Restlet 2.0.8: Multiple authentication methods (BASIC, DIGEST) for single restlet Application instance?

Question

We're using Restlet 2.0.8 and have an Application instance overwriting org.restlet.Application#createInboundRoot(). In there, we create the Router instance and return (at the moment) a DigestAuthenticator, like in the code snipped below:

@Override
public synchronized Restlet createInboundRoot() {
    log.info("App::createInboundRoot called");

    this.authenticator = getAuthenticator();

    Router router = new Router(getContext());
    router.attach("/echo", EchoResource.class);
    router.attach("/status", StatusResource.class);

    authenticator.setNext(router);
    return authenticator;
}

private ChallengeAuthenticator getAuthenticator() {
    DigestAuthenticator auth = new DigestAuthenticator(getContext(), "Guard", "s3cret");
    auth.setWrappedVerifier(new SimpleVerifier("user","pass");
    auth.setOptional(false);
    return auth;
}

What I would like to achieve is:

• have the EchoResource using digest authentication and the StatusResource should use HTTP basic authentication

Is this possible with Restlets?

Best, Chris

Answer 1

This is possible by chaining the DigestAuthenticator (optional: true) and the BasicAuthenticator (optional: false). Pseudo-code:

   digestAuth.setNext(basicAuth);
   basicAuth.setNext(router);

Answer 2

In a similar situation, we created two org.restlet.Application objects, require authentication for one Application as in the question above, and did attach both the Applications to different paths in the Servlet container.