Re: Just a test: Full compatibility with the Maven build system
hello JY, this is a good effort and i'm willing to help in the migration if the project maintainers are willing to make the switch. On Thursday 25 December 2008 03:04:11 JY wrote: Here a exemple of Restlet Maven Site generated: http://jycronier.free.fr/tmp/restlet-maven-site/ - Global JavaDoc http://jycronier.free.fr/tmp/restlet-maven-site/apidocs/index.html - Code coverage (Cobertura) Example with org.restlet Core API: http://jycronier.free.fr/tmp/restlet-maven-site/org.restlet/cobertura/ind ex.html (This report isn't representative because Unit Tests aren't move in their respective projects) - Static analysis of code (PDM) Example with org.restlet Core API: http://jycronier.free.fr/tmp/restlet-maven-site/org.restlet/pmd.html - HTML cross reference sources http://jycronier.free.fr/tmp/restlet-maven-site/xref/index.html - Global Dashboard of results http://jycronier.free.fr/tmp/restlet-maven-site/dashboard-report.html (This report isn't representative because Unit Tests aren't move in their respective projects) I will remove these pages in very few months JY a écrit : Restlet uses Ant to build the entire project and modules. And it works pretty well! :-) It's very difficult for me to compare actual huge and complex Restlet Ant build system with a Maven's one because I never use ant for big projects like Restlet. And I know too much of Maven to be objective! ;) So, let's the community have an opinion. So, I begin a little migration of project's structure to be more compliant: - remove number version on extension project folder (ex: org.restlet.ext.atom_1.0 - org.restlet.ext.atom) - Move all Java source from /src to /src/main/java - Move all other than Java source from /src to /src/main/resources - Create a parent pom.xml to define all common properties (specially for the maven site generation) - Move pom from build/tmpl/poms to their respective project - Copy (quick and dirty way) properties to pom.xml Now, simple command mvn package make packaging of each extensions. In attachments, you can find an export of modified project (only folder modules from commit 4070) and the mvn site will generate automatically from sources (mvn site) : - Global JavaDoc - Code coverage (Cobertura) - Static analysis of code (PDM) - HTML cross reference sources - Global Dashboard of results - Etc … Other works can be performed: - Use of Maven Tycho (http://docs.codehaus.org/display/M2ECLIPSE/Tycho+user+docs) : * Automatic build of OSGi bundle * No need of dependency declarations in pom.xml (MANIFEST.MF is enough) - Move Unit tests under each modules - Finish moving no-Java files to: src/resources - Continuous integration (ex: Continuum, Cruise Control or Hudson?) Merry Christmas!!! :) -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId= 991625 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=99 1696 -- cheers; rsn -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=994219 signature.asc Description: This is a digitally signed message part.
RE: Solr integration
Hi all, Providing Lucene-based search/indexing features sounds like a generic and very useful feature. If the best way to facilitate this integration in Restlet is to leverage Solr, then we should definitely consider a new Restlet extension. I've created a RFE to track this idea: Add support for Lucene/Solr http://restlet.tigris.org/issues/show_bug.cgi?id=697 Rémi, could you describe how your client connector works? Which use cases does it handle? Best regards, Jérôme Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org/ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com/ http://www.noelios.com _ De : Ben Johnson [mailto:ben.john...@jandpconsulting.co.uk] Envoyé : vendredi 26 décembre 2008 19:23 À : discuss@restlet.tigris.org Objet : Re: Solr integration Hi Rémi I have been considering using Solr with Tika ( http://lucene.grantingersoll.com/2008/12/06/tika-and-solr/ http://lucene.grantingersoll.com/2008/12/06/tika-and-solr/) to index text-based documents - mainly PDF I think - with associated XML 'metadata' documents (which would also be indexed with Solr) via Restlet, so I would be interested in what you have come up with. I have been trying to set this up in a Geronimo-Jetty environment, but running into a few issues (such as how to deploy to Solr via the Geronimo admin web page - I'm very new to all this). From what I understand, although Tika has been integrated into Solr, it is scheduled for Solr 1.4 which has not been released yet, so I need to get the latest Solr source code and build that to get this integration - not sure if you've looked into that or not. Cheers Ben From: Rémi Dewitte mailto:r...@gide.net Sent: Friday, December 26, 2008 1:45 PM To: discuss@restlet.tigris.org Subject: Solr integration Hello, While doing some cleanup to contribute to the authentication work, I thought I could give a restlet integration of Solr http://lucene.apache.org/solr/ . Basically it is a ClientHelper handling solr://... request. I just need to know whether someone is interested in it. Cheers, Rémi -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=994299
Re: Guarding multiple Resources
Hi Mohamed, you have to attach the Router to the Guard, not the resource classses. best regards Stephan Mohamed Abdel-Aziz Bayoumi schrieb: Hi, Is there a way i can use to get the same guard object protecting multiple resources ? i tried using this but without hope @Override public synchronized Restlet createRoot() { Router router = new Router(getContext()); Guard testGuard = new Guard(getContext(), ChallengeScheme.HTTP_BASIC, Adding Access Control); testGuard.getSecrets().put(uname,passwd.toCharArray()); testGuard.setNext(FileUploader.class); testGuard.setNext(FileDownloader.class); testGuard.setNext(MainPage.class); // Defines routes router.attach(/myapp/main, testGuard); router.attach(/obama/uploadfile, testGuard); router.attach(/obama/getfile, testGuard); return router; } that didn't work of course, i need to know how to do it (may be via a realm, but i don't know how to define realms) Thanks -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=994300
RE: Just a test: Full compatibility with the Maven build system
Hi Jean-Yves, Thanks for taking time to provide a concrete example of how this Maven support could work for Restlet building. I agree that usage of Maven would have several nice advantages like using a common structure facilitating contribution from new developers, having a more compact build script, all POM-based features, easier dependency management, etc. However, Maven does come with its issues and a certain level of complexity. The management of dependencies can become difficult as well (for example when you rely on artifact not available in public Maven repositories or without Internet connectivity). I also have my issues with the usability of the Maven sites layout which is standardized but hard to navigate: where are those damn Javadocs!! :). For this I prefer the custom Restlet.org web site that we produce using custom Ant scripts. In the past, I also encountered many issues with Eclipse integration, the flat structure required by Eclipse (this you were able to solve!) and the fact that Eclipse projects generated from the POM aren't OSGi plugins (with proper plugin dependencies instead). I see that Tycho might now be able to solve those points which sounds promising. Also, I recently saw a demonstration of Eclipse Buckminster and was impressed by its clever design: http://www.eclipse.org/buckminster/. It is comparable to Maven and Ivy and can plays nicely with Maven repositories for dependency management, but also with raw download sites. Even though I'm still not personally convinced of making such a move, I have created a RFE to keep track of it: Reconsider using Maven for build http://restlet.tigris.org/issues/show_bug.cgi?id=698 I have targeted it for Restlet 2.0 to give it time to mature. Let's continue the debate! Best regards, Jérôme Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com -Message d'origine- De : Raif S. Naffah [mailto:tig...@naffah-raif.name] Envoyé : dimanche 28 décembre 2008 09:08 À : discuss@restlet.tigris.org Cc : JY Objet : Re: Just a test: Full compatibility with the Maven build system hello JY, this is a good effort and i'm willing to help in the migration if the project maintainers are willing to make the switch. On Thursday 25 December 2008 03:04:11 JY wrote: Here a exemple of Restlet Maven Site generated: http://jycronier.free.fr/tmp/restlet-maven-site/ - Global JavaDoc http://jycronier.free.fr/tmp/restlet-maven-site/apidocs/index.html - Code coverage (Cobertura) Example with org.restlet Core API: http://jycronier.free.fr/tmp/restlet-maven-site/org.restlet/cobertura/ind ex.html (This report isn't representative because Unit Tests aren't move in their respective projects) - Static analysis of code (PDM) Example with org.restlet Core API: http://jycronier.free.fr/tmp/restlet-maven-site/org.restlet/pmd.html - HTML cross reference sources http://jycronier.free.fr/tmp/restlet-maven-site/xref/index.html - Global Dashboard of results http://jycronier.free.fr/tmp/restlet-maven-site/dashboard-report.html (This report isn't representative because Unit Tests aren't move in their respective projects) I will remove these pages in very few months JY a écrit : Restlet uses Ant to build the entire project and modules. And it works pretty well! :-) It's very difficult for me to compare actual huge and complex Restlet Ant build system with a Maven's one because I never use ant for big projects like Restlet. And I know too much of Maven to be objective! ;) So, let's the community have an opinion. So, I begin a little migration of project's structure to be more compliant: - remove number version on extension project folder (ex: org.restlet.ext.atom_1.0 - org.restlet.ext.atom) - Move all Java source from /src to /src/main/java - Move all other than Java source from /src to /src/main/resources - Create a parent pom.xml to define all common properties (specially for the maven site generation) - Move pom from build/tmpl/poms to their respective project - Copy (quick and dirty way) properties to pom.xml Now, simple command mvn package make packaging of each extensions. In attachments, you can find an export of modified project (only folder modules from commit 4070) and the mvn site will generate automatically from sources (mvn site) : - Global JavaDoc - Code coverage (Cobertura) - Static analysis of code (PDM) - HTML cross reference sources - Global Dashboard of results - Etc … Other works can be performed: - Use of Maven Tycho (http://docs.codehaus.org/display/M2ECLIPSE/Tycho+user+docs) : * Automatic build of OSGi bundle * No need of dependency declarations in pom.xml (MANIFEST.MF is enough) - Move Unit tests under each modules - Finish moving no-Java files to: src/resources - Continuous integration (ex: Continuum,
RE: securing Restlet
Hi Raif, Cool! Regarding the SecurityManager, this won't be part of Restlet 1.2 but I think it is an important aspect of the overall Restlet security domain (authorization enforcement) so I like to keep in the context. However, I have separated RFEs on the page between high priority ones (Restlet 1.2 ideally) or others. Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com -Message d'origine- De : Raif S. Naffah [mailto:tig...@naffah-raif.name] Envoye : vendredi 26 decembre 2008 11:42 A : discuss@restlet.tigris.org Cc : Jerome Louvel Objet : Re: securing Restlet hello Jerome, On Friday 26 December 2008 20:14:02 Jerome Louvel wrote: Hi Raif, This is a good start. We have a page on the developers' wiki that should be used during this refactoring project. I have updated it based on the issues and discussions you have selected, extending to all other I could find. Security refactoring http://wiki.restlet.org/developers/172-restlet/212-restlet.html You should create an account on the wiki, and then update the page (section Analysis/Synthesis, with the main points you have reported below. See instructions to register here: Restlet Wiki Site http://wiki.restlet.org/about/2-restlet.html account created and Docs Author karma granted. thanks! the page as it stands is very comprehensive and IMO does not need at this stage any amendments since it already addresses all the points raised. if i could make one suggestion it would be to separate the work on the SecurityManager (and associated policy file) from the Authentication and Authorization aspects since these two tasks can be done in parallel. Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com -Message d'origine- De : Raif S. Naffah [mailto:tig...@naffah-raif.name] Envoye : jeudi 18 decembre 2008 10:34 A : discuss@restlet.tigris.org Objet : securing Restlet hello all, as a follow up to my original post re. contributing to the project (see http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=98 1057), and after digesting the suggestions and responses that followed, here's a summary of the discussion threads and issues (see list at the end) related to the above subject i was able to find to-date. pls. let me know if i missed, mis-interpreted, or overlooked anything pertaining to the issue: * there's a recognized need for better, more pluggable authentication and authorization (AA) capabilities within the Restlet project. * successful integration with both Spring Security (Acegi Security http://acegisecurity.org/) and JSecurity (http://jsecurity.org/) were reported. * the Guard class does not seem to always suit developers' needs when it comes to integrating external security libraries to offer AA capabilities. Filter was used successfully and Resolver was suggested for authorization needs beyond URIs. * there was no direct mention about securing the Restlet library code itself separately from users application; e.g. if using the Java SE Security what would be a conservative security policy and permissions to use/grant. * it's unclear (to me at least) whether the desired outcome is to integrate one (of many) external security library, or build within Restlet a commons layer and artifacts (configuration data) to allow (and map to) different ones. the other two subjects mentioned in the other post remain of interest to me as well. i look forward to the input of the project maintainers. references: [D1] Spring Security Integration http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=40 454 [D2] Restlet Servlet and Security http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=58 357 [D3] Re: What is missing from Restlet? http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=94 828 http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=95 151 [D4] Security Issues with Dynamic Loading of Applications? http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=96 3302 [I264] Support Spring Security http://restlet.tigris.org/issues/show_bug.cgi?id=264 [I505] Refactor authentication and authorization http://restlet.tigris.org/issues/show_bug.cgi?id=505 [I658] Add support for JSecurity http://restlet.tigris.org/issues/show_bug.cgi?id=658 -- cheers; rsn -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=992872 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=994453
RE: securing Restlet
Hi Rémi, That sounds like a great contribution. Maybe we should try to integrate your solution with Rob's CookieUtility for the cookie generation. Isn't his solution more robust that your simple timestamp? Let me know if there is any issue with the JCA. Otherwise, could you attach the source code directly to the RFE so we can have a closer look at your design to further discuss it? Best regards, Jérôme Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org/ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com/ http://www.noelios.com _ De : remidewi...@gmail.com [mailto:remidewi...@gmail.com] De la part de Rémi Dewitte Envoyé : vendredi 26 décembre 2008 14:39 À : discuss@restlet.tigris.org Objet : Re: securing Restlet Jerome, I will do all the necessary to allow the code to be integrated as soon as possible. A little description of what I will submit. Few lines to describe a little bit more what's in the CookieGuard : - guard intercepts /login and /logout path requests, the behaviour is of customizable - on /login, it performs authentication thanks to the SecretResolver and set a ChallengeResponse to the request - on /logout, make the cookie expires now - on any other request, try to decrypt the cookie and set a ChallengeResponse to the request What's in the cookie = value of the cookie ? - the username - a timestamp We could embed even more information from the client but i don't really think it is necessary. Is it secure ? - Yes the value is encrypted thanks to a Cipher (from JRE), making difficult to read values embedded in the cookie. - timestamp embedded in the cookie allows to check for expiration serverside without storing anything, making difficult to exploit a stolen cookie for a long time. Client is responsible from maintaining the state. It is stateless. It is fast. In the code you can also find some code to read (and write) passwords from a standard htpasswd file addressing in a different way issue 485 http://restlet.tigris.org/issues/show_bug.cgi?id=485 . Also my authoriseMissing suggestion renamed as optionalAuthentication in the code. Rémi On Fri, Dec 26, 2008 at 11:05, Jerome Louvel jerome.lou...@noelios.com wrote: Hi Stephan, I've added a link from the RFE to Remi's implementation: Support cookie based authentication http://restlet.tigris.org/issues/show_bug.cgi?id=605 However, we would need Remi to offer his implementation to Restlet code base in order to consider this integration. Remi, see this page if you are interested in contributing your code: http://www.restlet.org/community/contribute Also, Rob Heittman previously a CookieUtility class to the public domain: http://gogoego.googlecode.com/svn/trunk/modules/RestletFoundation/src/com/solertium/container/CookieUtility.java Best regards, Jérôme Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com -Message d'origine- De : Stephan Koops [mailto:stephan.ko...@web.de] Envoyé : lundi 22 décembre 2008 19:32 À : discuss@restlet.tigris.org Objet : Re: securing Restlet Hi Rémi, cool. Jerome, Thierry: Could we add it to the code base, if the security is refactored? best regards Stephan I have made a cookie authentication for restlet. Here is the code. Few things might not be clean but it works quite fine. I hope it helps. Rémi ___ Täglich 1.000.000 Euro gewinnen! Jetzt kostenlos WEB.DE MillionenKlick spielen! https://millionenklick.web.de/?mc=m...@footer.mklick@home -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447 http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=989993 dsMessageId=989993 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447 http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=992857 dsMessageId=992857 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=994461
Re: Just a test: Full compatibility with the Maven build system
Thanks for the cool links, Jerome, the review and the RFE, this gave me some good pros and cons to consider for improving my own building situation. I cc'ed myself on the RFE -- sign me up to help work on this. May I suggest a change to the RFE from reconsider using Maven for build to Alternatives to Ant for build to incorporate looking at Buckminster, Tycho, etc. at the same time? On Sun, Dec 28, 2008 at 8:03 AM, Jerome Louvel jerome.lou...@noelios.comwrote: Also, I recently saw a demonstration of Eclipse Buckminster and was impressed by its clever design: http://www.eclipse.org/buckminster/. It is comparable to Maven and Ivy and can plays nicely with Maven repositories for dependency management, but also with raw download sites. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=994599