I've been using Restlets "ChallengeResponse" mechanism to authenticate users so far.
ChallengeResponse challengeResponse = getRequest().getChallengeResponse();
if( challengeResponse == null ){
throw new RuntimeException("not authenticated");
}
String login = challengeResponse.getIdentifier();
String password = new String(challengeResponse.getSecret());
From my understanding, "ChallengeResponse" requires that the username and password are put into headers. However a client needs to put the credentials into the
url like so:
https://username:
[email protected]/my_secure_document
When I looked at what was actually sent, it looks like the password is being hashed.
What is the proper way to authenticate in this fashion using Restlet?