Re: Vary: Authorization with Dimensions
Jerome,
Is this change going to be seen in the 1.0.x line? I was looking for it
in 1.0.2, but not seeing it. I need Vary: Authorization header support
as well (I need it for a different reason, however).
Also, due to lack of support, how do I add to Vary header? I'm calling:
Form myheaders = new Form();
myheaders.add(Vary, Authorization);
response.getAttributes.put(org.restlet.http.headers, myheaders);
However, it seems that the Vary header is overwritten somewhere else.
The actual header coming off the server ends up being:
Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
I'm missing the Authorization part. Where is this Vary header being
generated?
Thanks,
Adam
Jerome Louvel wrote:
Hi Stian,
Excellent idea. I have added a Dimension.AUTHORIZATION enum entry and
supported it in the HTTP client and server connectors. Checked in SVN trunk.
Best regards,
Jerome
-Message d'origine-
De : Stian Soiland [mailto:[EMAIL PROTECTED]
Envoyé : lundi 11 juin 2007 22:44
À : discuss@restlet.tigris.org
Objet : Vary: Authorization with Dimensions
After a discussion on rest-discuss[1] we came to some
conclusion that
a clean way for a client to find it's own user resource based
on it's
authentication would ideally be something like:
GET /users;current (or HEAD)
Authorization: (basic: stain:)
307 Temporary redirect
Location: /users/stain
Vary: Authorization
Cache-Control: private
So the resource /users;current varies by Authorization (it is put
behind a userguard to require auth), and it redirects to whatever is
the current user's home.
(Vary says which headers in the client's request will make the
response vary, typically Accept-Charset etc.)
Now I can't set the Vary header manually (it's one of the restricted
headers), but Restlet provides a property called Dimensions for this
purpose. The closest I could get was:
public class CurrentUserResource extends Resource {
public CurrentUserResource(Context context, Request
req, Response
response) {
super(context, req, response);
}
private static URIFactory uriFactory = URIFactory.getInstance();
@Override
public void handleGet() {
// Set headers to indicate that this
redirection is only valid with
// current Authorization
Form additionalHeaders = new Form();
additionalHeaders.add(Cache-Control, private);
// FIXME: Should be able to do Vary:
Authorization instead of *
//additionalHeaders.add(Vary, Authorization);
getResponse().getDimensions().add(Dimension.UNSPECIFIED);
getResponse().getAttributes().put(HttpConstants.ATTRIBUTE_HEADERS,
additionalHeaders);
User user =
(User) getContext().getAttributes().get(
UserGuard.AUTHENTICATED_USER);
getResponse().redirectTemporary(uriFactory.getURI(user));
}
}
However Dimension.UNSPECIFIED would send a Vary: * so that all
headers cause vary, but it's only Authorization that does.
Is it possible to add Vary: Authorized in some other way? The
current Dimension enum doesn't have anything close.
Using:
additionalHeaders.add(Vary, Authorization);
gives:
WARNING: Addition of the standard header Vary is not allowed.
Please use the Restlet API instead.
(even if getResponse().getDimensions() is empty, as when using
handleGet())
[1] http://tech.groups.yahoo.com/group/rest-discuss/message/8464
--
Stian Soiland, myGrid team
School of Computer Science
The University of Manchester
http://www.cs.man.ac.uk/~ssoiland/
RE: Vary: Authorization with Dimensions
Hi Adam,
As the new Dimension required an API change, it will only go into version
1.1. The Vary header is currently generated inside the HTTP connector by
looking at the Response.dimensions property value.
There is already a stable snapshot of Restlet 1.1 available:
http://www.restlet.org/downloads/1.1/current.zip
If you are not planning to go into production soon, this could be a good
basis for development.
Best regards,
Jerome
-Message d'origine-
De : Adam Taft [mailto:[EMAIL PROTECTED]
Envoyé : dimanche 8 juillet 2007 08:15
À : discuss@restlet.tigris.org
Objet : Re: Vary: Authorization with Dimensions
Jerome,
Is this change going to be seen in the 1.0.x line? I was
looking for it
in 1.0.2, but not seeing it. I need Vary: Authorization
header support
as well (I need it for a different reason, however).
Also, due to lack of support, how do I add to Vary header?
I'm calling:
Form myheaders = new Form();
myheaders.add(Vary, Authorization);
response.getAttributes.put(org.restlet.http.headers, myheaders);
However, it seems that the Vary header is overwritten somewhere else.
The actual header coming off the server ends up being:
Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
I'm missing the Authorization part. Where is this Vary
header being
generated?
Thanks,
Adam
Jerome Louvel wrote:
Hi Stian,
Excellent idea. I have added a Dimension.AUTHORIZATION enum
entry and
supported it in the HTTP client and server connectors.
Checked in SVN trunk.
Best regards,
Jerome
-Message d'origine-
De : Stian Soiland [mailto:[EMAIL PROTECTED]
Envoyé : lundi 11 juin 2007 22:44
À : discuss@restlet.tigris.org
Objet : Vary: Authorization with Dimensions
After a discussion on rest-discuss[1] we came to some
conclusion that
a clean way for a client to find it's own user resource based
on it's
authentication would ideally be something like:
GET /users;current (or HEAD)
Authorization: (basic: stain:)
307 Temporary redirect
Location: /users/stain
Vary: Authorization
Cache-Control: private
So the resource /users;current varies by Authorization (it is put
behind a userguard to require auth), and it redirects to
whatever is
the current user's home.
(Vary says which headers in the client's request will make the
response vary, typically Accept-Charset etc.)
Now I can't set the Vary header manually (it's one of the
restricted
headers), but Restlet provides a property called
Dimensions for this
purpose. The closest I could get was:
public class CurrentUserResource extends Resource {
public CurrentUserResource(Context context, Request
req, Response
response) {
super(context, req, response);
}
private static URIFactory uriFactory = URIFactory.getInstance();
@Override
public void handleGet() {
// Set headers to indicate that this
redirection is only valid with
// current Authorization
Form additionalHeaders = new Form();
additionalHeaders.add(Cache-Control, private);
// FIXME: Should be able to do Vary:
Authorization instead of *
//additionalHeaders.add(Vary, Authorization);
getResponse().getDimensions().add(Dimension.UNSPECIFIED);
getResponse().getAttributes().put(HttpConstants.ATTRIBUTE_HEADERS,
additionalHeaders);
User user =
(User) getContext().getAttributes().get(
UserGuard.AUTHENTICATED_USER);
getResponse().redirectTemporary(uriFactory.getURI(user));
}
}
However Dimension.UNSPECIFIED would send a Vary: * so that all
headers cause vary, but it's only Authorization that does.
Is it possible to add Vary: Authorized in some other way? The
current Dimension enum doesn't have anything close.
Using:
additionalHeaders.add(Vary, Authorization);
gives:
WARNING: Addition of the standard header Vary is not allowed.
Please use the Restlet API instead.
(even if getResponse().getDimensions() is empty, as when using
handleGet())
[1] http://tech.groups.yahoo.com/group/rest-discuss/message/8464
--
Stian Soiland, myGrid team
School of Computer Science
The University of Manchester
http://www.cs.man.ac.uk/~ssoiland/
RE: Vary: Authorization with Dimensions
Hi Stian,
Excellent idea. I have added a Dimension.AUTHORIZATION enum entry and
supported it in the HTTP client and server connectors. Checked in SVN trunk.
Best regards,
Jerome
-Message d'origine-
De : Stian Soiland [mailto:[EMAIL PROTECTED]
Envoyé : lundi 11 juin 2007 22:44
À : discuss@restlet.tigris.org
Objet : Vary: Authorization with Dimensions
After a discussion on rest-discuss[1] we came to some
conclusion that
a clean way for a client to find it's own user resource based
on it's
authentication would ideally be something like:
GET /users;current (or HEAD)
Authorization: (basic: stain:)
307 Temporary redirect
Location: /users/stain
Vary: Authorization
Cache-Control: private
So the resource /users;current varies by Authorization (it is put
behind a userguard to require auth), and it redirects to whatever is
the current user's home.
(Vary says which headers in the client's request will make the
response vary, typically Accept-Charset etc.)
Now I can't set the Vary header manually (it's one of the restricted
headers), but Restlet provides a property called Dimensions for this
purpose. The closest I could get was:
public class CurrentUserResource extends Resource {
public CurrentUserResource(Context context, Request
req, Response
response) {
super(context, req, response);
}
private static URIFactory uriFactory = URIFactory.getInstance();
@Override
public void handleGet() {
// Set headers to indicate that this
redirection is only valid with
// current Authorization
Form additionalHeaders = new Form();
additionalHeaders.add(Cache-Control, private);
// FIXME: Should be able to do Vary:
Authorization instead of *
//additionalHeaders.add(Vary, Authorization);
getResponse().getDimensions().add(Dimension.UNSPECIFIED);
getResponse().getAttributes().put(HttpConstants.ATTRIBUTE_HEADERS,
additionalHeaders);
User user =
(User) getContext().getAttributes().get(
UserGuard.AUTHENTICATED_USER);
getResponse().redirectTemporary(uriFactory.getURI(user));
}
}
However Dimension.UNSPECIFIED would send a Vary: * so that all
headers cause vary, but it's only Authorization that does.
Is it possible to add Vary: Authorized in some other way? The
current Dimension enum doesn't have anything close.
Using:
additionalHeaders.add(Vary, Authorization);
gives:
WARNING: Addition of the standard header Vary is not allowed.
Please use the Restlet API instead.
(even if getResponse().getDimensions() is empty, as when using
handleGet())
[1] http://tech.groups.yahoo.com/group/rest-discuss/message/8464
--
Stian Soiland, myGrid team
School of Computer Science
The University of Manchester
http://www.cs.man.ac.uk/~ssoiland/
