Hi Patrizio, We recently moved all JAAS dependencies from Restlet Core to a JAAS extension. This should solve your issue. Could you test with a recent 2.0 snapshot and let us know?
Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com Patrizio Munzi a écrit : > Ok, thank you. > > Thierry Boileau wrote: >> Hello Patrizio, >> >> I've entered a new issue for this problem : >> http://restlet.tigris.org/issues/show_bug.cgi?id=893. >> Thanks for your report. >> >> Best regards, >> Thierry Boileau >> >> >>> Hi everybody, >>> >>> I think I've found a problem of Restlet Authentication mechanism with GAE. >>> >>> I have got this simple guard: >>> -------------------------- >>> public Restlet createRoot() { >>> // Create a router Restlet that defines routes. >>> Router router = new Router(getContext()); >>> >>> // Defines a route for the resource "list of items" >>> router.attach("/addcall", CallResource.class); >>> router.attach("/addsms", SMSResource.class); >>> >>> ChallengeAuthenticator authenticator = new >>> ChallengeAuthenticator(getContext(), ChallengeScheme.HTTP_BASIC, >>> "com.eris4.warp4.callfriends.server.restlet"); >>> MapVerifier verifier = new MapVerifier(); >>> verifier.getSecrets().put("callFriends", >>> "callFriends".toCharArray()); >>> authenticator.setVerifier(verifier); >>> authenticator.setNext(router); >>> >>> Router guardedRouter = new Router(getContext()); >>> guardedRouter.attach("/", authenticator); >>> >>> return guardedRouter; >>> } >>> -------------------------- >>> >>> and this simple client: >>> -------------------------- >>> public static void main(String[] args) throws ResourceException { >>> // Client client = new Client(new Context(), >>> Protocol.HTTP); >>> // client.getContext().getParameters().add("converter", >>> "com.noelios.restlet.http.HttpClientConverter"); >>> >>> Engine.getInstance().getRegisteredClients().add(new >>> HttpClientHelper(null)); >>> Client client = new Client(Protocol.HTTP); >>> Status resultStatus = null; >>> try { >>> Form form = new Form(); >>> form.add("param1", "1"); >>> Representation callRepresentation = form.getWebRepresentation(); >>> >>> Request request = new Request(Method.POST, url); >>> ChallengeResponse authentication = new >>> ChallengeResponse(ChallengeScheme.HTTP_BASIC, "login", "psw"); >>> request.setChallengeResponse(authentication); >>> >>> request.setEntity(callRepresentation); >>> Response response = client.handle(request); >>> resultStatus = response.getStatus(); >>> } catch (Throwable t) { >>> System.err.println("Exception: " + t); >>> } >>> } >>> -------------------------- >>> >>> and GAE side I get the following exception: >>> -------------------------- >>> SEVERE: Unhandled exception or error intercepted >>> java.security.AccessControlException: access denied >>> (javax.security.auth.AuthPermission modifyPrincipals) >>> at java.security.AccessControlContext.checkPermission(Unknown Source) >>> at java.security.AccessController.checkPermission(Unknown Source) >>> at java.lang.SecurityManager.checkPermission(Unknown Source) >>> at >>> com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:139) >>> at javax.security.auth.Subject$SecureSet.add(Unknown Source) >>> at java.util.Collections$SynchronizedCollection.add(Unknown Source) >>> at org.restlet.security.SecretVerifier.verify(SecretVerifier.java:114) >>> at >>> org.restlet.security.ChallengeAuthenticator.authenticate(ChallengeAuthenticator.java:134) >>> at >>> org.restlet.security.Authenticator.beforeHandle(Authenticator.java:107) >>> at org.restlet.routing.Filter.handle(Filter.java:199) >>> at org.restlet.routing.Filter.doHandle(Filter.java:156) >>> at org.restlet.routing.Filter.handle(Filter.java:201) >>> at org.restlet.routing.Router.doHandle(Router.java:321) >>> at org.restlet.routing.Router.handle(Router.java:520) >>> at org.restlet.routing.Filter.doHandle(Filter.java:156) >>> at org.restlet.routing.Filter.handle(Filter.java:201) >>> at org.restlet.routing.Filter.doHandle(Filter.java:156) >>> at org.restlet.routing.Filter.handle(Filter.java:201) >>> at org.restlet.routing.Filter.doHandle(Filter.java:156) >>> at >>> org.restlet.engine.application.StatusFilter.doHandle(StatusFilter.java:152) >>> at org.restlet.routing.Filter.handle(Filter.java:201) >>> at org.restlet.routing.Filter.doHandle(Filter.java:156) >>> at org.restlet.routing.Filter.handle(Filter.java:201) >>> at org.restlet.engine.ChainHelper.handle(ChainHelper.java:111) >>> at >>> org.restlet.engine.application.ApplicationHelper.handle(ApplicationHelper.java:72) >>> at org.restlet.Application.handle(Application.java:344) >>> at org.restlet.routing.Filter.doHandle(Filter.java:156) >>> at org.restlet.routing.Filter.handle(Filter.java:201) >>> at org.restlet.routing.Router.doHandle(Router.java:321) >>> at org.restlet.routing.Router.handle(Router.java:520) >>> at org.restlet.routing.Filter.doHandle(Filter.java:156) >>> at org.restlet.routing.Filter.handle(Filter.java:201) >>> at org.restlet.routing.Router.doHandle(Router.java:321) >>> at org.restlet.routing.Router.handle(Router.java:520) >>> at org.restlet.routing.Filter.doHandle(Filter.java:156) >>> at org.restlet.routing.Filter.handle(Filter.java:201) >>> at org.restlet.engine.ChainHelper.handle(ChainHelper.java:111) >>> at org.restlet.Component.handle(Component.java:403) >>> at org.restlet.Server.handle(Server.java:350) >>> at org.restlet.engine.ServerHelper.handle(ServerHelper.java:71) >>> at >>> org.restlet.engine.http.HttpServerHelper.handle(HttpServerHelper.java:149) >>> at org.restlet.ext.servlet.ServerServlet.service(ServerServlet.java:967) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) >>> at >>> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487) >>> at >>> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093) >>> at >>> com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43) >>> at >>> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) >>> at >>> com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:121) >>> at >>> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) >>> at >>> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360) >>> at >>> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) >>> at >>> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181) >>> at >>> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712) >>> at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405) >>> at >>> com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:54) >>> at >>> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139) >>> at >>> com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:313) >>> at >>> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139) >>> at org.mortbay.jetty.Server.handle(Server.java:313) >>> at >>> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506) >>> at >>> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:844) >>> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:644) >>> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205) >>> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381) >>> at >>> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396) >>> at >>> org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442) >>> ----------------------- >>> >>> has anybody any idea on how I can work around this??? >>> Is it a bug?? >>> >>> Thanks >>> >>> ------------------------------------------------------ >>> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2392516 >>> >>> >>> >> >> ------------------------------------------------------ >> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2393621 >> >> > > -- > > *Patrizio Munzi* > Product Specialist > Viale Bruno Buozzi, 19 - 00197 Roma (Italy) > tel: +39 06 4543 3540 > fax: +39 06 4543 3587 > mobile: +39 393 7195 164 > mail: [email protected] <mailto:[email protected]> > web: http://www.eris4.com <http://www.eris4.com/> > skype: eris4_munzi <skype:eris4_munzi?add> > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2407600
