Custom authentication in Restlet 1.0

Bharadwaj Acharya

unread,

Jul 11, 2018, 4:04:14 AM7/11/18

to Restlet Framework (Discuss)

Hi,

I am using Restlet framework of 1.0 version. I am able to secure using Basic authentication with static username and password credentials.

But if I need to validate the user name and password with users available in ldap or db, how can i do that in 1.0? I couldn't see the custom authentication examples in 1.0 documentation.

Please help if possible with an example.

Note: I cannot upgrade to latest versions of restlet framework atleast now due to other dependencies.

Regards,

Bharadwaj.V

Thierry Boileau

unread,

Jul 12, 2018, 3:40:54 AM7/12/18

to Restlet Framework (Discuss)

Hello Bharadwaj,

we think it's our responsibility to warn you that using this version is not recommended. Several versions have been shipped since RF v1.0 including some security vulnerabilities.

Combined with the fact that v1.0 is not maintained any more, we are inclined to tell you to upgrade to last version.

Could you explain us which dependencies trouble you? We may be able to do something on our side.

Best regards,

Thierry Boileau

Bharadwaj Acharya

unread,

Jul 12, 2018, 3:59:20 AM7/12/18

to Restlet Framework (Discuss)

Hi Thierry,

Thanks for your reply. But in the documentation of https://restlet.com/open-source/documentation/tutorials/1.0/guard-access, it is mentioned as below:

Note that the authentication and authorization decisions are fully customizable via the authenticate() and authorize() methods. Any custom mechanism can be used to check whether the given credentials are valid and whether the authenticated user is authorized to continue to the attached Restlet.

So, I would like to give sample examples of customization for that. Could you please provide them?

Actually, due to our release timelines, we can't change existing rest apis which are using 1.0 version.