Hi Jerôme,
I've been busy with other things since I volunteered last week, so I
haven't started to work on the getRemoteUser() sub-problem yet, but I
think I've got a reasonable patch regarding the client certificates.
There are a few problems, though.
1. Even with a clean download of the SVN trunk at the moment (without my
patch), I can't get it to pass all the tests (in 'verify-tests'). I've
tried to build the latest code and test it on a Mac (10.5 and Java 5)
and on a Linux (Java 6), but there's always one test in
org.restlet.test.RestletTestSuite that fails. I've tried to turn verbose
on in the junit ant-task, but to be honest, I'm quite confused in all
the messages that come up. I tend to use jUnit directly from Eclipse
usually, and in the ant output, the junit messages seem to be lost
between other logging messages. Is it just me?
2. As part of the test units, is there anything that tests HTTPS (as
opposed to HTTP)? I couldn't find anything, so I tried to I started to
work on a com.noelios.restlet.test.SslBaseConnectorsTestCase based on
com.noelios.restlet.test.BaseConnectorsTestCase (using a dummy
'localhost' certificate). This raised many more questions, but I'll
start a new thread. (Some of it has to do with
http://restlet.tigris.org/issues/show_bug.cgi?id=281 since it's a
similar topic)
3. There's some good news.
I've written the code to get the clients certificate using Grizzly,
Jetty (HTTPS and AJP), XdbServlet and Servlet and the Simple connector.
I'm not sure what to do regarding the Stream server. Sorry, I haven't
really looked into that one and I barely know what it's for. I didn't
get the impression it was aimed for HTTPS anyway.
Getting the client certificates using Jetty HTTPS and AJP works. I
haven't tested the Servlet code, but it's the same as the AJP and this
really should work. It works with the simple connector too.
Grizzly needs a bit more testing: some other problems came up because it
tends to close the connection abruptly after a timeout (in a similar way
as it was doing with 1.1M1 and plain HTTP). (An HTTPS test unit would help.)
Best wishes,
Bruno.
Jerome Louvel wrote:
Hi Bruno,
Thanks for proposing to help on this front Bruno. I've reassigned the RFE to
you.
Note that in 1.1 M2, the Guard is automatically adding a Principal instance
to the request attributes upon successful authentication.
Best regards,
Jerome
-----Message d'origine-----
De : news [mailto:[EMAIL PROTECTED] De la part de Bruno Harbulot
Envoyé : lundi 3 mars 2008 12:43
À : [email protected]
Objet : Issue 376
Hello,
I'm interested in trying to contribute to solve issue 376:
http://restlet.tigris.org/issues/show_bug.cgi?id=376
There are in fact two sub-problems in this issue: (1) exposing
javax.servlet.request.X509Certificate and (2) defining something that
would provide the equivalent of
javax.servlet.http.HttpServletRequest.getRemoteUser().
Is someone already working on it? I wouldn't mind having a go
at this,
but I'm not sure if this would conflict with some other work.
Best wishes,
Bruno.
