/** * Verifies that the proposed secret is correct for the specified request. * By default, it compares the inputSecret of the request's authentication * response with the one obtain by the {@link ChallengeResponse#getSecret()} * method and sets the {@link org.restlet.security.User} instance of the * request's {@link ClientInfo} if successful. * * @param request * The request to inspect. * @param response * The response to inspect. * @return Result of the verification based on the RESULT_* constants. */ public int verify(Request request, Response response) { int result = RESULT_VALID; if (request.getChallengeResponse() == null) { result = RESULT_MISSING; } else { String identifier = getIdentifier(request, response); char[] secret = getSecret(request, response); result = verify(identifier, secret); if (result == RESULT_VALID) { request.getClientInfo().setUser( createUser(identifier, request, response)); } } return result; }