Re: SSL needClientAuthentication not working

2011-11-30 Thread Bruno Harbulot
On 30/11/2011 07:12, Sean wrote: Looks like this is definitely a bug... I have tried knocking Restlet back to 2.0 and it functions as expected. 2.1RC1 and the 2.1 snapshot both won't force clientauthentication. I'd rather not switch back to 2.0 as I am using some of the new methods in 2.1..

Re: What is the importantce of passwords when configuring HTTPS?

2011-11-30 Thread Bruno Harbulot
On 29/11/2011 20:39, Mark Kharitonov wrote: Hi. I have followed the Restlet HTTPS guide (http://wiki.restlet.org/docs_2.0/13-restlet/27-restlet/46-restlet/213-restlet.html) to configure HTTPS. In particular, it results in a code similar to this one: parameters.add(sslContextFactory,

Re: An unexpected status was returned: Communication Error (1001) - sun.security.validator.ValidatorExce

2010-11-03 Thread Bruno Harbulot
Hi, You should be able to pass your own SSLContext (similar to what you'd use with Apache HTTP Client 4) via an SslContextFactory in the sslContextFactory attribute, more or less like this: final SSLContext mySslContext = client.getContext().getAttributes().put(sslContextFactory, new

Re: SAML 2.0 with Restlet

2010-09-22 Thread Bruno Harbulot
On 18/09/10 12:52, Sanchit wrote: I am developing a web-services based project which is supposed to use SAML as security token for communication with a centralized server... The centralized server maintains the roles policies associated with other entities in the ecosystem. The centralized

Re: Embedded Jetty

2010-09-17 Thread Bruno Harbulot
Hi Roy, On 17/09/10 00:31, webp...@tigris.org wrote: Bruno, I have a standalone Restlet server and I need to support HTTPS, so I'm using jetty.xml to configure the SSLSocketConnector. I thought Jetty 7 was the current version but I don't know any reason why Jetty 6 won't work, so I'll

Re: Embedded Jetty

2010-09-15 Thread Bruno Harbulot
Hi, On 13/09/10 02:22, webp...@tigris.org wrote: I'm attempting to use Jetty 7.1.5 with Restlet 1.1.10 however there's no connector jar included for this version of Jetty - only Jetty 6.1. So, I'm wondering is it possible to use Jetty 7? Also, I'm not sure where put jetty.xml so I can

Re: restlets : communicating in SSL with tomcat

2010-08-25 Thread Bruno Harbulot
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 25 more 2010/8/24 Bruno Harbulot bruno.harbu...@manchester.ac.uk mailto:bruno.harbu...@manchester.ac.uk Hi Xavier, If you're using Restlet within a Servlet

Re: HTTPS connector

2010-08-25 Thread Bruno Harbulot
Hi Nicho, It looks like you need to add the com.noelios.ext.net or com.noelios.ext.httpclient jars to your classpath. Best wishes, Bruno. On 16/08/10 17:30, webp...@tigris.org wrote: I am writing HTTPs client code as below, but encountered warning message. I am using Restlet 1.1. I suspect

Re: Use of ClientResource inside a server resource

2010-08-25 Thread Bruno Harbulot
Hi Xavier, In addition, if you're running the application within a servlet environment, you can configure the clients by adding this in the web.xml file: context-param param-nameorg.restlet.clients/param-name param-valueHTTP HTTPS CLAP FILE/param-value

Re: HTTPS server

2010-08-25 Thread Bruno Harbulot
Hi Nicho, The second command (parameters.add(DefaultSslContextFactory, ...)) actually doesn't do anything, since it's the sslContextFactory parameter name that is user (DefaultSslContextFactory is a possible value but not the parameter name), so this falls back to the default configuration.

Re: restlets : communicating in SSL with tomcat

2010-08-25 Thread Bruno Harbulot
On 25/08/10 13:53, Xavier Méhaut wrote: Hi Bruno, Actually our architecture is the following : A PC runs a restlet server locally (withou a servlet container); the resources served by this server call themselves other restlets which are located into another restlet serveron another PC, but

Content negotiation problem when using a specific server connector (Jetty, Simple or Netty)

2010-08-09 Thread Bruno Harbulot
Hi, The problem I described in http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2639896 was fixed in version 2.0.0 (I was using 2.0-RC4 for this test). Great! However, there's a new problem. (I'm using the same code: http://gist.github.com/496447) This works:

Optional authentication and ClientInfo.getAuthenticated()

2010-08-06 Thread Bruno Harbulot
Hi all, Perhaps something that I should have noticed earlier... Currently, an optional authenticator sets the ClientInfo to be authenticated whether or not the authentication was successful or took place. This is due to beforeHandle and authenticated: @Override protected int

Re: Paging resources in GWT

2010-08-03 Thread Bruno Harbulot
On 03/08/10 14:36, Harald Pehl wrote: In our current project we have lots of resources which return a subset of bigger datasets. For that the paging information is provided as part of the URL: /some resource/{offset}/{limit}[/{sortBy}[/{sortDirection}]] [] parts are optional. So valid

Re: Paging resources in GWT

2010-08-03 Thread Bruno Harbulot
On 03/08/10 15:35, Harald Pehl wrote: I thought using query parameters too, but decided against it, because it prevents caching of the resources. I'd say you're more likely to have problems with caching if you use a 'Range' header with a custom range unit than with a normal request with

Content negotiation problem when Content-Type in a GET request

2010-07-28 Thread Bruno Harbulot
Hello, I know it's unusual, but one of the clients I'm using (jQuery) sends a Content-Type: application/x-www-form-urlencoded header with its GET requests (because there's some data that's serialized in the query part of the URI, see [1][2]). I've looked at the HTTP specification, but I can't

Re: Chaining an authorization filter after a router

2010-06-28 Thread Bruno Harbulot
On 28/06/10 16:27, Carles Barrobés wrote: I'm trying to do the following: for URLs matching a pattern /user/{username}/resource..., where username designates the resource's owner, I want to grant access only if the authenticated user matches the owner of the resource. I created a custom

Re: Custom WWW-Authentication

2010-06-24 Thread Bruno Harbulot
On 23/06/2010 17:42, webp...@tigris.org wrote: Thanks the reply. My plan is first step client calls server by http GET, second step server response in 401 with WWW-Authentication: PPPK realm=***, nonce=***, opaque=***, keyid=***, version=***. In the end, client will response back with

Re: restlet on ijetty

2010-06-10 Thread Bruno Harbulot
Hi Martin, I'm sure a number of Restlet users would be interested in this (including Jerome and Thierry of course). There seems to be an open issue about it: http://restlet.tigris.org/issues/show_bug.cgi?id=1110 This may also be relevant if you're willing to contribute some code:

Re: Unable to set Reason Phrase on successful request using Jetty

2010-06-09 Thread Bruno Harbulot
Hi Michael, On 07/06/10 15:41, Michael Rehse wrote: Using Restlet 1.1.10 and the Jetty connector (com.noelios.restlet.ext.jetty 1.1.10) deployed as a standalone application, if I set the status to 200 Foo the response comes back as 200 OK. This is not the expected behavior - is it? I have

Re: java client code to https service under tomcat

2010-06-08 Thread Bruno Harbulot
Hi, On 07/06/2010 22:45, p Nut wrote: I am trying to write a java client which calls the web service. all the following circumstances work. -access service using browser using http and also https. Using https, I can access my service using a browser. I will have to accept the exception in

Re: Using multiple Applications

2010-06-03 Thread Bruno Harbulot
On 01/06/10 21:51, jupiterroom wrote: Hi. I have an application and have implemented createInboundRoot to root the the resources I want to use. Now I have something I consider to be a new application and what to keep the routing seperate with a different implementation of createInboundRoot.

Re: Verifying Content-MD5

2010-05-20 Thread Bruno Harbulot
Hi Jean-Philippe, It doesn't, and the main problem is that you need to consume the stream for the digest to be computed. If you want to do it in a filter, you have to store whatever your read and then put the data back into the representation. I've just tried with a simple example and a some

Re: HTTP over SSL client

2010-05-19 Thread Bruno Harbulot
On 18/05/2010 18:17, webp...@tigris.org wrote: Hi Bruno, I'd like to sincerely thanks for your answer :) After following your suggestions now I set parameters in this way: org.restlet.Server https_server = new org.restlet.Server(Protocol.HTTPS, https_port); https_server.setContext(new

Re: HTTP over SSL client

2010-05-18 Thread Bruno Harbulot
Hi, On 18/05/10 16:19, iammyr wrote: Hi everyone, I have set up a REST application, using restlet-jse-2.0snapshot to which I've added to servers: the first one supports the http protocol on port 9877, while the second one supports the https protocol on port 9873 org.restlet.Server

Re: Restlet - CharacterSet problem in represent method

2010-05-14 Thread Bruno Harbulot
Hi, I'm not sure where this comes from, but it might come from the original string that you're reading (it's not clear from your code fragment). It looks like it could be read in UTF-8 and then written as if it was ISO-8859-1. You might be able to get the correct output if you make sure it's

Re: SSL issue with Jetty, Simple

2010-05-10 Thread Bruno Harbulot
Hi Dave, On 08/05/10 17:31, David Fogel wrote: Hi Bruno- Thanks for your feedback and suggestions on this. We've sorted out a few things: 1) You were right that the Simple extension needs to have the truststorePath and truststorePassword configured in order to run. Once we added those

Re: JAAS and JBoss 5.1

2010-05-10 Thread Bruno Harbulot
Hi Kevin, This sounds good. One of the main reasons to separate the Enroler from the Verifier was to give the ability to have two sources of information (for example, if verifying the credentials is done via Kerberos and fetching the roles is done via LDAP). I don't see using the Enroler as a

Re: SSL issue with Jetty, Simple

2010-05-06 Thread Bruno Harbulot
Hi Dave, On 06/05/2010 15:16, David Fogel wrote: We had previously set up SSL with a self-signed cert, generated using java keytool. This worked fine on Jetty and, until recently, with the Simple connector, which had some hanging issues a few revisions ago (but which may have been fixed,

Re: SSL issue with Jetty, Simple

2010-05-06 Thread Bruno Harbulot
Hi Dave, On 06/05/2010 17:07, David Fogel wrote: What does Firefox say in detail? Usually, you can get the certificate and it will tell you what's wrong with it (on the first dialog after the warning page, the one where you can get the cert and choose to accept/refuse it). firefox is

Re: SSL modifications since 2.0 RC 1 ?

2010-05-04 Thread Bruno Harbulot
Hi Nicolas, On 03/05/2010 15:09, Nicolas Rinaudo wrote: Hi Bruno, You certainly put a lot of effort into that ! I have to admit that some of it went over my head - you obviously are a bit of an expert on the matter, which I'm not. If I understand you properly, the problem isn't Restlet,

Re: SSL modifications since 2.0 RC 1 ?

2010-04-30 Thread Bruno Harbulot
Hi Nicolas, On 28/04/2010 12:55, Nicolas Rinaudo wrote: This might be an important bit of information. After running a few more tests, I realised that Safari would: - fail ignoring certificates if the server is running on OS X. - succeed in ignoring certificates if the server is running on

Re: SSL modifications since 2.0 RC 1 ?

2010-04-27 Thread Bruno Harbulot
Hi Nicolas, Nicolas Rinaudo wrote: First, thanks for taking the time to look into this, I really appreciate it. Now, to answer your post. 2. By default, the SSLContext (on the server connectors) is created by the DefaultSslContextFactory, which follows the defaults of the JSSE Ref

Re: SSL modifications since 2.0 RC 1 ?

2010-04-26 Thread Bruno Harbulot
Hi Nicolas, Nicolas Rinaudo wrote: Hey, We've just upgraded form RC 1 to RC 3 (we skipped RC 2 due to blocking issues), and there appears to have been some changes in the way SSL keystores are managed - our test self-signed certificate that worked perfectly with RC 1 now has issues with

Re: SSL modifications since 2.0 RC 1 ?

2010-04-26 Thread Bruno Harbulot
Nicolas Rinaudo wrote: Could you clarify what you mean by accept/ignore? I'm not sure what this means in the context of Firefox/Safari. Right, sorry, that wasn't very clear. Accept: the browser will load the page without complaint. Refuse: the browser will fail to load the page with an

Re: HTTPS / SSL not working after updating to trunk

2010-03-26 Thread Bruno Harbulot
Hi Dave, On 25/03/2010 21:47, David Fogel wrote: Hi Bruno- So, I got Jetty working as the connector, and yes, it does seem to work fine with our previously discussed HTTPS configuration. So that can hold us for now, but we do eventually want to use the Simple connector. Incidentally,

Re: HTTPS / SSL not working after updating to trunk

2010-03-25 Thread Bruno Harbulot
Hi, Sorry, that's probably due to a patch I submitted a few weeks ago and that was put in the trunk a couple of days ago. The aim was to consolidate the SSL settings to have them in one place, but it seems that there was a line missing unfortunately. Here is a patch: diff --git

Re: HTTPS / SSL not working after updating to trunk

2010-03-25 Thread Bruno Harbulot
. Bruno Harbulot wrote: Hi, Sorry, that's probably due to a patch I submitted a few weeks ago and that was put in the trunk a couple of days ago. The aim was to consolidate the SSL settings to have them in one place, but it seems that there was a line missing unfortunately. Here

Re: HTTPS / SSL not working after updating to trunk

2010-03-25 Thread Bruno Harbulot
Hi David, David Fogel wrote: Hi Bruno, Jerome- Thanks for taking a look at this! I've just updated to the latest in trunk (SVN revision 6407). Unfortunately, the fix doesn't seem to be working- in fact now what I'm seeing is that the connection is never made from the client, but now my

Re: HTTPS / SSL not working after updating to trunk

2010-03-25 Thread Bruno Harbulot
To give you a bit more details, just in case you manage to see a bit more what's happening on your side, the patch that was put in the trunk today (r6407) was clearly due to the fact I had omitted a very important line: the one that passes the parameters to the factory: if (result ==

Re: Content type negotiation with annotations

2010-03-17 Thread Bruno Harbulot
Hi Thierry, Thanks, removing these lines solves the problem. Best wishes, Bruno. Thierry Boileau wrote: Hello Bruno, thanks for the test case. You can remove the following lines from the init method : getVariants().add(new Variant(MediaType.TEXT_HTML)); getVariants().add(new

Re: Content type negotiation with annotations

2010-03-16 Thread Bruno Harbulot
Hi Thierry, I've just tried it on 2.0-RC1. Here is a jUnit test case. SampleResource1 and SampleResource2 offer both plain text and HTML on GET, and for simplicity, only HTML on POST (but that's only determined by the method itself -- the problem is that it's not even called).

Re: A GET with query parameters?

2010-03-15 Thread Bruno Harbulot
Hi, Any specific reason why you don't want to use a normal query like this? http://mysite.com/farms?size=n You could then get the query parameters with: Form queryParams = getRequest().getResourceRef().getQueryAsForm(); String size = queryParams.getFirstValue(size); Best wishes,

Content type negotiation with annotations

2010-03-15 Thread Bruno Harbulot
Hi, Firstly, I'd like to write a ServerResource that uses @Get(xml) and @Get(html) for content negotiation on GET but not on POST (where it would return a different content-type depending on what the method does, or do the negotiation internally). Secondly, I'd like to be able to post some

Re: Access to HttpSession from Restlet ...

2010-03-03 Thread Bruno Harbulot
Hi, I've just submitted a patch: http://restlet.tigris.org/issues/show_bug.cgi?id=1050 It can be useful for some applications to have access to the TLS session ID. (This could possibly be used by some ongoing FOAF+SSL work for example.) Regarding the use of SSL session ID for maintaining

Re: M7 and TunnelService fix still not working for IE7/8 (or so it seems)

2010-03-02 Thread Bruno Harbulot
Hi, Just in case it may help, last week, I had to use the following configuration for IE8, using the snapshot in the Maven repository (org.restlet-2.0-20100210.140104-6132.jar). #Internet explorer agentName: msie acceptOld: */* acceptNew:

Re: ConcurrentModificationException from Resource

2010-02-26 Thread Bruno Harbulot
Hi, The groupIds in the Maven repository have changed after 2.0M3 to take into account the notion of editions (JEE, JSE, GWT, Android). You can use org.restlet.jee or org.restlet.jse (for example) instead of org.restlet. Best wishes, Bruno. Ruben Hernando wrote: Hi, I can't see that

Re: Access to HttpSession from Restlet ...

2010-02-25 Thread Bruno Harbulot
Hi, Stefan Meissner wrote: Hi, However, the SSL sessions have nothing to do with the Servlet's session (and they're unlikely to be suitable as a replacement for such sessions anyway). I was afraid it's not the same. What I need is an equivalent to:

Re: Access to HttpSession from Restlet ...

2010-02-25 Thread Bruno Harbulot
Stefan Meissner wrote: What I'm still not clear about is what you're trying to do with it here (I don't how well you know SSL/TLS). Whether with Restlets or Servlets, it doesn't seem right to use that for maintaining some sort of application session. As you may have noticed I'm a newbie

Re: Access to HttpSession from Restlet ...

2010-02-24 Thread Bruno Harbulot
Hi, It currently isn't possible to retrieve the SSL session ID (in the same way as it's possible to retrieve the cipher suite or the client certificates from the Restlet Request. It could make sense to implement this, and I wouldn't mind contributing a patch to do so. Feel free to put an RFE

Re: Restlet client connecting to server with self signed certificate

2010-02-11 Thread Bruno Harbulot
On 11/02/2010 23:14, Rocky V wrote: Do you mean to say, I can use something like this: secureProtocolSocketFactory = new SslContextedSecureProtocolSocketFactory(...); org.apache.commons.httpclient.protocol.Protocol .registerProtocol( https, new

Re: Restlet client connecting to server with self signed certificate

2010-02-10 Thread Bruno Harbulot
Hi Rocky, Rocky V wrote: I am on Restlet 1.1.5 and can upgrade to 1.1.8 (last known stable version from restlet.org) if need arises. My problem is to trust all certificates for my Restlet client using HTTPS (apache common). Am I right in understanding that you want your client to trust any

Re: Restlet client connecting to server with self signed certificate

2010-02-10 Thread Bruno Harbulot
Hi Rocky, On 10/02/2010 19:08, Rocky V wrote: Bruno Harbulot wrote: Rocky V wrote: I am on Restlet 1.1.5 and can upgrade to 1.1.8 (last known stable version from restlet.org) if need arises. My problem is to trust all certificates for my Restlet client using HTTPS (apache common). I

Re: Restlet Client class with custom SSLSocket/SSLContext

2010-02-04 Thread Bruno Harbulot
Hi Adrian, In Restlet 2, you can pass SslContextFactories to the client context. import org.restlet.engine.security.SslContextFactory; import org.restlet.engine.security.DefaultSslContextFactory; ... // Example with the default SslContextFactory SslContextFactory sslContextFactory = new

Re: @Get for many Variants

2010-01-22 Thread Bruno Harbulot
Hi, You could use org.restlet.engine.converter.ConverterHelper too. You might want to register your own Converter if you're not satisfied with the default ones. In this case, the if-MediaType logic will be in the ConverterHelper's toRepresentation method. public class SearchResource extends

Re: including restlet in a maven project

2010-01-20 Thread Bruno Harbulot
Hello, Marc Limotte wrote: Great, this worked for me... got 2.0-m6, although I had to use the instructions to manually download it into my local repository. You can also add the repository to your POM: repositories repository idrestlet/id namePublic

Re: how to set up client certificate in restlet 1.1.4 for HTTPS?

2009-12-16 Thread Bruno Harbulot
Hi, Using client-certificates with Restlet 1.1 is not well supported (in fact, it's not supported at all, but there are workarounds to make it work in some cases). I'd suggest upgrade to Restlet 2; there might still be bugs with some connectors, but the Apache HTTP client and the Net

Re: 'java.security.UnrecoverableKeyException: Cannot recover key' in https Restlet client

2009-12-04 Thread Bruno Harbulot
Hi Mikis, This definitely sounds like a bug. I'll try to address it shortly. Meanwhile, I'd suggest working around it by using another connector if you can (for example, but putting the org.restlet.ext.net or org.restlet.ext.httpclient on the classpath if you can). I suspect that these

Re: 'java.security.UnrecoverableKeyException: Cannot recover key' in https Restlet client

2009-12-03 Thread Bruno Harbulot
Hello, Do you know if your user has a '.keystore' file in the home directory? Would it work better if this file was out of the way? If so, this could be related to the side effect I found when fixing http://restlet.tigris.org/issues/show_bug.cgi?id=586#desc15. I'd suggest fixing this issue by

Re: HTTPS with Tomcat

2009-11-30 Thread Bruno Harbulot
Hi Dustin, If you're running within Tomcat (or other servlet containers), it's Tomcat that deals with the SSL connector, not the Restlet connector. Therefore, this setup has nothing to do with what's on the Restlet wiki regarding SslContextFactories (which are only for connections with a

Re: FirstResource Example - What is Item

2009-11-23 Thread Bruno Harbulot
Hello, I'm not sure where you got your examples from (perhaps there's a packaging error somewhere), but it's in the same package, in the subversion repository: http://restlet.tigris.org/source/browse/restlet/trunk/modules/org.restlet.example/src/org/restlet/example/firstResource/ Best wishes,

[2.0 trunk] Using get(Variant) to return representation after PUT

2009-11-17 Thread Bruno Harbulot
Hello, I've just tried a short-cut to return the representation after a PUT: calling get(variant), but it doesn't work as if it was doing a direct GET. I'm not sure if it's a just a bad idea or if we should try to make it work. The test case looks like this: public MyClass extends

Re: SEVERE: don't pass the component context to child Restlets anymore

2009-10-29 Thread Bruno Harbulot
Hi Jim, It's actually quite important to separate the various settings you pass to the Component (and the connectors) from those you pass to the Application itself. This way, you prevent leakage of sensitive information (such as private keys for SSL connectors) to the Application. One easy way

Re: Disabling weak ciphers in Restlet

2009-10-17 Thread Bruno Harbulot
Hi, You should be able to select the cipher suites you want explicitly (otherwise, the default ones will be used) by setting the enabledCipherSuites and/or disabledCipherSuites attributes on your instance of Server. These attributes should contain a array of Strings (for example

Re: Integrating Apache and Restlet server like Apache and Tomcat

2009-09-23 Thread Bruno Harbulot
Hi Ashish, As Rémi said, mod_proxy might be better for what you need. In addition, mod_jk seems to have been deprecated in favour of mod_proxy_ajp (both use AJP). There is more about this on the Jetty wiki: http://docs.codehaus.org/display/JETTY/Configuring+AJP13+Using+mod_jk The only case

Re: Integrating Apache and Restlet server like Apache and Tomcat

2009-09-22 Thread Bruno Harbulot
Hi Ashish, Ashish Sharma wrote: Hello, I have my Apache http server running on localhost:80 and restlet server on localhost:8182, but I want to configure above combination just like Apache http server and Apache tomcat servlet container can be configured with mod_jk library. Is it

Re: Client Authentication PKI

2009-09-18 Thread Bruno Harbulot
Hi Dan, The idea is to pass an instance of an SslContextFactory as an attribute (or a class name as a parameter) of the Context. In the 1.1 branch on the server side, the SSLContext is set up as follows: 1. If there is a *instance* of SslContextFactory in the sslContextFactory *attribute* of

Re: Client Authentication PKI

2009-09-17 Thread Bruno Harbulot
Hi Dan, You can't really do this with a ChallengeScheme/ChallengeResponse or something similar, since it the certificates are passed at the SSL/TLS layer, which is under HTTP. If you don't want to use the system properties, you can use your own SslContextFactory passed as an argument to the

Re: Client Authentication PKI

2009-09-17 Thread Bruno Harbulot
I should also say that this feature has only been implemented quite recently on the client side, so you might need a recent version of Restlet. More on this topic at: http://restlet.tigris.org/issues/show_bug.cgi?id=586 Best wishes, Bruno. Bruno Harbulot wrote: Hi Dan, You can't really

Re: Client HTTPS Invalid keystore format

2009-08-21 Thread Bruno Harbulot
Hi Laurent, Laurent Garrigues wrote: keytool -genkey -v -alias serverX -dname CN=serverX,OU=IT,O=JPC,C=GB -keypass password -keystore serverX.jks -storepass password -keyalg RSA -sigalg MD5withRSA -keysize 2048 -validity 3650 I'd suggest using SHA1withRSA instead of MD5withRSA, since

Re: Auth by client's certificate

2009-08-20 Thread Bruno Harbulot
Hi, I'm not sure. If GrizzlyServerCall is running from the same thread the SSLReadFilter is used, SSLReadFilter.doPeerCertificateChain(...), with the selection key in the GrizzlyServerCall should work. What you need ultimately is to get hold of the SSLSession (via SSLEngine or SSLSocket),

Re: Client HTTPS Invalid keystore format

2009-08-20 Thread Bruno Harbulot
Hi Laurent, Where do you put this file and/or where do you configure it (are you passing it via system properties)? It might not be using the file you want. I suspect that, if you haven't configured anything more, it would be using the cacerts file provided with your JRE. Best wishes, Bruno.

Re: Auth by client's certificate

2009-08-19 Thread Bruno Harbulot
Hi Evgeny, Evgeny Shepelyuk wrote: Hello, I'm using Jetty as restlet HTTP engine with SSL enabled and client's certificate auth. Probabaly it's more related to Jetty but is this possible to make server only ask for certificates only for certain URL. I'm NOT USING

Re: Patch for MetadataService to support XSL files with the more common extension .xsl

2009-08-14 Thread Bruno Harbulot
Hi Fabian, The procedure to contribute to Restlet is described here: http://www.restlet.org/community/contribute In short, for a patch to be included, you would have to sign the JCA and get in touch with Jerome or Thierry. Best wishes, Bruno. Fabian Mandelbaum wrote: Hello, I've asked

Re: Restlet SSL and Weblogic (even tomcat would help)

2009-07-20 Thread Bruno Harbulot
Hi Andy, webp...@tigris.org wrote: When I started this as a Java application, I didn't need any other relavent configuration, no web.xml. I don't really understand how but somehow this starts up a Jetty Container. I am told (please correct if I am wrong) that somewhere in

Re: Restlet SSL and Weblogic (even tomcat would help)

2009-07-17 Thread Bruno Harbulot
Hello, Andrew Whelan wrote: Hello, I am trying to deploy a Restlet application as a Servlet to weblogic using SSL for authentication and authorization. I have successfully gotten the SSL authentication to work with my Restlet, running it as a Java application using the default Jetty

Re: Question about 'org.restlet.engine.Engine.registerHelper(ClassLoader, URL, List, Class)'

2009-07-17 Thread Bruno Harbulot
Hi, Marcelo Paternostro wrote: My environment is: - Eclipse 3.5 - The Jetty support offered by Eclipse So I've added all 'org.mortbay.jetty.*' bundles that come with Eclipse plus 'org.restlet.ext.jetty' to the class path and run the basic restlet example just to see it dying in a

Re: Licensing question

2009-07-14 Thread Bruno Harbulot
Hello, (Please don't consider what I'm saying here as legal advice...) Restlet 1.1.4 only bundles the compiled code (so no source code to scan there) and provides a link to https://sjsxp.dev.java.net/. The source bundle I've been able to get from https://sjsxp.dev.java.net/ (I'm not sure it's

Re: Content Negotiation for Safari 4. Any way to override?

2009-06-25 Thread Bruno Harbulot
Hi Bruce/Thierry, It seems that the code has changed between version 1.1 and 2.0. In 1.1.5, com.noelios.restlet.application.TunnelFilter uses 'equalsIgnoreCase' (line 388), whereas in the trunk (2.0), org.restlet.engine.application.TunnelFilter uses 'equals' (line 528). I think it makes sense

Re: Content Negotiation for Safari 4. Any way to override?

2009-06-24 Thread Bruno Harbulot
Hi Thierry, I'm not entirely sure what the intended behaviour of the TunnelService (regarding user-agents) is. Could you confirm this should be as follow (assuming the user agent tunnel is switched on in the service)? Step 1. The TunnelService parses the 'User-Agent' header and compares it

Re: 2.0m3 and content negotiation

2009-06-12 Thread Bruno Harbulot
Hi Jerome, Is there a full list of the annotation parameters? According to these pages, they're not media-types: - http://wiki.restlet.org/developers/172-restlet/226-restlet.html - http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1596334 I'm using revision 5060. * Case

Re: 2.0m3 and content negotiation

2009-06-12 Thread Bruno Harbulot
properly in revision 5060, by the way. Best wishes, Bruno. Bruno Harbulot wrote: Hi Jerome, Is there a full list of the annotation parameters? According to these pages, they're not media-types: - http://wiki.restlet.org/developers/172-restlet/226-restlet.html - http://restlet.tigris.org/ds

Re: 2.0m3 and content negotiation

2009-06-12 Thread Bruno Harbulot
, since there's always going to be the problem when building the returned representation within the method (for example, it doesn't prevent from making mistakes and having a method with @Get(xml) returning a StringRepresentation built with MediaType.IMAGE_JPEG). Best wishes, Bruno. Bruno Harbulot

Re: Restlet with a large dataset

2009-06-11 Thread Bruno Harbulot
Hi Jean-Christophe, You should be able to keep the memory usage small if you write to the OutputStream directly, using an OutputRepresentation: return new OutputRepresentation(MediaType.APPLICATION_XML) { @Override public void write(OutputStream

Dispatching calls to resources internally

2009-05-08 Thread Bruno Harbulot
Hello, I'm trying to perform operations on a resource in a way that affects other resources in the same system (because they depend partly on the same domain objects). For example, in the tutorial http://www.restlet.org/documentation/1.1/tutorial#part12, UserResource and OrderResource both

Re: Restlet 1.2 to become Restlet 2.0

2009-05-06 Thread Bruno Harbulot
Hi, This sounds sensible. Just a quick question: what does this mean with respect to support for Java 6? I thought it had been mentioned that Java 6 support was planned for Restlet 2.0. I'm not personally requiring Java 6, although support for SPNEGO would (unless we re-implement what was

Re: HttpClient Alternatives

2009-05-06 Thread Bruno Harbulot
Hi Rob, Rob Heittman wrote: Hi all... I think today I lost my last fight with HttpClient misbehavior... Failure to consume entity (not in my control) consumes a connection; subsequent attempts block ... This is a crummy failure mode. I'm weary. I'd like a Restlet client connector

Re: Restlet 1.1.4 + Jetty + SSL - trustAnchors exception

2009-04-17 Thread Bruno Harbulot
Hello, It looks like it's the same problem as here: http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1068636. It's time for me to make a new release of jSSLutils with the fix. Meanwhile, can you use com.noelios.restlet.​util.DefaultSslConte​ xtFactory instead? It should

Re: Restlet and maven

2009-04-08 Thread Bruno Harbulot
Bruno Harbulot wrote: Rémi Dewitte wrote: Hello, I know there is some ongoing work about maven and restlet. If I checkout the trunk and build it, how do I install the new artifacts into my local m2 repository ? Assuming you're on a unix machine, I find the easiest to be: 1. Edit

Re: Restlet and maven

2009-04-08 Thread Bruno Harbulot
Rémi Dewitte wrote: Hello, I know there is some ongoing work about maven and restlet. If I checkout the trunk and build it, how do I install the new artifacts into my local m2 repository ? Assuming you're on a unix machine, I find the easiest to be: 1. Edit build/build.properties to set

Re: Grizzly Https Server

2009-04-08 Thread Bruno Harbulot
Hi Sheshakiran, Are you looking for using Grizzly or Restlet with the Grizzly connector? In Restlet, SSL support has been harmonised using an SslContextFactory for all the connectors. It supports client-certificate authentication (provided your configure it with the trust store you require.)

Re: CSS and HTTPS problem ...

2009-04-01 Thread Bruno Harbulot
Hi, Rob Heittman wrote: You'd have to change the CSS to also reference the images, etc. over https. The warning you describe will be triggered whenever you have an HTML page, delivered over https, that calls images, CSS, or javascript from another source, delivered over http. This isn't

Re: HTTPS trustAnchors error

2009-01-29 Thread Bruno Harbulot
Hi Dan, It looks like a bug in the code I wrote... I'm going to look into this. Can you try using com.noelios.restlet.util.DefaultSslContextFactory instead of com.noelios.restlet.ext.ssl.PkixSslContextFactory meanwhile? Best wishes, Bruno. Dan Noble wrote: Hello all, I am new to

Re: How to set the SSLContextFactory in the Client

2009-01-16 Thread Bruno Harbulot
Hi Chris, Bruno Harbulot wrote: Hi Chris, christian.hai...@gmail.com wrote: I use Restlet Version 1.1 I tried it this way: Client client = new Client(new Context(), Protocol.HTTPS); Context con = client.getContext(); SeriesParameter param1 = con.getParameters

Re: How to set the SSLContextFactory in the Client

2009-01-12 Thread Bruno Harbulot
Hi Chris, christian.hai...@gmail.com wrote: I use Restlet Version 1.1 I tried it this way: Client client = new Client(new Context(), Protocol.HTTPS); Context con = client.getContext(); SeriesParameter param1 = con.getParameters();

Re: contributing - areas of interest

2008-12-08 Thread Bruno Harbulot
Hi, You might also be interested in RFE 505, which already has a few comments, including pointers to discussions on this mailing list: http://restlet.tigris.org/issues/show_bug.cgi?id=505 (I doubt I'll be able to follow the discussions in details over the next couple of weeks at least.)

Re: Guard suggestion

2008-11-27 Thread Bruno Harbulot
Hi Stephan, Stephan Koops wrote: Hi Bruno, I think, in the context of wider refactorisation of authentication and authorisation, that authentication should provided a Principal when a client has been authenticated (and perhaps a default guest principal when no one has, like jGuard does, but

Re: Guard suggestion

2008-11-26 Thread Bruno Harbulot
Hi Jerome and Remi, I think, in the context of wider refactorisation of authentication and authorisation, that authentication should provided a Principal when a client has been authenticated (and perhaps a default guest principal when no one has, like jGuard does, but that's a different

Re: Well HTTPS

2008-11-21 Thread Bruno Harbulot
Hi, Ben Johnson wrote: Hi I am new to Restlet and web programming, HTTP and SSL certificates in general, but hopefully my recent experiences will help. I spent the last several days trying to find a Restlet example using HTTPS (there isn't one), and eventually pieced together the

Re: Well HTTPS

2008-11-21 Thread Bruno Harbulot
Hi, I'm not sure you're clear on what certificates, signing and encryption are. Roughly speaking, an X.509 certificate is the combination of a public key and some information (subject distinguished name, date from/to, other attributes) that has been signed using a private key usually

  1   2   >