Is the confidential property on the Request (or Message) even necessary? It
seems to only be read by the jaxrs module and it doesn't appear to be
providing much value there.
On Wed, Oct 22, 2008 at 3:38 AM, Jerome Louvel <[EMAIL PROTECTED]>wrote:
> Hi Kevin,
>
> In my mind, the "confidential" property shouldn't determine the connector
> used. This is the role of the Request#getProtocol() method. We might
> eventually want to check that (and log a warning if necessary), if the user
> sets the "confidential" property manually, it will be consistent with the
> protocol eventually used to send the request.
>
> Also, in the com.noelios.restlet.component.ComponentClientDispatcher class,
> there is this related block of code:
>
> @Override
> *protected* *void* doHandle(Request request, Response response) {
> *super*.doHandle(request, response);
> *final* Protocol protocol = request.getProtocol();
>
> *if* (protocol.equals(Protocol.*RIAP*)) {
> // Consider that the request is confidential
> request.setConfidential(*true*);
>
> ...
> We could generalize this logic by adding a "confidential" property on the
> Protocol class itself and then do this:
>
> *super*.doHandle(request, response);
> *final* Protocol protocol = request.getProtocol();
> request.setConfidential(protocol.isConfidential);
>
> *if* (protocol.equals(Protocol.*RIAP*)) {
>
> ...
> That would make sure that the requests going through a secure client
> connector (RIAP, HTTPS, SMTPS, etc.) get properly marked as confidential. We
> might even want to move the "confidential" property from Request to the
> parent Message class because if the request is secure, then the response
> will be as well.
>
> Best regards,
> Jérôme Louvel
> --
> Restlet ~ Founder and Lead developer ~ http://www.restlet.org
> Noelios Technologies ~ Co-founder ~ http://www.noelios.com
>
>
> ------------------------------
> *De :* Kevin Conaway [mailto:[EMAIL PROTECTED]
> *Envoyé :* mardi 21 octobre 2008 23:16
> *À :* [email protected]
> *Objet :* Re: Protocol should determine "confidentiality" of Request
>
> In Restlet-619, I added SSL support to the StreamClientHelper. The
> StreamClientHelper now looks at request.isConfidential() before deciding to
> use a plain Socket or an SSL Socket
>
> On Tue, Oct 21, 2008 at 9:10 AM, Rob Heittman <[EMAIL PROTECTED]>wrote:
>
>> Not disagreeing -- makes sense -- but just curious, how/when do you use
>> this on the Client side? The Server side sets this if the request has come
>> in via https: or riap:, and that's where I usually need to interrogate it.
>>
>> On Tue, Oct 21, 2008 at 8:56 AM, Kevin Conaway <[EMAIL PROTECTED]>wrote:
>>
>>> When making a Client call, I think it would be helpful to set the
>>> "confidential" attribute on the Request for the user based on the Protocol.
>>> I.e., if I'm using the HTTPS protocol, I shouldn't have to remember to set
>>> the confidential attribute to true on every Request. I'm not where the best
>>> place to make that decision is though
>>>
>>> Is there a situation where you would be using HTTPS or a similar secure
>>> protocol but the Request would not be confidential?
>>>
>>> Thanks,
>>>
>>> Kevin
>>>
>>
>>
>
