RE: Adding standard headers

Thu, 26 Oct 2006 10:50:18 -0700 

Hi Mikkel,

Interesting usage! The Restlet API has been designed to support multiple
authorization mechanisms (aka challenge schemes in HTTP terminology).
Following the S3 docs:
http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAuthentication.htm
l

        // Create a request
        Request request = new Request(Method.GET, "http://***";);
        request.setEntity(myEntity);

        // Compute the credentials
        String credentials = awsAccessKeyId + ":"  + base64(hmac-sha1(VERB +
"\n" 
                                                               + "\n" 
                                                               +
myEntity.getMediaType() + "\n" 
                                                               +
myEntity.getModificationDate() + "\n" 
                                                               +
CanonicalizedAmzHeaders + "\n" 
                                                               +
CanonicalizedResource))

        // Set the challenge response
        ChallengeScheme cs = new ChallengeScheme("Amazon S3", "AWS");
      ChallengeResponse cr = new ChallengeResponse(cs, credentials);
      request.setChallengeResponse(authentication);

The NRE provides a Base64 implementation:
com.noelios.restlet.impl.util.Base64 but not an implementation of HMAC-SHA1.
However, I'm sure you can find one around (anyway you would need one to
build the raw header). 

Typical usage of Base64: Base64.encodeBytes(myString.getBytes("US-ASCII"));

Let me know how it works, it would be very useful to provide built-in
support for the S3 authentication scheme in a later release of NRE.

Best regards,
Jerome

> -----Message d'origine-----
> De : news [mailto:[EMAIL PROTECTED] De la part de Mikkel Jensen
> Envoyé : jeudi 26 octobre 2006 18:55
> À : [email protected]
> Objet : Adding standard headers
> 
> I'm writing an application for connecting to the Amazon S3 
> REST service. 
> This means I need to follow their custom authentication 
> mechanism and construct 
> an "Authorization" header based upon the "Date" and 
> "Content-Type" headers 
> among other things. 
> Unfortunately the HttpConverter class does not allow me to 
> manipulate standard 
> headers or even read the Date and Content-Type headers prior 
> to transmission. 
> 
> Is it possible to use custom authentication schemes in client 
> requests or will 
> I need to go back to using HttpUrlConnection class for 
> low-level control? 
> 
> Best regards, 
> 
> Mikkel 
> 
>

Reply via email to