Restlet SSL and Weblogic (even tomcat would help)
Hello, I am trying to deploy a Restlet application as a Servlet to weblogic using SSL for authentication and authorization. I have successfully gotten the SSL authentication to work with my Restlet, running it as a Java application using the default Jetty container. Now I'm trying to deploy it to weblogic. I am trying to use mutual authentication. I have client and server keystores and a trustore for each. I used OpenSSL to create a certificate authority and have signed client and server certificates correctly imported into their respective truststores. I have the SSL code used for the class that extends org.restlet.Application. That class gets associated with the necessary org.restlet.application context-param in the web.xml when trying to configure the servlet(see it below the code). Besides A)The code in the class below that extends Application B)The content of the web.xml that follows the class C)Adding a user with a username that matches that of the distinguished name of the client certificate Should I have to do anything else? I have a client(using the HttpsUrlConnection class) that successfully connects when running it as a Java Application in the default Jetty Container, but it doesn't connect to what I am trying to deploy in Weblogic. I get the old "connection refused" message using the -Djava.net.debug=all switch at the command like (for the client) and it doesn't looking like it's getting into the server side of the handshake. Is There anything else I am missing that anyone on here can think of or can you provide a link to any tutorials deploying Restlets as a Servlet on any web container(Tomcat?) using SSL (besides the default Jetty setup). Thanks! public class ServiceApplication extends org.restlet.Application { . . . //This all works fine running it as a Java Application using the built in Jetty container. Properties properies = getConfiguredProperties(): Server server = getServers().add(Protocol.HTTPS, port); Context context = server.getContext(); context.getParameters() .add("keystorePath", properties.getProperty("serverKeystorePath")); context.getParameters() .add("keystorePassword", properties.getProperty("serverKeystorePassword")); context.getParameters() .add("keystoreType", properties.getProperty("keystoreType")); context.getParameters() .add("keyPassword", properties.getProperty("serverKeystorePassword")); context.getParameters().add("needClientAuthentication", "true"); System.setProperty("javax.net.ssl.trustStoreType", properties.getProperty("javax.net.ssl.trustStoreType")); System.setProperty("javax.net.ssl.trustStore", properties.getProperty("serverTrustStore")); System.setProperty("javax.net.ssl.trustStorePassword", properties.getProperty("javax.net.ssl.trustStorePassword")); . . . } http://java.sun.com/xml/ns/j2ee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";> Data Services org.restlet.application com.mycompany.service.ServicesApplication DataServices com.noelios.restlet.ext.servlet.ServerServlet DataServices /services/* Data Services /* GET POST PUT user CLIENT-CERT user -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371843
Question about 'org.restlet.engine.Engine.registerHelper(ClassLoader, URL, List, Class)'
Hi, I am starting to use restlet. The framework seems impressive but unfortunately I have just spent +5hrs trying to get it running on my environment. Hopefully this is just my personal christening and everything will go smooth from now on ;-) My (constraint) environment is: - Eclipse 3.5 - The Jetty support offered by Eclipse So I've added all 'org.mortbay.jetty.*' bundles that come with Eclipse plus 'org.restlet.ext.jetty' to the class path and run the basic restlet example just to see it dying in a NoClassDefFoundError agony. After a lot of digging, I understood the problem: 'org.restlet.ext.jetty.jar!/META-INF/services/org.restlet.engine.ServerHelper' declares 3 helpers (AJP, HTTP, HTTPS) and Eclipse only has support for one of them (HTTP). So when the method in the subject tries to load the other helper classes (for AJP and HTTPS), everything breaks down due to the fact that the their dependencies are not in the class path. I manage to hack a workaround by overriding the 'registerHelper' method and ensure that only the HTTP helper is registered. Everything seems to be working fine now. I have 2 question though: 1. Can anyone foresee a problem regarding what I've done (other than not having AJP and HTTPS)? 2. On my code I requesting a HTTP server via 'component.getServers().add(Protocol.HTTP, 80)'. Since I am only interested on this protocol, does it make sense for the registerHelper to fail because of things that I am not using? Would it make sense to make it a bit more resilient and let the problem surface when the client code asks for a protocol that was not registered? Thanks in advance. I hope I will soon be able to help others. Cheers, Marcelo Paternostro -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371916
Question about 'org.restlet.engine.Engine.registerHelper(ClassLoader, URL, List, Class)'
Hi, I am starting to use restlet. The framework seems impressive but unfortunately I have just spent +5hrs trying to get it to run on my environment. Hopefully this is just my personal christening and everything will go smooth from now on ;-) My environment is: - Eclipse 3.5 - The Jetty support offered by Eclipse So I've added all 'org.mortbay.jetty.*' bundles that come with Eclipse plus 'org.restlet.ext.jetty' to the class path and run the basic restlet example just to see it dying in a NoClassDefFoundError agony. After a lot of digging, I understood the problem: 'org.restlet.ext.jetty.jar!/META-INF/services/org.restlet.engine.ServerHelper' declares 3 helpers (AJP, HTTP, HTTPS) and Eclipse has support for only one of them (HTTP). So when the method in the subject tries to load the other helper classes (for AJP and HTTPS), everything breaks down due to the fact that their dependencies are not in the class path. I manage to hack a workaround by overriding the referred method to ensure that only the HTTP helper is registered. Everything seems to be working fine now. I have 2 question though: 1. Can anyone foresee a problem on my approach (other than not having AJP and HTTPS)? 2. On my code I am requesting a HTTP server via 'component.getServers().add(Protocol.HTTP, 80)'. Since I am only interested on this protocol, does it make sense for the registerHelper method to fail because of things that I am not using? Would it make sense to make it a bit more resilient and let the problem surface when the client code asks for a protocol that was not registered? Thanks in advance. I hope I will soon be able to help others. Cheers, Marcelo Paternostro -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371919
Re: how to use Guard to protect confirmed URIs
Hello Johnson, this information is specific to the HTTP_DIGEST authentication scheme, here is the related excerpt from the rfc 2069 : domain A comma-separated list of URIs, as specified for HTTP/1.0. The intent is that the client could use this information to know the set of URIs for which the same authentication information should be sent. The URIs in this list may exist on different servers. If this keyword is omitted or empty, the client should assume that the domain consists of all URIs on the responding server. A client may remember the username, password and nonce values, so that future requests within the specified may include the Authorization header preemptively. I hope this will help you. Best regards, Thierry Boileau > Thanks thboileau, > > yes, you are right. > > but I still don't understand what baseUris means in Guard class. what can we > do with it? > > Do we just use it like: > > Collection baseUris = new ArrayList(); > > then put empty baseUris into the constructor of Guard or its subclass? > > can I put something into it or not? why? > > Can you explain it to me? > > Thanks and Regards, > > Johnson > > -- > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371684 > > -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371735
Re: Need help with S3App.java example, from RESTful Web Services (O'Reilly)
Hello Jerome, Any updates on when "Restlet: Official Developer's Guide to RESTful Web Applications in Java" printing will be available. This is all the information I get from Amazon.co.uk: "Currently unavailable. We don't know when or if this item will be back in stock." Cheers, woodHack -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371669
RE: Re: how to use Guard to protect confirmed URIs
Thanks thboileau, yes, you are right. but I still don't understand what baseUris means in Guard class. what can we do with it? Do we just use it like: Collection baseUris = new ArrayList(); then put empty baseUris into the constructor of Guard or its subclass? can I put something into it or not? why? Can you explain it to me? Thanks and Regards, Johnson -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371684