Hello Patrizio,
I've entered a new issue for this problem :
http://restlet.tigris.org/issues/show_bug.cgi?id=893.
Thanks for your report.
Best regards,
Thierry Boileau
> Hi everybody,
>
> I think I've found a problem of Restlet Authentication mechanism with GAE.
>
> I have got this simple guard:
> --------------------------
> public Restlet createRoot() {
> // Create a router Restlet that defines routes.
> Router router = new Router(getContext());
>
> // Defines a route for the resource "list of items"
> router.attach("/addcall", CallResource.class);
> router.attach("/addsms", SMSResource.class);
>
> ChallengeAuthenticator authenticator = new
> ChallengeAuthenticator(getContext(), ChallengeScheme.HTTP_BASIC,
> "com.eris4.warp4.callfriends.server.restlet");
> MapVerifier verifier = new MapVerifier();
> verifier.getSecrets().put("callFriends",
> "callFriends".toCharArray());
> authenticator.setVerifier(verifier);
> authenticator.setNext(router);
>
> Router guardedRouter = new Router(getContext());
> guardedRouter.attach("/", authenticator);
>
> return guardedRouter;
> }
> --------------------------
>
> and this simple client:
> --------------------------
> public static void main(String[] args) throws ResourceException {
> // Client client = new Client(new Context(),
> Protocol.HTTP);
> // client.getContext().getParameters().add("converter",
> "com.noelios.restlet.http.HttpClientConverter");
>
> Engine.getInstance().getRegisteredClients().add(new
> HttpClientHelper(null));
> Client client = new Client(Protocol.HTTP);
> Status resultStatus = null;
> try {
> Form form = new Form();
> form.add("param1", "1");
> Representation callRepresentation = form.getWebRepresentation();
>
> Request request = new Request(Method.POST, url);
> ChallengeResponse authentication = new
> ChallengeResponse(ChallengeScheme.HTTP_BASIC, "login", "psw");
> request.setChallengeResponse(authentication);
>
> request.setEntity(callRepresentation);
> Response response = client.handle(request);
> resultStatus = response.getStatus();
> } catch (Throwable t) {
> System.err.println("Exception: " + t);
> }
> }
> --------------------------
>
> and GAE side I get the following exception:
> --------------------------
> SEVERE: Unhandled exception or error intercepted
> java.security.AccessControlException: access denied
> (javax.security.auth.AuthPermission modifyPrincipals)
> at java.security.AccessControlContext.checkPermission(Unknown Source)
> at java.security.AccessController.checkPermission(Unknown Source)
> at java.lang.SecurityManager.checkPermission(Unknown Source)
> at
> com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:139)
> at javax.security.auth.Subject$SecureSet.add(Unknown Source)
> at java.util.Collections$SynchronizedCollection.add(Unknown Source)
> at org.restlet.security.SecretVerifier.verify(SecretVerifier.java:114)
> at
> org.restlet.security.ChallengeAuthenticator.authenticate(ChallengeAuthenticator.java:134)
> at
> org.restlet.security.Authenticator.beforeHandle(Authenticator.java:107)
> at org.restlet.routing.Filter.handle(Filter.java:199)
> at org.restlet.routing.Filter.doHandle(Filter.java:156)
> at org.restlet.routing.Filter.handle(Filter.java:201)
> at org.restlet.routing.Router.doHandle(Router.java:321)
> at org.restlet.routing.Router.handle(Router.java:520)
> at org.restlet.routing.Filter.doHandle(Filter.java:156)
> at org.restlet.routing.Filter.handle(Filter.java:201)
> at org.restlet.routing.Filter.doHandle(Filter.java:156)
> at org.restlet.routing.Filter.handle(Filter.java:201)
> at org.restlet.routing.Filter.doHandle(Filter.java:156)
> at
> org.restlet.engine.application.StatusFilter.doHandle(StatusFilter.java:152)
> at org.restlet.routing.Filter.handle(Filter.java:201)
> at org.restlet.routing.Filter.doHandle(Filter.java:156)
> at org.restlet.routing.Filter.handle(Filter.java:201)
> at org.restlet.engine.ChainHelper.handle(ChainHelper.java:111)
> at
> org.restlet.engine.application.ApplicationHelper.handle(ApplicationHelper.java:72)
> at org.restlet.Application.handle(Application.java:344)
> at org.restlet.routing.Filter.doHandle(Filter.java:156)
> at org.restlet.routing.Filter.handle(Filter.java:201)
> at org.restlet.routing.Router.doHandle(Router.java:321)
> at org.restlet.routing.Router.handle(Router.java:520)
> at org.restlet.routing.Filter.doHandle(Filter.java:156)
> at org.restlet.routing.Filter.handle(Filter.java:201)
> at org.restlet.routing.Router.doHandle(Router.java:321)
> at org.restlet.routing.Router.handle(Router.java:520)
> at org.restlet.routing.Filter.doHandle(Filter.java:156)
> at org.restlet.routing.Filter.handle(Filter.java:201)
> at org.restlet.engine.ChainHelper.handle(ChainHelper.java:111)
> at org.restlet.Component.handle(Component.java:403)
> at org.restlet.Server.handle(Server.java:350)
> at org.restlet.engine.ServerHelper.handle(ServerHelper.java:71)
> at
> org.restlet.engine.http.HttpServerHelper.handle(HttpServerHelper.java:149)
> at org.restlet.ext.servlet.ServerServlet.service(ServerServlet.java:967)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
> at
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
> at
> com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
> at
> com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:121)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
> at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
> at
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
> at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)
> at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
> at
> com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:54)
> at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
> at
> com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:313)
> at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
> at org.mortbay.jetty.Server.handle(Server.java:313)
> at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
> at
> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:844)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:644)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
> at
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
> at
> org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)
> -----------------------
>
> has anybody any idea on how I can work around this???
> Is it a bug??
>
> Thanks
>
> ------------------------------------------------------
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2392516
>
>
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2393621
