RE: Getting Restlet resources injected with Guice

[AJ Barnes - National Poisons Centre]

Hi Brian,

I've been using Guice for a while now. Was a bit tough getting started, but now 
is working quite well. I didn't go down the path of using finders. With our set 
up we generally have collections of items and then their entities (as is pretty 
standard). 

I started by creating an abstract resource class (imaginatively called 
"AbstractResource") than extended the Restlet Resource class. This included a 
static Injector field. Below this are the Collection and Entity resource 
classes. All of the resource classes will extend one of these three classes, 
and all have their own Interfaces.

When the program starts it creates the injector, and then explictly sets the 
Injector for AbstractResource, so that this is available on the "other side" of 
Restlet creating Resources. Whenever Restlet creates the new instance of a 
resource class one of the first things done by AbstractResource is to 
injectMembers into itself using the static injector. Ie Guice is used to set up 
the environment and start the Restlet Server running, then Restlet handles 
creating the correct resource, and then Guice continues with the work by using 
the original Injector.

The advantage is I can use then standard @ImplementedBy and @Inject 
annotations, and testing is just as easy as ever.

If you want to see some code (or some clarification on these ramblings), I can 
send some through (working on some tidying up now).

AJ

National Poisons Centre,
New Zealand

-Original Message-
From: Brian Williams [mailto:bwilli...@archer-group.com]
Sent: Sat 12/20/2008 5:41 AM
To: discuss@restlet.tigris.org
Subject: Getting Restlet resources injected with Guice
 
Hi Everyone.

I'm attempting to use Guice with Restlet to inject session beans from EJB3
so that unit and module testing will be easier down the road. I found this
helpful site with some code examples for getting started on this:

http://tembrel.blogspot.com/2008/07/resource-dependency-injection-in.html

 

However, now I'm at the part where I want to attach multiple routers to
different paths of my app. So my application looks something like:

 

FinderFactory factory = RestletGuice.createInjector(new
DelegateModule()).getInstance(FinderFactory.class);

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=988546<>

How to open a writer against the client

[Ido Blutman]

Hello Everyone,

I have a problem: I need to send as a response to the client a big XML file - 
can be even more than 30MB.

What I need, I suppose, is to open an output writer and send the xml file in 
chunks (if I try to read it all to the memory I get OutOfMemoryError and even 
if I will increase the vm memory it won't be a solution for many users in the 
same time).

Any advice how can I do it? for now I use the StringRepresentation but it 
doesn't work.

Thanks,

Ido

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=988795

how to redirect to another resource?

[renfeng]

I couldn't find a method to get the base url of ServerServlet. So it
is hardcoded. Any clue how to retrieve it from the runtime
environment? Thanks.

 String baseUrl = "/context-root/restlet-root";
 router.attach("res1", new Redirector(
   getContext(), baseUrl + "res2",
   Redirector.MODE_CLIENT_SEE_OTHER));


-- 
View this message in context: 
http://n2.nabble.com/how-to-redirect-to-another-resource--tp1689188p1689188.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=989486

Re: securing Restlet

[Rhett Sutphin]

On Dec 20, 2008, at 6:49 PM, Raif S. Naffah wrote:

> On Sunday 21 December 2008 09:05:46 Rhett Sutphin wrote:
>> On Dec 20, 2008, at 3:34 PM, Raif S. Naffah wrote:
>>> hello Stephan,
>>>
>>> On Sunday 21 December 2008 00:41:48 Stephan Koops wrote:
 Hi Raif,

 Another possibility to not require the browser login prompt  
 is to
 use an AJAX reqeust and set the credentials in it. I've
 implemented
 this, but I needed a new return status for it, because if the
 server
 returns 401 (authentication required / invald) to the client,
 then
 the browser would open a login prompt. If needed, a could
 attach it
 to issue 505

 It is also good, if it is allowed to have multiple  
 authentication
 mechanims allowed for one resource, e.g. with cookies as  
 descibed
 above for browsers and with a HTML authentiction for software
 clients, which requesting e.g. XML or JSON.
>>>
>>> correct me if i'm wrong but if the aim of the Authentication  
>>> is to
>>> assert "who are you" then your identity should be the same
>>> whatever
>>> Authentication mechanism was used.  in that respect _one_
>>> Authentication mechanism should be enough.  on the other hand,
>>> "what
>>> are you allowed to do" (incl. what type of Representation for a
>>> requested Resource) is the domain of Authorization. in that
>>> respect
>>> one (of potentially several conditions, incl. for example the
>>> time-of-day) for authorizing a type of Representation could be  
>>> the
>>> "grade" of the Authentication mechanism used to establish your
>>> identity; i.e. an Authentication mechanism based on a personal  
>>> X.
>>> 509
>>> Certificate has a higher grade than one based on non-encrypted
>>> user-name and password.
>>>
>>> what could be gained though from having an "aggregation/
>>> compounded"
>>> style of user-credentials gathering mechanisms would be to
>>> increase
>>> the trust in the established identity.  e.g. i would have more
>>> confidence in your identity if i can check your credentials from
>>> two
>>> separate sources; as a consequence i can then authorize you to  
>>> do
>>> more.
>>
>> Here I was not precise enough: I meant alternative authentication
>> mechanisms, not both must be passed.
>> If I use a software client (web service), than basic or digest is
>> fine, but if the client is a browser, than the cookie based may  
>> be
>> better, because it allows corporate design: I think, a reason for
>> not
>> using REST styled web apps in the commercial is, that
>> authentication
>> in corporate design is more difficult than with Servlets: If the
>> developer says to the manager: We have two alternatives: One  
>> allows
>> corporated design to be used easily, and the other options has
>> problems with it, what would he say? Right, he will say: "Use the
>> options which allows it".
>
> i see what you mean but just to clarify:  Cookies per se are not  
> an
> authentication mechanismbut a technique to maintain a state which
> could
> be used to claim previous alleged successful authentication.

 Right, I fully agree with you; that was my idea.

> even then, i see two problems with Cookies:
> (a) users can have their Browsers reject them,

 Yes, I know. That is really a problem.

> and (b) they contradict the REST principle (see section 6.3.4.2 of
> R.
> Fielding dissertation
> http://roy.gbiv.com/pubs/dissertation/evaluation.htm).

 You are right, that cookies produces problems, if they contain
 application state, e.g. to match a Servlet session. But IMO it is
 not a
 problem, if you only save, that the user is logged in and it's user
 name
 (perhaps secured by an additional crypto hash or something like
 that).

> i agree with you that allowing Restlet users/developers to plug-in
> their own customized log-in form where user credentials can be
> obtained
> will be a selling point.  this i think can be achieved by
> implementing
> in Restlet something similar to what the Servlet specs'  config>
> and  elements provide.

 And how do a Servlet Container check the authentication? It could
 only
 set a cookie or use a session and save it in the session. No we  
 have
 back the cookies, or - worse - a session.
>>>
>>> but doesn't the current Guard implementation obviate the need for  
>>> both
>>> sessions and cookies, and yet provide us with basic authentication?
>>> if yes,
>>> then a solution for providing customizable form-based login could be
>>> to
>>> extend its capabilities to allow declaring and re-directing to a
>>> resource
>>> URI to