Hi Bruno, > I've been busy with other things since I volunteered last week, so I > haven't started to work on the getRemoteUser() sub-problem yet, but I > think I've got a reasonable patch regarding the client certificates.
Cool! > There are a few problems, though. > > 1. Even with a clean download of the SVN trunk at the moment > (without my > patch), I can't get it to pass all the tests (in > 'verify-tests'). I've > tried to build the latest code and test it on a Mac (10.5 and Java 5) > and on a Linux (Java 6), but there's always one test in > org.restlet.test.RestletTestSuite that fails. I've tried to > turn verbose > on in the junit ant-task, but to be honest, I'm quite confused in all > the messages that come up. I tend to use jUnit directly from Eclipse > usually, and in the ant output, the junit messages seem to be lost > between other logging messages. Is it just me? Could you check your "build\temp\test" directory? You will see some log messages and probably the failing unit test. > 2. As part of the test units, is there anything that tests HTTPS (as > opposed to HTTP)? I couldn't find anything, so I tried to I > started to > work on a com.noelios.restlet.test.SslBaseConnectorsTestCase based on > com.noelios.restlet.test.BaseConnectorsTestCase (using a dummy > 'localhost' certificate). This raised many more questions, but I'll > start a new thread. (Some of it has to do with > http://restlet.tigris.org/issues/show_bug.cgi?id=281 since it's a > similar topic) OK. Your SslBaseConnectorsTestCase sounds like a good idea. We should definitely automate HTTPS testing as well. > 3. There's some good news. > I've written the code to get the clients certificate using Grizzly, > Jetty (HTTPS and AJP), XdbServlet and Servlet and the Simple > connector. OK > I'm not sure what to do regarding the Stream server. Sorry, I haven't > really looked into that one and I barely know what it's for. I didn't > get the impression it was aimed for HTTPS anyway. The internal HTTP connector is here for simple use cases, requiring a very small footprint, for embedding purpose for example. It is also useful for development and is used in the JXTA extension. We hope to progressively improve it in the future in parallel of external connectors. Currently there is no support for HTTPS in the internal connector. > Getting the client certificates using Jetty HTTPS and AJP works. I > haven't tested the Servlet code, but it's the same as the AJP > and this > really should work. It works with the simple connector too. Perfect. > Grizzly needs a bit more testing: some other problems came up > because it > tends to close the connection abruptly after a timeout (in a > similar way > as it was doing with 1.1M1 and plain HTTP). (An HTTPS test > unit would help.) Ok, this is interesting. We have a bug report pending for Grizzly, feel free to add comments to it: http://restlet.tigris.org/issues/show_bug.cgi?id=341 Best regards, Jerome
