Re: Vary: Authorization with Dimensions
Jerome, Is this change going to be seen in the 1.0.x line? I was looking for it in 1.0.2, but not seeing it. I need Vary: Authorization header support as well (I need it for a different reason, however). Also, due to lack of support, how do I add to Vary header? I'm calling: Form myheaders = new Form(); myheaders.add(Vary, Authorization); response.getAttributes.put(org.restlet.http.headers, myheaders); However, it seems that the Vary header is overwritten somewhere else. The actual header coming off the server ends up being: Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept I'm missing the Authorization part. Where is this Vary header being generated? Thanks, Adam Jerome Louvel wrote: Hi Stian, Excellent idea. I have added a Dimension.AUTHORIZATION enum entry and supported it in the HTTP client and server connectors. Checked in SVN trunk. Best regards, Jerome -Message d'origine- De : Stian Soiland [mailto:[EMAIL PROTECTED] Envoyé : lundi 11 juin 2007 22:44 À : discuss@restlet.tigris.org Objet : Vary: Authorization with Dimensions After a discussion on rest-discuss[1] we came to some conclusion that a clean way for a client to find it's own user resource based on it's authentication would ideally be something like: GET /users;current (or HEAD) Authorization: (basic: stain:) 307 Temporary redirect Location: /users/stain Vary: Authorization Cache-Control: private So the resource /users;current varies by Authorization (it is put behind a userguard to require auth), and it redirects to whatever is the current user's home. (Vary says which headers in the client's request will make the response vary, typically Accept-Charset etc.) Now I can't set the Vary header manually (it's one of the restricted headers), but Restlet provides a property called Dimensions for this purpose. The closest I could get was: public class CurrentUserResource extends Resource { public CurrentUserResource(Context context, Request req, Response response) { super(context, req, response); } private static URIFactory uriFactory = URIFactory.getInstance(); @Override public void handleGet() { // Set headers to indicate that this redirection is only valid with // current Authorization Form additionalHeaders = new Form(); additionalHeaders.add(Cache-Control, private); // FIXME: Should be able to do Vary: Authorization instead of * //additionalHeaders.add(Vary, Authorization); getResponse().getDimensions().add(Dimension.UNSPECIFIED); getResponse().getAttributes().put(HttpConstants.ATTRIBUTE_HEADERS, additionalHeaders); User user = (User) getContext().getAttributes().get( UserGuard.AUTHENTICATED_USER); getResponse().redirectTemporary(uriFactory.getURI(user)); } } However Dimension.UNSPECIFIED would send a Vary: * so that all headers cause vary, but it's only Authorization that does. Is it possible to add Vary: Authorized in some other way? The current Dimension enum doesn't have anything close. Using: additionalHeaders.add(Vary, Authorization); gives: WARNING: Addition of the standard header Vary is not allowed. Please use the Restlet API instead. (even if getResponse().getDimensions() is empty, as when using handleGet()) [1] http://tech.groups.yahoo.com/group/rest-discuss/message/8464 -- Stian Soiland, myGrid team School of Computer Science The University of Manchester http://www.cs.man.ac.uk/~ssoiland/
RE: Vary: Authorization with Dimensions
Hi Adam, As the new Dimension required an API change, it will only go into version 1.1. The Vary header is currently generated inside the HTTP connector by looking at the Response.dimensions property value. There is already a stable snapshot of Restlet 1.1 available: http://www.restlet.org/downloads/1.1/current.zip If you are not planning to go into production soon, this could be a good basis for development. Best regards, Jerome -Message d'origine- De : Adam Taft [mailto:[EMAIL PROTECTED] Envoyé : dimanche 8 juillet 2007 08:15 À : discuss@restlet.tigris.org Objet : Re: Vary: Authorization with Dimensions Jerome, Is this change going to be seen in the 1.0.x line? I was looking for it in 1.0.2, but not seeing it. I need Vary: Authorization header support as well (I need it for a different reason, however). Also, due to lack of support, how do I add to Vary header? I'm calling: Form myheaders = new Form(); myheaders.add(Vary, Authorization); response.getAttributes.put(org.restlet.http.headers, myheaders); However, it seems that the Vary header is overwritten somewhere else. The actual header coming off the server ends up being: Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept I'm missing the Authorization part. Where is this Vary header being generated? Thanks, Adam Jerome Louvel wrote: Hi Stian, Excellent idea. I have added a Dimension.AUTHORIZATION enum entry and supported it in the HTTP client and server connectors. Checked in SVN trunk. Best regards, Jerome -Message d'origine- De : Stian Soiland [mailto:[EMAIL PROTECTED] Envoyé : lundi 11 juin 2007 22:44 À : discuss@restlet.tigris.org Objet : Vary: Authorization with Dimensions After a discussion on rest-discuss[1] we came to some conclusion that a clean way for a client to find it's own user resource based on it's authentication would ideally be something like: GET /users;current (or HEAD) Authorization: (basic: stain:) 307 Temporary redirect Location: /users/stain Vary: Authorization Cache-Control: private So the resource /users;current varies by Authorization (it is put behind a userguard to require auth), and it redirects to whatever is the current user's home. (Vary says which headers in the client's request will make the response vary, typically Accept-Charset etc.) Now I can't set the Vary header manually (it's one of the restricted headers), but Restlet provides a property called Dimensions for this purpose. The closest I could get was: public class CurrentUserResource extends Resource { public CurrentUserResource(Context context, Request req, Response response) { super(context, req, response); } private static URIFactory uriFactory = URIFactory.getInstance(); @Override public void handleGet() { // Set headers to indicate that this redirection is only valid with // current Authorization Form additionalHeaders = new Form(); additionalHeaders.add(Cache-Control, private); // FIXME: Should be able to do Vary: Authorization instead of * //additionalHeaders.add(Vary, Authorization); getResponse().getDimensions().add(Dimension.UNSPECIFIED); getResponse().getAttributes().put(HttpConstants.ATTRIBUTE_HEADERS, additionalHeaders); User user = (User) getContext().getAttributes().get( UserGuard.AUTHENTICATED_USER); getResponse().redirectTemporary(uriFactory.getURI(user)); } } However Dimension.UNSPECIFIED would send a Vary: * so that all headers cause vary, but it's only Authorization that does. Is it possible to add Vary: Authorized in some other way? The current Dimension enum doesn't have anything close. Using: additionalHeaders.add(Vary, Authorization); gives: WARNING: Addition of the standard header Vary is not allowed. Please use the Restlet API instead. (even if getResponse().getDimensions() is empty, as when using handleGet()) [1] http://tech.groups.yahoo.com/group/rest-discuss/message/8464 -- Stian Soiland, myGrid team School of Computer Science The University of Manchester http://www.cs.man.ac.uk/~ssoiland/
RE: Vary: Authorization with Dimensions
Hi Stian, Excellent idea. I have added a Dimension.AUTHORIZATION enum entry and supported it in the HTTP client and server connectors. Checked in SVN trunk. Best regards, Jerome -Message d'origine- De : Stian Soiland [mailto:[EMAIL PROTECTED] Envoyé : lundi 11 juin 2007 22:44 À : discuss@restlet.tigris.org Objet : Vary: Authorization with Dimensions After a discussion on rest-discuss[1] we came to some conclusion that a clean way for a client to find it's own user resource based on it's authentication would ideally be something like: GET /users;current (or HEAD) Authorization: (basic: stain:) 307 Temporary redirect Location: /users/stain Vary: Authorization Cache-Control: private So the resource /users;current varies by Authorization (it is put behind a userguard to require auth), and it redirects to whatever is the current user's home. (Vary says which headers in the client's request will make the response vary, typically Accept-Charset etc.) Now I can't set the Vary header manually (it's one of the restricted headers), but Restlet provides a property called Dimensions for this purpose. The closest I could get was: public class CurrentUserResource extends Resource { public CurrentUserResource(Context context, Request req, Response response) { super(context, req, response); } private static URIFactory uriFactory = URIFactory.getInstance(); @Override public void handleGet() { // Set headers to indicate that this redirection is only valid with // current Authorization Form additionalHeaders = new Form(); additionalHeaders.add(Cache-Control, private); // FIXME: Should be able to do Vary: Authorization instead of * //additionalHeaders.add(Vary, Authorization); getResponse().getDimensions().add(Dimension.UNSPECIFIED); getResponse().getAttributes().put(HttpConstants.ATTRIBUTE_HEADERS, additionalHeaders); User user = (User) getContext().getAttributes().get( UserGuard.AUTHENTICATED_USER); getResponse().redirectTemporary(uriFactory.getURI(user)); } } However Dimension.UNSPECIFIED would send a Vary: * so that all headers cause vary, but it's only Authorization that does. Is it possible to add Vary: Authorized in some other way? The current Dimension enum doesn't have anything close. Using: additionalHeaders.add(Vary, Authorization); gives: WARNING: Addition of the standard header Vary is not allowed. Please use the Restlet API instead. (even if getResponse().getDimensions() is empty, as when using handleGet()) [1] http://tech.groups.yahoo.com/group/rest-discuss/message/8464 -- Stian Soiland, myGrid team School of Computer Science The University of Manchester http://www.cs.man.ac.uk/~ssoiland/