Re: Auditing function

2011-04-12 Thread Matt Kennedy
I've done something similar in the past.  Rather than rely on the restlet
access logging service, I collected all the data I needed in an object as
the request was processed.  After the request completed, I spun off another
thread to write to the log object to the database. If the database wasn't
available, I did backup logging to a file. I _think_ I did this in the
confines of wither log4j or slf4j, but I can't remember.

On Sun, Apr 3, 2011 at 8:31 PM, Paul Morris  wrote:

> I've been looking into this since my initial post and want to add a couple
> of thoughts to clarify my intention here. I found the LogService Restlet
> class which looks very robust but I need to customize some of the logging
> here for auditing and compliance purposes (i.e. identify the user based on
> querying a session server using a token) so I think I'm looking at something
> homegrown. But again, I'd like to implement some way to sort of "copy" the
> request on the way in and "copy" the response on the way out, parse through
> those copies (perhaps in another thread) to break them out cleanly into a
> database.
>
> --
>
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2716636
>

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719277

RE: Cannot select MediaType when using ClientResource.wrap

2011-04-12 Thread Jerome Louvel
Hi Christoph,

Sorry, the visibility of handle(Request) was only increased in 2.1... 2.1 M3 is 
already quite stable, so if you can upgrade that would be best for you and 2.1 
M4 will have the better solution soon.

Best regards,
Jerome
--
Restlet ~ Founder and Technical Lead ~ http://www.restlet.o​rg
Noelios Technologies ~ http://www.noelios.com



-Message d'origine-
De : christoph.dietze [mailto:christoph.die...@ergodirekt.de] 
Envoyé : mardi 12 avril 2011 15:52
À : discuss@restlet.tigris.org
Objet : RE: Cannot select MediaType when using ClientResource.wrap

Hello Jerome,

thanks for the quick answers.

The solution you describe for 2.1-M4 looks ideal to me, I am looking forward to 
it.

I tried the workaround you proposed by overriding ClientResource.handle().
However, that didnt work:
ClientResource.handle() is never called and ClientResource.handle(Request) is 
private.

cheers,
Christoph

--
View this message in context: 
http://restlet-discuss.1400322.n2.nabble.com/Cannot-select-MediaType-when-using-ClientResource-wrap-tp6264755p6265212.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719102

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719110


RE: OAuth & Restlet

2011-04-12 Thread Martin Svensson
Hi,

Yes it should be OK to use, we are working on finalizing it for the 
2.1-SNAPSHOT, but these are only minor fixes. If you are planning on using the 
OAuthProxy (which is used to gain access to e.g. facebook) I would wait a day 
or two since we are fixing a minor synchronizing issue. If you want to try it 
out that would be great. Be sure to also compile the OpenID extension since it 
uses that for tests.

Thanks,
martin

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719109


RE: Cannot select MediaType when using ClientResource.wrap

2011-04-12 Thread christoph.dietze
Hello Jerome,

thanks for the quick answers.

The solution you describe for 2.1-M4 looks ideal to me, I am looking forward
to it.

I tried the workaround you proposed by overriding ClientResource.handle().
However, that didnt work:
ClientResource.handle() is never called and ClientResource.handle(Request)
is private.

cheers,
Christoph

--
View this message in context: 
http://restlet-discuss.1400322.n2.nabble.com/Cannot-select-MediaType-when-using-ClientResource-wrap-tp6264755p6265212.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719102


RE: GET through Proxy

2011-04-12 Thread Jerome Louvel
Hi Sersan,

For those settings to be taken into account, you need the 
org.restlet.ext.net.jar in your classpath to use HttpURLConnection as your 
Restlet HTTP client.

Best regards,
Jerome
--
Restlet ~ Founder and Technical Lead ~ http://www.restlet.o​rg
Noelios Technologies ~ http://www.noelios.com




-Message d'origine-
De : sersan [mailto:metal...@hotmail.com] 
Envoyé : jeudi 7 avril 2011 23:27
À : discuss@restlet.tigris.org
Objet : RE: GET through Proxy

Hi,

any news on this..

I still can't make it work behind a proxy.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2717826

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719101


RE: Cannot select MediaType when using ClientResource.wrap

2011-04-12 Thread Jerome Louvel
Hi again,

This enhancement is now in SVN trunk (future 2.1 M4):

  - ClientResource now respects any change to the clientInfo preferences
when using dynamic proxies (via wrap() for example). It only overwrites
them if the default preferences state (empty lists) is found at 
invocation
time. 

Note that in this case, conversion hints provided via annotation values such as 
"gwt" are ignored.

Best regards,
Jerome
--
Restlet ~ Founder and Technical Lead ~ http://www.restlet.o​rg
Noelios Technologies ~ http://www.noelios.com


-Message d'origine-
De : Jerome Louvel [mailto:jerome.lou...@noelios.com] 
Envoyé : mardi 12 avril 2011 15:13
À : 'discuss'
Objet : RE: Cannot select MediaType when using ClientResource.wrap

Hi Christoph,

It should be possible to override those settings by using a value in your 
Restlet annotations such as @Get("gwt") or @Get("jos"). For the latter case, 
you need to register this extension into the metadataService of your 
application:

   getMetadataService().addExtension("jos", MediaType.APPLICATION_JAVA_OBJECT);

This isn't fully satisfactory as you need to touch the annotated interface. A 
better approach would be to override ClientResource and extend the 
handle(Request) method.

In this extended method, you can customize/rewrite the clientInfo preferences. 
This will be executed after the annotation/proxy processing logic. Let me know 
if this doesn't work.

I'm also exploring in 2.1 a smarter default logic that would respect any 
predefine client preference in the prototype request wrapped by ClientResource. 
Stay tuned!

Hope this helps,
Jérôme


-Message d'origine-
De : christoph.dietze [mailto:christoph.die...@ergodirekt.de] 
Envoyé : mardi 12 avril 2011 13:25
À : discuss@restlet.tigris.org
Objet : Cannot select MediaType when using ClientResource.wrap

Hello,

I set up a server which can serve a resource in both APPLICATION_JAVA_OBJECT, 
as well as APPLICATION_JAVA_OBJECT_GWT representation.
I can test this using
new
ClientResource("http://blockedcontent:/service/hello";).get(MediaType.APPLICATION_JAVA_OBJECT);
and
new
ClientResource("http://blockedcontent:/service/hello";).get(MediaType.APPLICATION_JAVA_OBJECT_GWT);

However, when using the ClientResource.wrap() I cannot select the MediaType.
- when org.restlet.ext.gwt-2.0.6.jar is in the client's classpath, the accepted 
mediatypes of the request always are 
[application/x-java-serialized-object+gwt:1.0,
application/x-java-serialized-object:1.0,
application/x-java-serialized-object+xml:1.0]

- when org.restlet.ext.gwt-2.0.6.jar is not in the client's classpath, the 
accepted mediatypes are [application/x-java-serialized-object:1.0,
application/x-java-serialized-object+xml:1.0]

Setting the accepted mediatypes as described here does not work 
http://restlet-discuss.1400322.n2.nabble.com/Restlet-Server-GWT-restlet-client-tp6200833p6200833.html
i.e., I tried both
ClientResource cr = new
ClientResource("http://blockedcontent:/service/hello";);
cr.getClientInfo().setAcceptedMediaTypes(
Arrays.asList(new Preference(MediaType.APPLICATION_JAVA_OBJECT)));
ContactResource resource = cr.wrap(ContactResource.class); Contact contact = 
resource.retrieve(); // ...

and
ClientResource cr = new
ClientResource("http://blockedcontent:/service/hello";);
ContactResource resource = cr.wrap(ContactResource.class); ClientProxy p = 
(ClientProxy) resource; 
p.getClientResource().getClientInfo().setAcceptedMediaTypes(
Arrays.asList(new Preference(MediaType.APPLICATION_JAVA_OBJECT)));
Contact contact = resource.retrieve();

But I get always get the GWT representation when the gwt jar is in the 
classpath. This fails to deserialize since I call from a Java program, not a 
GWT app. I want to get the java object mediatype.

Thus, it seems that the client's accepted media types of a wrapped resource are 
solely derived from the libraries on the classpath and cannot be overwritten.
So,how can I use a java serialized object mediatype with ClientResource.wrap, 
even though the gwt jar is in the classpath?


--
View this message in context: 
http://restlet-discuss.1400322.n2.nabble.com/Cannot-select-MediaType-when-using-ClientResource-wrap-tp6264755p6264755.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719056

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719091


RE: Cannot select MediaType when using ClientResource.wrap

2011-04-12 Thread Jerome Louvel
Hi Christoph,

It should be possible to override those settings by using a value in your
Restlet annotations such as @Get("gwt") or @Get("jos"). For the latter case,
you need to register this extension into the metadataService of your
application:

   getMetadataService().addExtension("jos",
MediaType.APPLICATION_JAVA_OBJECT);

This isn't fully satisfactory as you need to touch the annotated interface.
A better approach would be to override ClientResource and extend the
handle(Request) method.

In this extended method, you can customize/rewrite the clientInfo
preferences. This will be executed after the annotation/proxy processing
logic. Let me know if this doesn't work.

I'm also exploring in 2.1 a smarter default logic that would respect any
predefine client preference in the prototype request wrapped by
ClientResource. Stay tuned!

Hope this helps,
Jérôme


-Message d'origine-
De : christoph.dietze [mailto:christoph.die...@ergodirekt.de] 
Envoyé : mardi 12 avril 2011 13:25
À : discuss@restlet.tigris.org
Objet : Cannot select MediaType when using ClientResource.wrap

Hello,

I set up a server which can serve a resource in both
APPLICATION_JAVA_OBJECT, as well as APPLICATION_JAVA_OBJECT_GWT
representation.
I can test this using
new
ClientResource("http://blockedcontent:/service/hello";).get(MediaType.APP
LICATION_JAVA_OBJECT);
and
new
ClientResource("http://blockedcontent:/service/hello";).get(MediaType.APP
LICATION_JAVA_OBJECT_GWT);

However, when using the ClientResource.wrap() I cannot select the MediaType.
- when org.restlet.ext.gwt-2.0.6.jar is in the client's classpath, the
accepted mediatypes of the request always are
[application/x-java-serialized-object+gwt:1.0,
application/x-java-serialized-object:1.0,
application/x-java-serialized-object+xml:1.0]

- when org.restlet.ext.gwt-2.0.6.jar is not in the client's classpath, the
accepted mediatypes are [application/x-java-serialized-object:1.0,
application/x-java-serialized-object+xml:1.0]

Setting the accepted mediatypes as described here does not work
http://restlet-discuss.1400322.n2.nabble.com/Restlet-Server-GWT-restlet-clie
nt-tp6200833p6200833.html
i.e., I tried both
ClientResource cr = new
ClientResource("http://blockedcontent:/service/hello";);
cr.getClientInfo().setAcceptedMediaTypes(
Arrays.asList(new Preference(MediaType.APPLICATION_JAVA_OBJECT)));
ContactResource resource = cr.wrap(ContactResource.class); Contact contact =
resource.retrieve(); // ...

and
ClientResource cr = new
ClientResource("http://blockedcontent:/service/hello";);
ContactResource resource = cr.wrap(ContactResource.class); ClientProxy p =
(ClientProxy) resource;
p.getClientResource().getClientInfo().setAcceptedMediaTypes(
Arrays.asList(new Preference(MediaType.APPLICATION_JAVA_OBJECT)));
Contact contact = resource.retrieve();

But I get always get the GWT representation when the gwt jar is in the
classpath. This fails to deserialize since I call from a Java program, not a
GWT app. I want to get the java object mediatype.

Thus, it seems that the client's accepted media types of a wrapped resource
are solely derived from the libraries on the classpath and cannot be
overwritten.
So,how can I use a java serialized object mediatype with
ClientResource.wrap, even though the gwt jar is in the classpath?


--
View this message in context:
http://restlet-discuss.1400322.n2.nabble.com/Cannot-select-MediaType-when-us
ing-ClientResource-wrap-tp6264755p6264755.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=27190
56

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719084


Cannot select MediaType when using ClientResource.wrap

2011-04-12 Thread christoph.dietze
Hello,

I set up a server which can serve a resource in both
APPLICATION_JAVA_OBJECT, as well as APPLICATION_JAVA_OBJECT_GWT
representation.
I can test this using
new
ClientResource("http://blockedcontent:/service/hello";).get(MediaType.APPLICATION_JAVA_OBJECT);
and
new
ClientResource("http://blockedcontent:/service/hello";).get(MediaType.APPLICATION_JAVA_OBJECT_GWT);

However, when using the ClientResource.wrap() I cannot select the MediaType.
- when org.restlet.ext.gwt-2.0.6.jar is in the client's classpath, the
accepted mediatypes of the request always are
[application/x-java-serialized-object+gwt:1.0,
application/x-java-serialized-object:1.0,
application/x-java-serialized-object+xml:1.0]

- when org.restlet.ext.gwt-2.0.6.jar is not in the client's classpath, the
accepted mediatypes are
[application/x-java-serialized-object:1.0,
application/x-java-serialized-object+xml:1.0]

Setting the accepted mediatypes as described here does not work
http://restlet-discuss.1400322.n2.nabble.com/Restlet-Server-GWT-restlet-client-tp6200833p6200833.html
i.e., I tried both
ClientResource cr = new
ClientResource("http://blockedcontent:/service/hello";);
cr.getClientInfo().setAcceptedMediaTypes(
Arrays.asList(new Preference(MediaType.APPLICATION_JAVA_OBJECT)));
ContactResource resource = cr.wrap(ContactResource.class);
Contact contact = resource.retrieve();
// ...

and
ClientResource cr = new
ClientResource("http://blockedcontent:/service/hello";);
ContactResource resource = cr.wrap(ContactResource.class);
ClientProxy p = (ClientProxy) resource;
p.getClientResource().getClientInfo().setAcceptedMediaTypes(
Arrays.asList(new Preference(MediaType.APPLICATION_JAVA_OBJECT)));
Contact contact = resource.retrieve();

But I get always get the GWT representation when the gwt jar is in the
classpath. This fails to deserialize since I call from a Java program, not a
GWT app. I want to get the java object mediatype.

Thus, it seems that the client's accepted media types of a wrapped resource
are solely derived from the libraries on the classpath and cannot be
overwritten.
So,how can I use a java serialized object mediatype with
ClientResource.wrap, even though the gwt jar is in the classpath?


--
View this message in context: 
http://restlet-discuss.1400322.n2.nabble.com/Cannot-select-MediaType-when-using-ClientResource-wrap-tp6264755p6264755.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719056


OAuth & Restlet

2011-04-12 Thread Lokendra Singh
Hi,

I was looking for OAuth support in Restlet.
Can somebody tell me the status of the OAuth extension kept in incubator.
Can it be used?

Regards
Lokendra

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719023

Solution Design Crisis

2011-04-12 Thread tornat
Hi at all 
I'm Stefano from Italy (so...sorry for my  not so good english). I come from 
JSP-Relational DB and Java world (before 2007) and after some years of stop,
I'm trying to develop a new platform for building collaborative journalistic
stuffs (eg. article, newspapers and so on) using "new" technologies (REST,
NOSQL, workflow engine). So the scenario  is quite simple:

1) Different Kind of people  can access to platform (anonimous users,
writers, readers, editors, administrators) and everyone of them can be, for
example,  editor for one article and also only reader for another one)

2)collaborative resources can have different kind of protection policy in
example, some articles are private (manageable only by their owner),  other
are manageable  by a dinamic group of users, and finally other are public
(manageable by every autentichated user)

So I've already buy restlet in action MEAP ebook (great job) for better
understand  RESTLET powerful characteristics and after 6 chapter I'm in
crisis on  secure issues (probably because of my servlet stateful
background). 

I mean that in JSP world , after a login form , usually I use
session.setParameter ("user", User)  using a POJO User with some methods
like public Boolean checkModification(Article ID) that return true if
current user can modify resource with given ID,  and public Boolean
checkView(Article ID) that  return true if current user can view resource.
Obviusly those methods have business logic that check in some way permission
grant (i. e. a SQL query on a RDBMS). In my opinion, in this way is avoid
also the problem of cross injection  because the user  pojo is in memory in
context session on server side.

I'm sure (or better, I hope) that the same kind of security can be reached
also with RESTLET frameworkbut I'm confused about this topic and about
the better solution for my project.

For other features i need to use Restlet as  Servlet  in Tomcat , so please
..can everyone  guide me in the choose of right secure architecture, to
obtain content protection policy (like explained above)and also to avoid
malicius injection, by using Tomcat and Restlet? 

I hope in your help...thanks in advance.
Stefano
 


--
View this message in context: 
http://restlet-discuss.1400322.n2.nabble.com/Solution-Design-Crisis-tp6264271p6264271.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719025

Solution Design Crisis

2011-04-12 Thread tornat
Hi at all 
I'm Stefano from Italy (so...sorry for my  not so good english). I come from 
JSP-Relational DB and Java world (before 2007) and after some years of stop,
I'm trying to develop a new platform for building collaborative journalistic
stuffs (eg. article, newspapers and so on) using "new" technologies (REST,
NOSQL, workflow engine). So the scenario  is quite simple:

1) Different Kind of people  can access to platform (anonimous users,
writers, readers, editors, administrators) and everyone of them can be, for
example,  editor for one article and also only reader for another one)

2)collaborative resources can have different kind of protection policy in
example, some articles are private (manageable only by their owner),  other
are manageable  by a dinamic group of users, and finally other are public
(manageable by every autentichated user)

So I've already buy restlet in action MEAP ebook (great job) for better
understand  RESTLET powerful characteristics and after 6 chapter I'm in
crisis on  secure issues (probably because of my servlet stateful
background). 

I mean that in JSP world , after a login form , usually I use
session.setParameter ("user", User)  using a POJO User with some methods
like public Boolean checkModification(Article ID) that return true if
current user can modify resource with given ID,  and public Boolean
checkView(Article ID) that  return true if current user can view resource.
Obviusly those methods have business logic that check in some way permission
grant (i. e. a SQL query on a RDBMS). In my opinion, in this way is avoid
also the problem of cross injection  because the user  pojo is in memory in
context session on server side.

I'm sure (or better, I hope) that the same kind of security can be reached
also with RESTLET frameworkbut I'm confused about this topic and about
the better solution for my project.

For other features i need to use Restlet as  Servlet  in Tomcat , so please
..can everyone  guide me in the choose of right secure architecture, to
obtain content protection policy (like explained above)and also to avoid
malicius injection, by using Tomcat and Restlet? 

I hope in your help...thanks in advance.
Stefano
 


--
View this message in context: 
http://restlet-discuss.1400322.n2.nabble.com/Solution-Design-Crisis-tp6264270p6264270.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719024