Restlet SSL and Weblogic (even tomcat would help)

[Andrew Whelan]

Hello,

I am trying to deploy a Restlet application as a Servlet to weblogic using SSL 
for authentication and authorization. I have successfully gotten the SSL 
authentication to work with my Restlet, running it as a Java application using 
the default Jetty 
container. Now I'm trying to deploy it to weblogic.

I am trying to use mutual authentication.
I have client and server keystores and a trustore for each. I used OpenSSL to 
create a certificate authority and have signed 
client and server certificates correctly imported into their respective 
truststores.

I have the SSL code used for the class that extends org.restlet.Application. 
That class gets associated with the necessary 
org.restlet.application context-param in the web.xml when trying to configure 
the servlet(see it below the code). 

Besides
A)The code in the class below that extends Application 
B)The content of the web.xml that follows the class
C)Adding a user with a username that matches that of the distinguished name of 
the client certificate

Should I have to do anything else?

I have a client(using the HttpsUrlConnection class) that successfully connects 
when running it as a Java Application in the 
default Jetty Container, but it doesn't connect to what I am trying to deploy 
in Weblogic. I get the old "connection refused" 
message using the -Djava.net.debug=all switch at the command like (for the 
client) and it doesn't looking like it's getting 
into the server side of the handshake.

Is There anything else I am missing that anyone on here can think of or can you 
provide a link to any tutorials deploying 
Restlets as a Servlet on any web container(Tomcat?) using SSL (besides the 
default Jetty setup).
Thanks!

public class ServiceApplication extends org.restlet.Application
{
.
.
.
//This all works fine running it as a Java Application using the built in Jetty 
container.
Properties properies = getConfiguredProperties():

Server server = getServers().add(Protocol.HTTPS, port);
Context context = server.getContext();

context.getParameters()
   .add("keystorePath",
properties.getProperty("serverKeystorePath"));
context.getParameters()
  .add("keystorePassword",
properties.getProperty("serverKeystorePassword"));
context.getParameters()
   .add("keystoreType",
properties.getProperty("keystoreType"));
context.getParameters()
   .add("keyPassword",
properties.getProperty("serverKeystorePassword"));

context.getParameters().add("needClientAuthentication", "true");

System.setProperty("javax.net.ssl.trustStoreType",
properties.getProperty("javax.net.ssl.trustStoreType"));
System.setProperty("javax.net.ssl.trustStore",
properties.getProperty("serverTrustStore"));
System.setProperty("javax.net.ssl.trustStorePassword",
properties.getProperty("javax.net.ssl.trustStorePassword"));
.
.
.
}



http://java.sun.com/xml/ns/j2ee"; 

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 

http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";>

Data Services

org.restlet.application
  
com.mycompany.service.ServicesApplication





DataServices   
  

com.noelios.restlet.ext.servlet.ServerServlet



DataServices
/services/*






  Data Services 
/* 
GET 
POST 
PUT
   

user 
   
 
CLIENT-CERT 

   
  
  
user
  

 


--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371843

Question about 'org.restlet.engine.Engine.registerHelper(ClassLoader, URL, List, Class)'

[webpost]

Hi, 

I am starting to use restlet. The framework seems impressive but unfortunately 
I have just spent +5hrs trying to get it running on my environment. Hopefully 
this is just my personal christening and everything will go smooth from now on 
;-)

My (constraint) environment is:

- Eclipse 3.5
- The Jetty support offered by Eclipse

So I've added all 'org.mortbay.jetty.*' bundles that come with Eclipse plus 
'org.restlet.ext.jetty' to the class path and run the basic restlet example 
just to see it dying in a NoClassDefFoundError agony.

After a lot of digging, I understood the problem: 
'org.restlet.ext.jetty.jar!/META-INF/services/org.restlet.engine.ServerHelper' 
declares 3 helpers (AJP, HTTP, HTTPS) and Eclipse only has support for one of 
them (HTTP). So when the method in the subject tries to load the other helper 
classes (for AJP and HTTPS), everything breaks down due to the fact that the 
their dependencies are not in the class path.

I manage to hack a workaround by overriding the 'registerHelper' method and 
ensure that only the HTTP helper is registered. Everything seems to be working 
fine now. I have 2 question though:

1.
Can anyone foresee a problem regarding what I've done (other than not having 
AJP and HTTPS)?

2.
On my code I requesting a HTTP server via 
'component.getServers().add(Protocol.HTTP, 80)'. Since I am only interested on 
this protocol, does it make sense for the registerHelper to fail because of 
things that I am not using? Would it make sense to make it a bit more resilient 
and let the problem surface when the client code asks for a protocol that was 
not registered?

Thanks in advance. I hope I will soon be able to help others.

Cheers,
Marcelo Paternostro

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371916

Question about 'org.restlet.engine.Engine.registerHelper(ClassLoader, URL, List, Class)'

[Marcelo Paternostro]

Hi, 

I am starting to use restlet. The framework seems impressive but unfortunately 
I have just spent +5hrs trying to get it to run on my environment. Hopefully 
this is just my personal christening and everything will go smooth from now on 
;-)

My environment is:

- Eclipse 3.5
- The Jetty support offered by Eclipse

So I've added all 'org.mortbay.jetty.*' bundles that come with Eclipse plus 
'org.restlet.ext.jetty' to the class path and run the basic restlet example 
just to see it dying in a NoClassDefFoundError agony.

After a lot of digging, I understood the problem: 
'org.restlet.ext.jetty.jar!/META-INF/services/org.restlet.engine.ServerHelper' 
declares 3 helpers (AJP, HTTP, HTTPS) and Eclipse has support for only one of 
them (HTTP). So when the method in the subject tries to load the other helper 
classes (for AJP and HTTPS), everything breaks down due to the fact that their 
dependencies are not in the class path.

I manage to hack a workaround by overriding the referred method to ensure that 
only the HTTP helper is registered. Everything seems to be working fine now. I 
have 2 question though:

1.
Can anyone foresee a problem on my approach (other than not having AJP and 
HTTPS)?

2.
On my code I am requesting a HTTP server via 
'component.getServers().add(Protocol.HTTP, 80)'. Since I am only interested on 
this protocol, does it make sense for the registerHelper method to fail because 
of things that I am not using? Would it make sense to make it a bit more 
resilient and let the problem surface when the client code asks for a protocol 
that was not registered?

Thanks in advance. I hope I will soon be able to help others.

Cheers,
Marcelo Paternostro

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371919

Re: how to use Guard to protect confirmed URIs

[Thierry Boileau]

Hello Johnson,


this information is specific to the HTTP_DIGEST authentication scheme, 
here is the related excerpt from the rfc 2069 :

domain
 A comma-separated list of URIs, as specified for HTTP/1.0. The
 intent is that the client could use this information to know the
 set of URIs for which the same authentication information should be
 sent.  The URIs in this list may exist on different servers. If
 this keyword is omitted or empty, the client should assume that the
 domain consists of all URIs on the responding server.

A client may remember the username, password and nonce values, so that 
future requests within the specified  may include the 
Authorization header preemptively.

I hope this will help you.

Best regards,
Thierry Boileau

> Thanks thboileau,
>
> yes, you are right.
>
> but I still don't understand what baseUris means in Guard class. what can we 
> do with it?
>
> Do we just use it like: 
>
> Collection baseUris = new ArrayList();
>
> then put empty baseUris into the constructor of Guard or its subclass?
>
> can I put something into it or not? why?
>
> Can you explain it to me?
>
> Thanks and Regards,
>
> Johnson
>
> --
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371684
>
>

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371735

Re: Need help with S3App.java example, from RESTful Web Services (O'Reilly)

[R.H.]

Hello Jerome,

Any updates on when "Restlet: Official Developer's Guide to RESTful
Web Applications in Java" printing will be available. This is all the
information I get from Amazon.co.uk:
 "Currently unavailable. We don't know when or if this item will
be back in stock."

Cheers,
woodHack

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371669

RE: Re: how to use Guard to protect confirmed URIs

[Johnson]

Thanks thboileau,

yes, you are right.

but I still don't understand what baseUris means in Guard class. what can we do 
with it?

Do we just use it like: 

Collection baseUris = new ArrayList();

then put empty baseUris into the constructor of Guard or its subclass?

can I put something into it or not? why?

Can you explain it to me?

Thanks and Regards,

Johnson

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2371684