0

My quest to deal with a java restlet server continues.

I was able to set-up my routing as desired, in particular there is a User resource which can be created with a POST call on an URL. When this happens, a new user is created on the Database.

From this point on I'd like the new user to be able to authenticate. The problem is that the authenticator in the inbound-root loads the usernames and password once at the beginning. So, if a new user is created, he can't authenticate unless I restart the server.

There must be an easy way of dealing with this!

This is the Application:

public class APIServerApplication extends Application {


    @Override
    public Restlet createInboundRoot(){
          //some routers and filter..

          //here the verifier is initialized with the current users and passwords:
          MapVerifier verifier = new MapVerifier();

          //get users and pwd from DB
          HashMap<String,String> usrPwdMap = SomeDBClass.getVerifierMap(); 
          for(String uname : usrPwdMap.keySet()){
              verifier.getLocalSecrets().put(uname,   (usrPwdMap.get(uname)).toCharArray());
          }

          //..verifier is used to build the authenticator... etc

    }

The user resource looks something like:

 public class UserResource extends ServerResource{

       @Post
   public Representation acceptItem(Representation entity) {  
             //get the data from the form       
             //insert the new user in the db


             /* TODO: I think i should add something here 
                to refresh the verifier map! 
              */
       }
 }

How can I refresh the verifier map?

user229044
  • 232,980
  • 40
  • 330
  • 338
T. Rossi
  • 465
  • 1
  • 6
  • 23

1 Answers1

0

This is AN INCORRECT way of doing things in a production application. NEVER load the usernames/password combinations in memory. It would be too much of an overkill.

In fact, please modify your application to check the username/password against the one stored in the DB for that user on EVERY http request. That is the restful way of doing things. If you think that's not a good way of doing things I suggest you read the answers for this question: RESTful authentication - resulting poor performance on high load?

Community
  • 1
  • 1
PhD
  • 11,202
  • 14
  • 64
  • 112
  • 2
    I agree that for production purpose, you should build your custom Restlet Verifier (see subclasses as well) that looks up the result for each call from a users directory (database or something else). – Jerome Louvel Feb 26 '14 at 03:02