Re: TCP RST attack detected on file upload cut
Hello Rob, Thanks for answering. The router in question is a 3C: Software Version1.04-168 Hardware Version02.01 3C Number 3CR860-95 And it looks like you're right on the 'overly aggressive attack pattern check', it's a model specific issue. For reference: http://www.dslreports.com/forum/remark,14974812 I'll try to trim the parameters here. Regards, Diego Rob Heittman wrote: Anything you can share about the router model that is doing the blacklisting (and its firmware version)? It sounds like an overly aggressive attack pattern check on the router's part -- never seen anything like this before and people abort their uploads to our Restlet powered servers all the time. If I am fortunate enough to have the appropriate hardware/firmware around I would be happy to snoop some packets and check it out, but otherwise I think this is probably going to be really, really tough to reproduce. On Sat, Nov 22, 2008 at 2:59 AM, Diego Ballve [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: The behavior can be consistently reproduced with our setup and access to remote server is temporarily blocked to entire office subnet. The client application makes a GET and then a POST w/ a big file, so that I have time to pull the plug, and that's it.
RE: What is missing from Restlet?
Provide more examples in the documentation, like developing a web application, developing cache based system, working with velocity or free marker template language... etc. it will certainly help new starters to learn REST way of developing applications with restlet. Thanks in advance. jlouvel wrote: Hi all, JSecurity seems like a nice library to consider integration with. I've entered a RFE: Add support for JSecurity http://restlet.tigris.org/issues/show_bug.cgi?id=658 Best regards, Jérôme Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com -Message d'origine- De : news [mailto:[EMAIL PROTECTED] De la part de Jeff Ramsdale Envoyé : samedi 15 novembre 2008 18:29 À : discuss@restlet.tigris.org Objet : Re: What is missing from Restlet? Thanks for all the info! I'll definitely look into it... -jeff Tamás Cservenák wrote: Hi there, as integration i meant making those two (restlet + jsecurity) to play together. But in fact, we are using out-of-the-box (slightly nexus-ified) JSecurity Servlet filters, thus our Restlet Application is completely unaware of being protected (unless resources where we use it explicitly). The integration is more Plexus + JSecurity way, and also we integrated Plexus + Restlet, thus all major stuff is simply a Plexus Component (something like spring managed bean). All our related code is in our Spice OSS SVN (that makes our life spicey): http://svn.sonatype.org/spice/trunk/ In short: plexus-restlet-bridge -- is the restlet + plexus integration plexus-jsecurity-realms -- are various JSecurity Realm implementations (allowing us to do a lot of magic, ie. using LDAP for auth/authz and if failing, falling back to local XML for example, it is great for transitions) JSecurity is very flexible piece of software, and almost all you have to do is implement a Realm to hook it in into whatever you want. It is not an aggressive library, that is clearly proved by Nexus already: you can simply envelope a web application (in this case a Restlet Application that is run in ServletServer) into JSecurity with their SerlvetFilters almost without any changes (the simplest/static solution would need some web.xml tweaking and that's all!). You can grep some info from here too: https://docs.sonatype.com/display/NX/Nexus+Security+FAQ Hope helps, ~t~ -- View this message in context: http://n2.nabble.com/What-is-missing-from-Restlet--tp1449523p1572018.html Sent from the Restlet Discuss mailing list archive at Nabble.com.
Distributed Caching solution.
Among EHCache and Memcache which is the best one to choose for restful application to work with distributed caching? -- View this message in context: http://n2.nabble.com/Distributed-Caching-solution.-tp1572000p1572000.html Sent from the Restlet Discuss mailing list archive at Nabble.com.
Re: Guard suggestion
Hello,
For example you have an application where you want to display various
informations with different levels of information.
There is an interface to manage rules for authorizations. One of the rule
could be to authorize all users to access the resource or only authorized or
only specific users, etc.
It is up to the authorize method to trigger 401 responses...
Rémi
On Tue, Nov 18, 2008 at 09:34, Jerome Louvel [EMAIL PROTECTED]wrote:
Hi Rémi,
I have added your suggestion to the RFE mentioned by Stephan:
Refactor authentication and authorization
http://restlet.tigris.org/issues/show_bug.cgi?id=505
Do you have examples in mind where it would be nice to authorize
unauthenticated client requests ?
Best regards,
Jérôme Louvel
--
Restlet ~ Founder and Lead developer ~ http://www.restlet.org
Noelios Technologies ~ Co-founder ~ http://www.noelios.com
--
*De :* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *De la part de
* Rémi Dewitte
*Envoyé :* vendredi 14 novembre 2008 23:27
*À :* discuss@restlet.tigris.org
*Objet :* Re: Guard suggestion
It would also let the autorize() method to decide whether
AuthenticationMissing forbids the response or not.
For a resource, authorized clients might have more details for example.
Rémi
On Fri, Nov 14, 2008 at 21:17, Stephan Koops [EMAIL PROTECTED] wrote:
Hi Rémi,
You mean, that a client can authorize himself, but it is not required? I
think this is a good ideas. For browser applications I don't now, if
browsers could work with this.
The authentication should be reworked in the near future (I don't know te
current timetable for this). If your proposal is missing then, throw it into
the discussion again.
best regards
Stephan
Rémi Dewitte schrieb:
Hello all,
Let me make a suggestion about the Guard class.
It would allow the authorize method to make a decision even if no
authentication is present.
Why not adding an authorizeMissing attribute and change handling of
AUTHENTICATION_MISSING in doHandle method
from
challenge(response, false);
to
if(isAuthorizeMissing() authorize(request)){
accept(request, response);
}else{
challenge(response, false);
}
Cheers,
Rémi
Re: Distributed Caching solution.
I'm not qualified to say which one is best as I haven't used Memcache much, but I can say that I've used EHCache quite a lot within Restlet applications and am very happy with it. On Mon, Nov 24, 2008 at 8:10 AM, Gan123 [EMAIL PROTECTED] wrote: Among EHCache and Memcache which is the best one to choose for restful application to work with distributed caching? -- View this message in context: http://n2.nabble.com/Distributed-Caching-solution.-tp1572000p1572000.html Sent from the Restlet Discuss mailing list archive at Nabble.com.
calling PUT and DELETE
Hi, i am working on a web application using RESTlet, wanted to invoke PUT and DELETE. some time back when i am searching for restlet resources i came across one page where author discussing about invoking PUT and DELETE using ajax, can any one tell me what URL that is available or tell me how it can be done? Thanks in advance -- View this message in context: http://n2.nabble.com/calling-PUT-and-DELETE-tp1572179p1572179.html Sent from the Restlet Discuss mailing list archive at Nabble.com.
Re: calling PUT and DELETE
Hello, using the tunnelService (see http://www.restlet.org/documentation/1.1/api/org/restlet/service/TunnelService.html), you can invoke PUT and DELETE methods on a resource using a POST request and the method query parameter: For example, if your resource is http://example.com/my/resource, you can POST to http://example.com/my/resource?method=put. Best regards, Thierry Boileau -- Restlet ~ Core developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com Hi, i am working on a web application using RESTlet, wanted to invoke PUT and DELETE. some time back when i am searching for restlet resources i came across one page where author discussing about invoking PUT and DELETE using ajax, can any one tell me what URL that is available or tell me how it can be done? Thanks in advance
Re: calling PUT and DELETE
Or I think you can directly set your HTTP method to PUT or DELETE if you use XmlHttpRequest of Mozilla. On Mon, Nov 24, 2008 at 10:29 PM, Thierry Boileau [EMAIL PROTECTED] wrote: Hello, using the tunnelService (see http://www.restlet.org/documentation/1.1/api/org/restlet/service/TunnelService.html), you can invoke PUT and DELETE methods on a resource using a POST request and the method query parameter: For example, if your resource is http://example.com/my/resource, you can POST to http://example.com/my/resource?method=put. Best regards, Thierry Boileau -- Restlet ~ Core developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com Hi, i am working on a web application using RESTlet, wanted to invoke PUT and DELETE. some time back when i am searching for restlet resources i came across one page where author discussing about invoking PUT and DELETE using ajax, can any one tell me what URL that is available or tell me how it can be done? Thanks in advance -- Cheers, Keke - We paranoid love life
Re: Distributed Caching solution.
On Mon, Nov 24, 2008 at 09:03, Rob Heittman [EMAIL PROTECTED] wrote: I'm not qualified to say which one is best as I haven't used Memcache much, but I can say that I've used EHCache quite a lot within Restlet applications and am very happy with it. Likewise, but the converse: we use Memcached extensively and we're very pleased with it, but I don't think we've used EHCache. That said, I don't know if either one would be better than the other specifically for a RESTful application; I don't know why an application being RESTful would make a difference. I'd think that what an application does and what sort of data it maintains, and which use cases it's focused on, would matter far more. A quick Google search finds many pages discussing the question of EHCache vs Memcached; this one looks pretty good: http://www.hugotroche.com/my_weblog/2008/06/ehcache-vs-memc.html -- Avi Flax » Lead Technologist » Partner » Arc90 » http://arc90.com
