP Digest challenges. |
|
scheme |
Authentication scheme to use. |
Syntax / Examples
Protect a single resource:
import org.restlet.Guard;
import org.restlet.data.ChallengeScheme;
builder.router {
def guard = guard(uri:"", scheme:ChallengeScheme.HTTP_BASIC, realm:"Restlet Tutorials");
guard.secrets.put("scott", "tiger".toCharArray())
guard.next = template(
uri: "/",
match: "equals",
data: "module:/resources/greeting.json",
template: "module:/templates/index.xml",
mediaType: "text/html"
)
}
Protect multiple resources (a TemplateRestlet at "/" and a DirectoryResource at "/resources")
builder.router {
def guard = guard(uri:"", scheme:ChallengeScheme.HTTP_BASIC, realm:"Restlet Tutorials");
guard.secrets.put("scott", "tiger".toCharArray())
guard.next = router() {
template( // The home page
uri: "/",
match: "equals",
data: "module:/resources/greeting.json",
template: "module:/templates/index.xml",
mediaType: "text/html"
)
directory(uri: "/resources", root: "module:/resources/")
}
}
Avoid hardcoding the secrets (still bad, we still use plaintext passwords)
class PropertiesResolver extends Resolver {
Properties properties = new Properties()
def resolve(String name) {
return properties.getProperty(name)?.toCharArray();
}
}
accounts = new Properties()
accounts.load(new FileInputStream("/tmp/accounts"));
builder.router {
def guard = guard(uri:"", scheme:ChallengeScheme.HTTP_DIGEST, realm:"Restlet Tutorials");
guard.secretResolver = new PropertiesResolver(properties: accounts);
guard.next = ...
}