Ask REST router for resource's URIs ???
Hello, I'm absolutely beginner, but it's very interesting for me to get in touch more closely with Restlet. Here is code of my app which creates rest router and defines routes (URI parts) for the resource item (Java classes). @Override public synchronized Restlet createRoot() { // Create a router Restlet that defines routes. Router router = new Router(getContext()); // Defines a route for the resource list of items router.attach(/items, ItemsResource.class); // Defines a route for the resource item router.attach(/items/{itemName}, ItemResource.class); router.attach(/itemx/{itemName}, ItemResource.class); System.out.println(router.getRoutes().toString()); -- System.out.println(router.getRoutes().isEmpty()); -- System.out.println(router.getRoutes().size()); -- System.out.println(Resource List:); RouteList routeList = router.getRoutes(); for (IteratorRoute iter = routeList.iterator(); iter.hasNext();) { Route route = iter.next(); System.out.println(\tResource: + route.toString() + + route.getTemplate().toString() + + route.getContext().toString()); -- } return router; } Problem is: !!!I'm not able!!! to find human-readable list of URIs which I used , that means I'd like to see something like: Resource List: Resource: /items Resource: /items/{itemName} Resource: /itemx/{itemName} But I still see only object-readable format: Resource List: Resource: org.restlet.routing.ro...@624b035d Resource: org.restlet.routing.ro...@2aca0115 Resource: org.restlet.routing.ro...@340d1fa5 Is it possible to ask Rest running application for human-readable list of URIs under which are hidden appropriate resources?? Please help, thanks very much. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448707
Restlet Security - Securing URLs
Hello All ! I have been working on the Security module of our product since about past two months now and have a nice mechanism integrated into Restlet that lets us implement our security needs. We have overwritten the Authenticator and Authorizer to hav our custom requirements met like interfacing with LDAP and fine grained roles. The bit that am currently not very happy about is the Authorization. We are using regex based URI mappings to determine user permissions and roles. But this is not very robust, nor is completely foolproof. Also adding a new URL means the Authorizer has to be updated. I was wondering if anyone out there has a more interesting approach on how this can be. It will also be nice to know some different Authorization mechanisms. Thanks and Regards! Nirav Shah -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448703
Re: Ask REST router for resource's URIs ???
Hello Martin, I think you can use the Route#getPattern() method. As a side note, I suggest you to use the TemplateRoute class instead of Route which is deprecated. Regards, Thierry Boileau Hello, I'm absolutely beginner, but it's very interesting for me to get in touch more closely with Restlet. Here is code of my app which creates rest router and defines routes (URI parts) for the resource item (Java classes). @Override public synchronized Restlet createRoot() { // Create a router Restlet that defines routes. Router router = new Router(getContext()); // Defines a route for the resource list of items router.attach(/items, ItemsResource.class); // Defines a route for the resource item router.attach(/items/{itemName}, ItemResource.class); router.attach(/itemx/{itemName}, ItemResource.class); System.out.println(router.getRoutes().toString());-- System.out.println(router.getRoutes().isEmpty());-- System.out.println(router.getRoutes().size());-- System.out.println(Resource List:); RouteList routeList = router.getRoutes(); for (IteratorRoute iter = routeList.iterator(); iter.hasNext();) { Route route = iter.next(); System.out.println(\tResource: + route.toString() + + route.getTemplate().toString() + + route.getContext().toString());-- } return router; } Problem is: !!!I'm not able!!! to find human-readable list of URIs which I used , that means I'd like to see something like: Resource List: Resource: /items Resource: /items/{itemName} Resource: /itemx/{itemName} But I still see only object-readable format: Resource List: Resource: org.restlet.routing.ro...@624b035d Resource: org.restlet.routing.ro...@2aca0115 Resource: org.restlet.routing.ro...@340d1fa5 Is it possible to ask Rest running application for human-readable list of URIs under which are hidden appropriate resources?? Please help, thanks very much. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448707 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448729
Re: Redirect to the original URL after login?
Hello Yuan-Fang, I'd like to know whether there's a way to instruct restlet to redirect to a particular URL? yes, you can update the response with one of the Response#redirect* methods. That asks the client to send another request. But I wonder if this is really your question... If I understand well, in case of unauthorized acces to resource A, you want the user to hit a resource B (the login page), then to be redirected to resource A after a successful operation on Resource C (a POST on a login resource, I guess). I think that the first request (to the login page) must contain all required data (I mean the URL of resource A) via query parameter, cookie, standard header (Referer?), specific header, entity, etc. i.e. one of the supported mechanisms in order that the login operation (done via the login page) is aware of the redirected URL and redirects or transmits the message correctly to the resource A. You must make the required data accessible in two requests: the request to resource B, the request to resource C. Best regards, Thierry Boileau Hi list, In our webapp we use spring+restlet (2.0-M5). Spring is setup to provide role-based authentication for URLs. In some (restlet) resources, we have custom code for more fine-grained authorization. There's a scenario where Spring grants access but our custom code requires the user to login to access the resource. What we'd like to do is to have the webapp redirect back to the resource page after successful login. However, the webapp always redirects to the spring's default target URL. I'd like to know whether there's a way to instruct restlet to redirect to a particular URL. This is how we redirect the user to the login page in the resource: getResponse().redirectTemporary(getRequest().getRootRef().toString() + /login); Thanks! Yuan-Fang -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448644 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448737
RE: Re: Ask REST router for resource's URIs ???
You gave me an excellent helpfull advice. I'm using Restlet version 1.2-M2 from maven repository located in http://maven.restlet.org. It's not possible to use method getPattern() from Route class, but I found based on your advice that I can use this kind of code: Route route = iter.next(); System.out.println(\tResource: + route.getTemplate().getPattern().toString()); Probably in higher still developed version 2.0 (testing) of Restlet the Route class is deprecated, but during using 1.2-M2 (stable) version there is not any TemplateRoute class. THANKS VERY MUCH!!! I appreciate your help, really thanks for your help, it's good to see somebody is reading discussions here ;-) Hello Martin, I think you can use the Route#getPattern() method. As a side note, I suggest you to use the TemplateRoute class instead of Route which is deprecated. Regards, Thierry Boileau Hello, I'm absolutely beginner, but it's very interesting for me to get in touch more closely with Restlet. Here is code of my app which creates rest router and defines routes (URI parts) for the resource item (Java classes). @Override public synchronized Restlet createRoot() { // Create a router Restlet that defines routes. Router router = new Router(getContext()); // Defines a route for the resource list of items router.attach(/items, ItemsResource.class); // Defines a route for the resource item router.attach(/items/{itemName}, ItemResource.class); router.attach(/itemx/{itemName}, ItemResource.class); System.out.println(router.getRoutes().toString());-- System.out.println(router.getRoutes().isEmpty());-- System.out.println(router.getRoutes().size());-- System.out.println(Resource List:); RouteList routeList = router.getRoutes(); for (IteratorRoute iter = routeList.iterator(); iter.hasNext();) { Route route = iter.next(); System.out.println(\tResource: + route.toString() + + route.getTemplate().toString() + + route.getContext().toString());-- } return router; } Problem is: !!!I'm not able!!! to find human-readable list of URIs which I used , that means I'd like to see something like: Resource List: Resource: /items Resource: /items/{itemName} Resource: /itemx/{itemName} But I still see only object-readable format: Resource List: Resource: org.restlet.routing.ro...@624b035d Resource: org.restlet.routing.ro...@2aca0115 Resource: org.restlet.routing.ro...@340d1fa5 Is it possible to ask Rest running application for human-readable list of URIs under which are hidden appropriate resources?? Please help, thanks very much. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448707 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448752
Re: Redirect to the original URL after login?
Hi Thierry, Thanks for the reply. On Thu, Feb 18, 2010 at 10:11 PM, Thierry Boileau thierry.boil...@noelios.com wrote: Hello Yuan-Fang, I'd like to know whether there's a way to instruct restlet to redirect to a particular URL? yes, you can update the response with one of the Response#redirect* methods. That asks the client to send another request. But I wonder if this is really your question... If I understand well, in case of unauthorized acces to resource A, you want the user to hit a resource B (the login page), then to be redirected to resource A after a successful operation on Resource C (a POST on a login resource, I guess). I think that the first request (to the login page) must contain all required data (I mean the URL of resource A) via query parameter, cookie, standard header (Referer?), specific header, entity, etc. i.e. one of the supported mechanisms in order that the login operation (done via the login page) is aware of the redirected URL and redirects or transmits the message correctly to the resource A. You must make the required data accessible in two requests: the request to resource B, the request to resource C. I think that's exactly what I'm unsure of, i.e., in resource A, how to set the referrer for the request to resource B and in resource B, how to set referrer to resource C. Currently in resource A, we redirect the user to resource B (login page) as follows: getResponse().redirectTemporary(getRequest().getRootRef().toString() + /login); Since we're using spring for wiring up the resources and authentication, spring takes over from here, intercepts the url and routes it to the appropriate resource. I don't know how to pass information from our restlet resources to the spring's HTTPRequests. Any insight is appreciated! Best regards Yuan-Fang Best regards, Thierry Boileau Hi list, In our webapp we use spring+restlet (2.0-M5). Spring is setup to provide role-based authentication for URLs. In some (restlet) resources, we have custom code for more fine-grained authorization. There's a scenario where Spring grants access but our custom code requires the user to login to access the resource. What we'd like to do is to have the webapp redirect back to the resource page after successful login. However, the webapp always redirects to the spring's default target URL. I'd like to know whether there's a way to instruct restlet to redirect to a particular URL. This is how we redirect the user to the login page in the resource: getResponse().redirectTemporary(getRequest().getRootRef().toString() + /login); Thanks! Yuan-Fang --http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448644 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448740
Re: rejectedExecution
Maxime Bégnis a écrit : Hi again, We increased the maximum number of threads to 512, it seems to solve the problem for good. Is this number too high and may cause some other problem elsewhere? Thanks. Maxime Bégnis. Hello, Thanks a lot for you answer. I'll keep you informed about the resolution of this problem(It didn't happen since a while). cheers. Maxime Bégnis Thierry Boileau a écrit : Hello Maxime, when the connector is unable to process new request due to congestion, it refuses them. You can consider to increase the number of thread or connections. You can have a look here for the available parameters: http://www.restlet.org/documentation/snapshot/jse/engine/org/restlet/engine/http/connector/BaseHelper.html In order to set them, proceed as follow: Server server = new Server(Protocol.HTTP, 8182); component.getServers().add(server); server.getContext().getParameters().add(maxTotalConnections, 50); I hope this will help you. Best regards, Thierry Boileau NB: at this time, we focused on the available features provided by the framework. The first candidate release (which freezes the API) is planned for mid-march. At this time, we will focus on bug and performance issues. Hi, We are using Restlet 2.0M7 with the default HTTP server. We have some kind of robot making a lot of HTTP requests(about 10/seconds) during, for big jobs, approximately 1 minute. Sometimes, when the server is busy with other requests(from users) during this big storm, the server fails with this log: Feb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.BaseHelper$1 rejectedExecution WARNING: Unable to run the following server-side task: Read connection messages: true #camilFeb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.BaseHelper$1 rejectedExecution #camilINFO: Worker service state: Full #camilFeb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.BaseHelper$1 rejectedExecution #camilINFO: Worker service tasks: 0 queued, 255 active, 5500 completed, 5755 scheduled. #camil Feb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.BaseHelper$1 rejectedExecution #camil INFO: Worker service thread pool: 1 core size, 255 largest size, 255 maximum size, 255 current size #camil Feb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.ControllerTask run #camil INFO: Stop accepting new connections and transactions. Consider increasing the maximum number of threads. Do you know the reasons of this, what can be done? Thanks in advance. Maxime Bégnis. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2444851 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448670 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448761
Re: Ask REST router for resource's URIs ???
Hi Martin, well, the 1.2 branch had been renamed to 2.0 some months ago since significant modifications were introduced comparing to the 1.1 branch which is the current stable release (see here http://www.restlet.org/downloads/). I suggest you don't use the 1.2 releases. Best regards, Thierry Boileau You gave me an excellent helpfull advice. I'm using Restlet version 1.2-M2 from maven repository located in http://maven.restlet.org. It's not possible to use method getPattern() from Route class, but I found based on your advice that I can use this kind of code: Route route = iter.next(); System.out.println(\tResource: + route.getTemplate().getPattern().toString()); Probably in higher still developed version 2.0 (testing) of Restlet the Route class is deprecated, but during using 1.2-M2 (stable) version there is not any TemplateRoute class. THANKS VERY MUCH!!! I appreciate your help, really thanks for your help, it's good to see somebody is reading discussions here ;-) Hello Martin, I think you can use the Route#getPattern() method. As a side note, I suggest you to use the TemplateRoute class instead of Route which is deprecated. Regards, Thierry Boileau Hello, I'm absolutely beginner, but it's very interesting for me to get in touch more closely with Restlet. Here is code of my app which creates rest router and defines routes (URI parts) for the resource item (Java classes). @Override public synchronized Restlet createRoot() { // Create a router Restlet that defines routes. Router router = new Router(getContext()); // Defines a route for the resource list of items router.attach(/items, ItemsResource.class); // Defines a route for the resource item router.attach(/items/{itemName}, ItemResource.class); router.attach(/itemx/{itemName}, ItemResource.class); System.out.println(router.getRoutes().toString());-- System.out.println(router.getRoutes().isEmpty());-- System.out.println(router.getRoutes().size());-- System.out.println(Resource List:); RouteList routeList = router.getRoutes(); for (IteratorRoute iter = routeList.iterator(); iter.hasNext();) { Route route = iter.next(); System.out.println(\tResource: + route.toString() + + route.getTemplate().toString() + + route.getContext().toString());-- } return router; } Problem is: !!!I'm not able!!! to find human-readable list of URIs which I used , that means I'd like to see something like: Resource List: Resource: /items Resource: /items/{itemName} Resource: /itemx/{itemName} But I still see only object-readable format: Resource List: Resource: org.restlet.routing.ro...@624b035d Resource: org.restlet.routing.ro...@2aca0115 Resource: org.restlet.routing.ro...@340d1fa5 Is it possible to ask Rest running application for human-readable list of URIs under which are hidden appropriate resources?? Please help, thanks very much. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448707 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448752 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448765
Re: client-server file upload
Hello Pierre, what version of Restlet are you using? Best regards, Thierry Boileau Great ! Thanks ! File upload works properly now. Then, I tried Disposition, but on server side entity.getDisposition() is null. Here is my code on Android client side (restlet 2.0m7) : *** FileRepresentation fileEntity = new FileRepresentation(file, MediaType.APPLICATION_ZIP); Form fileForm = new Form(); fileForm.add(Disposition.NAME_FILENAME, file.getName()); Disposition disposition = new Disposition(Disposition.TYPE_INLINE, fileForm); fileEntity.setDisposition(disposition); filesResources.upload(fileEntity); *** Regards, Pierre -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448125 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448774
Re: Redirect to the original URL after login?
Hi Yuan-Fang, unfortunately, if you don't control the behaviour of the client, be aware that the number of solutions is quite limited. When you discover that the client is not authorized, you can redirect it to uri resource B?next=URI resource A. Thus, resource B is able to prepare the request that will be posted to resource C: keep on using the query parameter or add an hidden field in the Web form, etc. You can also set cookies (that is say ask the client to set cookie, when redirecting to resource B), which will work only if the client supports this mechanism. Best regards, Thierry Boileau Hi Thierry, Thanks for the reply. On Thu, Feb 18, 2010 at 10:11 PM, Thierry Boileau thierry.boil...@noelios.com mailto:thierry.boil...@noelios.com wrote: Hello Yuan-Fang, I'd like to know whether there's a way to instruct restlet to redirect to a particular URL? yes, you can update the response with one of the Response#redirect* methods. That asks the client to send another request. But I wonder if this is really your question... If I understand well, in case of unauthorized acces to resource A, you want the user to hit a resource B (the login page), then to be redirected to resource A after a successful operation on Resource C (a POST on a login resource, I guess). I think that the first request (to the login page) must contain all required data (I mean the URL of resource A) via query parameter, cookie, standard header (Referer?), specific header, entity, etc. i.e. one of the supported mechanisms in order that the login operation (done via the login page) is aware of the redirected URL and redirects or transmits the message correctly to the resource A. You must make the required data accessible in two requests: the request to resource B, the request to resource C. I think that's exactly what I'm unsure of, i.e., in resource A, how to set the referrer for the request to resource B and in resource B, how to set referrer to resource C. Currently in resource A, we redirect the user to resource B (login page) as follows: getResponse().redirectTemporary(getRequest().getRootRef().toString() + /login); Since we're using spring for wiring up the resources and authentication, spring takes over from here, intercepts the url and routes it to the appropriate resource. I don't know how to pass information from our restlet resources to the spring's HTTPRequests. Any insight is appreciated! Best regards Yuan-Fang Best regards, Thierry Boileau Hi list, In our webapp we use spring+restlet (2.0-M5). Spring is setup to provide role-based authentication for URLs. In some (restlet) resources, we have custom code for more fine-grained authorization. There's a scenario where Spring grants access but our custom code requires the user to login to access the resource. What we'd like to do is to have the webapp redirect back to the resource page after successful login. However, the webapp always redirects to the spring's default target URL. I'd like to know whether there's a way to instruct restlet to redirect to a particular URL. This is how we redirect the user to the login page in the resource: getResponse().redirectTemporary(getRequest().getRootRef().toString() + /login); Thanks! Yuan-Fang -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448644 http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448644 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448787
Re: rejectedExecution
Hello Maxime, I think it depends on the server. Threads consume memory and of course CPU. 10 req/sec is not a huge value, however if each request requires a thread to write a huge entity or an entity whose content is delivered slowly, the thread pool will be at a time full and unable to process incoming requests. Best regards, Thierry Boileau Maxime Bégnis a écrit : Hi again, We increased the maximum number of threads to 512, it seems to solve the problem for good. Is this number too high and may cause some other problem elsewhere? Thanks. Maxime Bégnis. Hello, Thanks a lot for you answer. I'll keep you informed about the resolution of this problem(It didn't happen since a while). cheers. Maxime Bégnis Thierry Boileau a écrit : Hello Maxime, when the connector is unable to process new request due to congestion, it refuses them. You can consider to increase the number of thread or connections. You can have a look here for the available parameters: http://www.restlet.org/documentation/snapshot/jse/engine/org/restlet/engine/http/connector/BaseHelper.html In order to set them, proceed as follow: Server server = new Server(Protocol.HTTP, 8182); component.getServers().add(server); server.getContext().getParameters().add(maxTotalConnections, 50); I hope this will help you. Best regards, Thierry Boileau NB: at this time, we focused on the available features provided by the framework. The first candidate release (which freezes the API) is planned for mid-march. At this time, we will focus on bug and performance issues. Hi, We are using Restlet 2.0M7 with the default HTTP server. We have some kind of robot making a lot of HTTP requests(about 10/seconds) during, for big jobs, approximately 1 minute. Sometimes, when the server is busy with other requests(from users) during this big storm, the server fails with this log: Feb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.BaseHelper$1 rejectedExecution WARNING: Unable to run the following server-side task: Read connection messages: true #camilFeb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.BaseHelper$1 rejectedExecution #camilINFO: Worker service state: Full #camilFeb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.BaseHelper$1 rejectedExecution #camilINFO: Worker service tasks: 0 queued, 255 active, 5500 completed, 5755 scheduled. #camil Feb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.BaseHelper$1 rejectedExecution #camil INFO: Worker service thread pool: 1 core size, 255 largest size, 255 maximum size, 255 current size #camil Feb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.ControllerTask run #camil INFO: Stop accepting new connections and transactions. Consider increasing the maximum number of threads. Do you know the reasons of this, what can be done? Thanks in advance. Maxime Bégnis. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2444851 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448670 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448761 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448793
RE: Re: Ask REST router for resource's URIs ???
Thanks for notification, it's valuable info for me. I have aother one question, me and my brother try to use detach(Restlet target) method defined for Route class (version 1.1). But can ypu send me a peace of sample sorce code? I;m not able to realise what shoul be an argument of detach method. for example: // Create a router Restlet that defines routes. Router router = new Router(getContext()); // Defines a route for the resource list of items router.attach(/items, ItemsResource.class); ..and now how will I say that I would like to remove ItemsResource class as resource accessible under /items URI? Really thanks!! your help is unbelievable! -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448803
Re: Ask REST router for resource's URIs ???
Hello Martin and brother, this method looks for all routes defined on the router. In case a route points to the target Restlet, this route is removed. This method does not apply to such routes, because Resource is not a Restlet : router.attach(/items, ItemsResource.class); As a workaround, you can create your own router that implements this kind of method: public void detach(Class? targetClass) { for (int i = getRoutes().size() - 1; i = 0; i--) { Restlet target = getRoutes().get(i).getNext(); if (target != null Finder.class.isAssignableFrom(target.getClass())) { Finder finder = (Finder) target; if(finder.getTargetClass().equals(targetClass)){ getRoutes().remove(i); } } } if (getDefaultRoute() != null) { Restlet target = getDefaultRoute().getNext(); if (target != null Finder.class.isAssignableFrom(target.getClass())) { Finder finder = (Finder) target; if(finder.getTargetClass().equals(targetClass)){ setDefaultRoute(null); } } } } Best regards, Thierry Boileau Thanks for notification, it's valuable info for me. I have aother one question, me and my brother try to use detach(Restlet target) method defined for Route class (version 1.1). But can you send me a piece of sample source code? I'm not able to realise what should be an argument of detach method. for example: // Create a router Restlet that defines routes. Router router = new Router(getContext()); // Defines a route for the resource list of items router.attach(/items, ItemsResource.class); ..and now how will I say that I would like to remove ItemsResource class as resource accessible under /items URI? Really thanks!! your help is unbelievable! -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448803 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448830
Re: Restlet Security - Securing URLs
Hi Nirav, you mean, you have one Authenticator and one Authorizator for a lot of resources? Why do you not protect every resource or some routers with own instances of the Authenticator and/or Authorizator? best regards Stephan Nirav Shah schrieb: Hello All ! I have been working on the Security module of our product since about past two months now and have a nice mechanism integrated into Restlet that lets us implement our security needs. We have overwritten the Authenticator and Authorizer to hav our custom requirements met like interfacing with LDAP and fine grained roles. The bit that am currently not very happy about is the Authorization. We are using regex based URI mappings to determine user permissions and roles. But this is not very robust, nor is completely foolproof. Also adding a new URL means the Authorizer has to be updated. I was wondering if anyone out there has a more interesting approach on how this can be. It will also be nice to know some different Authorization mechanisms. Thanks and Regards! Nirav Shah -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448703 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448876
Re: Redirect to the original URL after login?
Hi Thierry, After some more googling I finally find how to pass the original URL to spring. While processing login, Spring Security looks for a value with the id/name spring-security-redirect. If it's present, Spring will set the appropriate heading information in the request for the redirect. So as you suggested, I put the original URL into a hidden input, something like input type=hidden name=spring-security-redirect value=${source}/ My problem is solved. Thanks for the help. :-) Best wishes Yuan-Fang On Fri, Feb 19, 2010 at 1:05 AM, Thierry Boileau thierry.boil...@noelios.com wrote: Hi Yuan-Fang, unfortunately, if you don't control the behaviour of the client, be aware that the number of solutions is quite limited. When you discover that the client is not authorized, you can redirect it to uri resource B?next=URI resource A. Thus, resource B is able to prepare the request that will be posted to resource C: keep on using the query parameter or add an hidden field in the Web form, etc. You can also set cookies (that is say ask the client to set cookie, when redirecting to resource B), which will work only if the client supports this mechanism. Best regards, Thierry Boileau Hi Thierry, Thanks for the reply. On Thu, Feb 18, 2010 at 10:11 PM, Thierry Boileau thierry.boil...@noelios.com wrote: Hello Yuan-Fang, I'd like to know whether there's a way to instruct restlet to redirect to a particular URL? yes, you can update the response with one of the Response#redirect* methods. That asks the client to send another request. But I wonder if this is really your question... If I understand well, in case of unauthorized acces to resource A, you want the user to hit a resource B (the login page), then to be redirected to resource A after a successful operation on Resource C (a POST on a login resource, I guess). I think that the first request (to the login page) must contain all required data (I mean the URL of resource A) via query parameter, cookie, standard header (Referer?), specific header, entity, etc. i.e. one of the supported mechanisms in order that the login operation (done via the login page) is aware of the redirected URL and redirects or transmits the message correctly to the resource A. You must make the required data accessible in two requests: the request to resource B, the request to resource C. I think that's exactly what I'm unsure of, i.e., in resource A, how to set the referrer for the request to resource B and in resource B, how to set referrer to resource C. Currently in resource A, we redirect the user to resource B (login page) as follows: getResponse().redirectTemporary(getRequest().getRootRef().toString() + /login); Since we're using spring for wiring up the resources and authentication, spring takes over from here, intercepts the url and routes it to the appropriate resource. I don't know how to pass information from our restlet resources to the spring's HTTPRequests. Any insight is appreciated! Best regards Yuan-Fang Best regards, Thierry Boileau Hi list, In our webapp we use spring+restlet (2.0-M5). Spring is setup to provide role-based authentication for URLs. In some (restlet) resources, we have custom code for more fine-grained authorization. There's a scenario where Spring grants access but our custom code requires the user to login to access the resource. What we'd like to do is to have the webapp redirect back to the resource page after successful login. However, the webapp always redirects to the spring's default target URL. I'd like to know whether there's a way to instruct restlet to redirect to a particular URL. This is how we redirect the user to the login page in the resource: getResponse().redirectTemporary(getRequest().getRootRef().toString() + /login); Thanks! Yuan-Fang --http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448644 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2449000
Size limit on GET response
Hi, There is some size limit for GET query string say 255 bytes. What is the size limit for the response that is being passed from GET request. For e.g. Client request the server (GET) for the content of some file which is of say 100MB. I have created sample example that does that for me, i can get upto 1.8GB of file from the GET response. What i understand is GET request query string size is limited, but the response that is returned from that GET, can be of any size as to what the REST supports. Correct me if i am wrong. Regards, Faiz. -- View this message in context: http://n2.nabble.com/Size-limit-on-GET-response-tp4596213p4596213.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448998
Re: Redirect to the original URL after login?
Hi Yuan-Fang, Is Spring Security configured for the url/path of the resource protected by your custom fine-grained authorization logic? If so, even if Spring Security allows access, throwing an org.springframework.security.AccessDeniedException from your authorization logic will get picked up by the Spring Security filter chain and trigger the redirect to /login. By default, Spring Security will redirect back to the secure resource upon successful authentication. I haven't tried this, but I work A LOT with Spring Security and I'm pretty sure it will work. HTH, Doug On Thu, Feb 18, 2010 at 8:05 AM, Thierry Boileau thierry.boil...@noelios.com wrote: Hi Yuan-Fang, unfortunately, if you don't control the behaviour of the client, be aware that the number of solutions is quite limited. When you discover that the client is not authorized, you can redirect it to uri resource B?next=URI resource A. Thus, resource B is able to prepare the request that will be posted to resource C: keep on using the query parameter or add an hidden field in the Web form, etc. You can also set cookies (that is say ask the client to set cookie, when redirecting to resource B), which will work only if the client supports this mechanism. Best regards, Thierry Boileau Hi Thierry, Thanks for the reply. On Thu, Feb 18, 2010 at 10:11 PM, Thierry Boileau thierry.boil...@noelios.com wrote: Hello Yuan-Fang, I'd like to know whether there's a way to instruct restlet to redirect to a particular URL? yes, you can update the response with one of the Response#redirect* methods. That asks the client to send another request. But I wonder if this is really your question... If I understand well, in case of unauthorized acces to resource A, you want the user to hit a resource B (the login page), then to be redirected to resource A after a successful operation on Resource C (a POST on a login resource, I guess). I think that the first request (to the login page) must contain all required data (I mean the URL of resource A) via query parameter, cookie, standard header (Referer?), specific header, entity, etc. i.e. one of the supported mechanisms in order that the login operation (done via the login page) is aware of the redirected URL and redirects or transmits the message correctly to the resource A. You must make the required data accessible in two requests: the request to resource B, the request to resource C. I think that's exactly what I'm unsure of, i.e., in resource A, how to set the referrer for the request to resource B and in resource B, how to set referrer to resource C. Currently in resource A, we redirect the user to resource B (login page) as follows: getResponse().redirectTemporary(getRequest().getRootRef().toString() + /login); Since we're using spring for wiring up the resources and authentication, spring takes over from here, intercepts the url and routes it to the appropriate resource. I don't know how to pass information from our restlet resources to the spring's HTTPRequests. Any insight is appreciated! Best regards Yuan-Fang Best regards, Thierry Boileau Hi list, In our webapp we use spring+restlet (2.0-M5). Spring is setup to provide role-based authentication for URLs. In some (restlet) resources, we have custom code for more fine-grained authorization. There's a scenario where Spring grants access but our custom code requires the user to login to access the resource. What we'd like to do is to have the webapp redirect back to the resource page after successful login. However, the webapp always redirects to the spring's default target URL. I'd like to know whether there's a way to instruct restlet to redirect to a particular URL. This is how we redirect the user to the login page in the resource: getResponse().redirectTemporary(getRequest().getRootRef().toString() + /login); Thanks! Yuan-Fang --http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448644 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448947
Matlab With Restlet
hi Im newbie to restlet. Im writing matlab client which will interact with server. I have added the following jar files to class path in matlab 1.com.noelios.restlet.jar 2.org.json.jar 3.org.restlet.ext.json.jar 4.org.restlet.jar When i creating the client: Client(Protocol.HTTP) i get the following warning No available client connector supports the required protocols: 'PROTOCOL.HTTP Protocol' . Please add the JAR of a matching connector to your classpath. What should i do to remove this warning. Should i run my client inside servlet? Also which all jar files should i add to make the communication working between the server. (Im new to web applications). But i wrote eclipse application to interact with sever including the above mentioned jar files and the application is running fine. May i know what is difference in both these conditions. Hope i m able to correctly explain my problem. Regards Rashik.T -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448864
Including DIGEST auth Response with initial request
Everyone, I currently have a RESLET 2.0m6 based client and server. They are setup to use DIGEST authentication (as shown in http://wiki.restlet.org/docs_2.0/13-restlet/27-restlet/46-restlet/112-restlet.html). Requests are working, except every request is challenged and needs to be resent. I am trying to include the correct ChallengeResponse with each new request, but I am missing how it should be constructed. After the challenge I build it as challengeResponse = new ChallengeResponse(challengeRequest,request,response,userid,passwd); request.setChallengeResponse(challengeResponse); but when I am about to issue the next request after the resent challenged request completes, what should be used as the response? Thanks Rich -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448843
Re: rejectedExecution
Hello Thierry, between lines: Thierry Boileau a écrit : Hello Maxime, I think it depends on the server. Threads consume memory and of course CPU. 10 req/sec is not a huge value, however if each request requires a thread to write a huge entity or an entity whose content is delivered slowly, the thread pool will be at a time full and unable to process incoming requests. Ok, thanks for the info. We found out that the case where the server fails with this error is extreme and happens quite rarely. So the setting of 512 max threads is just to be sure. :-) Maxime Bégnis. Best regards, Thierry Boileau Maxime Bégnis a écrit : Hi again, We increased the maximum number of threads to 512, it seems to solve the problem for good. Is this number too high and may cause some other problem elsewhere? Thanks. Maxime Bégnis. Hello, Thanks a lot for you answer. I'll keep you informed about the resolution of this problem(It didn't happen since a while). cheers. Maxime Bégnis Thierry Boileau a écrit : Hello Maxime, when the connector is unable to process new request due to congestion, it refuses them. You can consider to increase the number of thread or connections. You can have a look here for the available parameters: http://www.restlet.org/documentation/snapshot/jse/engine/org/restlet/engine/http/connector/BaseHelper.html In order to set them, proceed as follow: Server server = new Server(Protocol.HTTP, 8182); component.getServers().add(server); server.getContext().getParameters().add(maxTotalConnections, 50); I hope this will help you. Best regards, Thierry Boileau NB: at this time, we focused on the available features provided by the framework. The first candidate release (which freezes the API) is planned for mid-march. At this time, we will focus on bug and performance issues. Hi, We are using Restlet 2.0M7 with the default HTTP server. We have some kind of robot making a lot of HTTP requests(about 10/seconds) during, for big jobs, approximately 1 minute. Sometimes, when the server is busy with other requests(from users) during this big storm, the server fails with this log: Feb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.BaseHelper$1 rejectedExecution WARNING: Unable to run the following server-side task: Read connection messages: true #camilFeb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.BaseHelper$1 rejectedExecution #camilINFO: Worker service state: Full #camilFeb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.BaseHelper$1 rejectedExecution #camilINFO: Worker service tasks: 0 queued, 255 active, 5500 completed, 5755 scheduled. #camil Feb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.BaseHelper$1 rejectedExecution #camil INFO: Worker service thread pool: 1 core size, 255 largest size, 255 maximum size, 255 current size #camil Feb 4, 2010 1:56:31 PM org.restlet.engine.http.connector.ControllerTask run #camil INFO: Stop accepting new connections and transactions. Consider increasing the maximum number of threads. Do you know the reasons of this, what can be done? Thanks in advance. Maxime Bégnis. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2444851 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448670 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448761 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2448793 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2449010
Re: Size limit on GET response
Hello Faiz, I think you are talking more generally of the size limitation applied to URIs in the agent programs (client and server). You can have a look here for example http://www.boutell.com/newfaq/misc/urllength.html. Regarding a Restlet-based server, there is a limitation due to the use of regular expressions during the routing process. This is related to this bug http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6337993. I'm not aware of a size limitation applied to the size of a request's or response's entity. Best regards, Thierry Boileau Hi, There is some size limit for GET query string say 255 bytes. What is the size limit for the response that is being passed from GET request. For e.g. Client request the server (GET) for the content of some file which is of say 100MB. I have created sample example that does that for me, i can get upto 1.8GB of file from the GET response. What i understand is GET request query string size is limited, but the response that is returned from that GET, can be of any size as to what the REST supports. Correct me if i am wrong. Regards, Faiz. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2449011