RE: Re: Access to HttpSession from Restlet ...
Ok Bruno, thanks for your assessement. I'll forward your expert's opinion to the architect who gave me this task :) But generally 10-15 minutes life-time of the session would be sufficient for my use-case. best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2452215
Re: Access to HttpSession from Restlet ...
Stefan Meissner wrote: >> What I'm still not clear about is what you're trying to do with it here >> (I don't how well you know SSL/TLS). Whether with Restlets or Servlets, >> it doesn't seem right to use that for maintaining some sort of >> application session. > > As you may have noticed I'm a newbie in all the fields you just mentioned ;) > > The use case I have in mind is like this: > http://forums.java.net/jive/message.jspa?messageID=279268 Leaving aside the fact that on a REST-related list you won't necessarily find much advocacy for sessions... Using the SSL session ID as a session identifier for whatever your application is going to do is generally not a good idea. SSL sessions have a usually short life-time (10-15 minutes, depending on the configuration). The HTTP layer is oblivious to what's happening in terms of SSL sessions: the browser and the server will resume/invalidate them as it sees fit, more or less independently of what's going on in HTTP terms. Best wishes, Bruno. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2452184
RE: Re: Access to HttpSession from Restlet ...
Hi Bruno, > Not sure how much experience you have with Java, but it doesn't really > have the notion of addresses. "[...@e51b2c" is just the default output of > toString() on an array object: I had no experience on working with bytes in Java so far. Sorry, I thought you were refering to the hash code of the byte[] object. > I'd suggest searching for Java byte array to hex conversion if you want > an string representing the values in your array in hexadecimal Thanks for the hint, I've got some proper ID now. > What I'm still not clear about is what you're trying to do with it here > (I don't how well you know SSL/TLS). Whether with Restlets or Servlets, > it doesn't seem right to use that for maintaining some sort of > application session. As you may have noticed I'm a newbie in all the fields you just mentioned ;) The use case I have in mind is like this: http://forums.java.net/jive/message.jspa?messageID=279268 > As I said, it's not absurd want to expose the SSL session ID as a > Request parameter (in the same was as client certificates and cipher > suites are exposed). I could try to provide a patch to do so (if Jerome > and Thierry are happy with it). That would be great :) Thanks a lot for your help! Best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2452148
RE: Re: Access to HttpSession from Restlet ...
Hi Stephan, > Or use new String((byte[])byteArray); Thanks for your help, but the solution presented here: http://rgagnon.com/javadetails/java-0596.html looks more promising. Best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2452157
Re: Access to HttpSession from Restlet ...
Hi Stefan, > If I print out the pure ID out of the byte array I get this: [...@e51b2c > which looks like an hex address to me. How can I get to the value then? just cast to byte[] and access by index. Or use new String((byte[])byteArray); best regards Stephan ___ GRATIS für alle WEB.DE-Nutzer: Die maxdome Movie-FLAT! Jetzt freischalten unter http://movieflat.web.de -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2452152
Including DIGEST auth ChallengeResponse with initial request
Everyone, Sorry about reposting, but I there has been no response to my post from a week ago. I currently have a RESLET 2.0m6 based client and server. They are setup to use DIGEST authentication (as shown in http://wiki.restlet.org/docs_2.0/13-restlet/27-restlet/46-restlet/112-restlet.html). Requests are working, except every that request is challenged and needs to be resent with the response. I am trying to include the correct ChallengeResponse with each new request, but I am missing how it should be constructed. After a challenge I build the ChallengeRespone as [[[challengeResponse = new ChallengeResponse(challengeRequest,request,response,userid,passwd); request.setChallengeResponse(challengeResponse);]]] which works as expected. But when I am about to issue the next request after the resent challenged request completes I can not figure out how to build and attach the ChallengeResponse that is built based upon the last challenge received. To build the ChallengeResponse, I need to provide the request and response, but if I have not yet tried the request, what is the proper Response? Thanks for your help. Rich Thanks Rich -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2452086
Re: Access to HttpSession from Restlet ...
Hi, Stefan Meissner wrote: > Hi, > >> However, the SSL sessions have nothing to do with the Servlet's session >> (and they're unlikely to be suitable as a replacement for such sessions >> anyway). > > I was afraid it's not the same. What I need is an equivalent to: > 'javax.servlet.request.ssl_session' > >> I'd guess what you get is an enumeration of byte arrays, not Strings. An >> hexadecimal serialisation into string would probably be more >> appropriate. This being said, you won't necessarily get the right ID >> from this enumeration if there's more than one. Passing the SSLContext >> to your resources doesn't sound like good design either (again, it >> depends on what you do). > > If I print out the pure ID out of the byte array I get this: [...@e51b2c > which looks like an hex address to me. How can I get to the value then? Not sure how much experience you have with Java, but it doesn't really have the notion of addresses. "[...@e51b2c" is just the default output of toString() on an array object: http://java.sun.com/j2se/1.5.0/docs/api/java/lang/Object.html#toString() I'd suggest searching for Java byte array to hex conversion if you want an string representing the values in your array in hexadecimal (same format as used by javax.servlet.request.ssl_session). > Anyway, in many of the cases of request there is no ID available at all. > That's why I also think the SSL session context is not approriate here. As I said, it's not absurd want to expose the SSL session ID as a Request parameter (in the same was as client certificates and cipher suites are exposed). I could try to provide a patch to do so (if Jerome and Thierry are happy with it). What I'm still not clear about is what you're trying to do with it here (I don't how well you know SSL/TLS). Whether with Restlets or Servlets, it doesn't seem right to use that for maintaining some sort of application session. Best wishes, Bruno. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2452041
Re: How to write an Universal redirector
Hi, I have made some tests with Fiddler2. I have executed the same Request/Headers that I have posted above, and got a "normal/JSON" answer from my Tomcat running on 8080. The Question is: If the StdOut says "Redirecting via client dispatcher to: http://localhost:8080/RESTful"; who submits this Request? Browser, or Server? Please help me going... I am really stuck... Best wishes, ab -- View this message in context: http://n2.nabble.com/How-to-write-an-Universal-redirector-tp4620578p4631601.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2451991
Re: OpenID support
Hello Juan Carlos, you're right, there is an issue opened for this topic: http://restlet.tigris.org/issues/show_bug.cgi?id=446 Best regards, Thierry Boileau > Hi > > I'm trying to develop an application in GAE and I'd like to use Restlet > framework. We have a hosted domain in Google and I was wondering if Restlet > will support OpenId in a near future. It seems a natural option for > authentication for developments over GAE. > > Best regards, > Juan Carlos González > > -- > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2449154 > > -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2451985
RE: Re: Access to HttpSession from Restlet ...
Hi, > However, the SSL sessions have nothing to do with the Servlet's session > (and they're unlikely to be suitable as a replacement for such sessions > anyway). I was afraid it's not the same. What I need is an equivalent to: 'javax.servlet.request.ssl_session' > I'd guess what you get is an enumeration of byte arrays, not Strings. An > hexadecimal serialisation into string would probably be more > appropriate. This being said, you won't necessarily get the right ID > from this enumeration if there's more than one. Passing the SSLContext > to your resources doesn't sound like good design either (again, it > depends on what you do). If I print out the pure ID out of the byte array I get this: [...@e51b2c which looks like an hex address to me. How can I get to the value then? Anyway, in many of the cases of request there is no ID available at all. That's why I also think the SSL session context is not approriate here. Thanks for your answers. Best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2451951
