RE: Re: Access to HttpSession from Restlet ...

2010-02-25 Thread Stefan Meissner 
Hi,

 However, the SSL sessions have nothing to do with the Servlet's session 
 (and they're unlikely to be suitable as a replacement for such sessions 
 anyway). 

I was afraid it's not the same. What I need is an equivalent to: 
'javax.servlet.request.ssl_session'

 I'd guess what you get is an enumeration of byte arrays, not Strings. An 
 hexadecimal serialisation into string would probably be more 
 appropriate. This being said, you won't necessarily get the right ID 
 from this enumeration if there's more than one. Passing the SSLContext 
 to your resources doesn't sound like good design either (again, it 
 depends on what you do).

If I print out the pure ID out of the byte array I get this: [...@e51b2c which 
looks like an hex address to me. How can I get to the value then?

Anyway, in many of the cases of request there is no ID available at all. That's 
why I also think the SSL session context is not approriate here.

Thanks for your answers.

Best regards
Stefan

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2451951

RE: Re: Access to HttpSession from Restlet ...

2010-02-25 Thread Stefan Meissner 
Hi Stephan,

 Or use new String((byte[])byteArray);

Thanks for your help, but the solution presented here:
http://rgagnon.com/javadetails/java-0596.html
looks more promising.

Best regards
Stefan

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2452157

RE: Re: Access to HttpSession from Restlet ...

2010-02-25 Thread Stefan Meissner 
Hi Bruno,

 Not sure how much experience you have with Java, but it doesn't really 
 have the notion of addresses. [...@e51b2c is just the default output of 
 toString() on an array object:

I had no experience on working with bytes in Java so far. Sorry, I thought you 
were refering to the hash code of the byte[] object.

 I'd suggest searching for Java byte array to hex conversion if you want 
 an string representing the values in your array in hexadecimal 

Thanks for the hint, I've got some proper ID now.

 What I'm still not clear about is what you're trying to do with it here 
 (I don't how well you know SSL/TLS). Whether with Restlets or Servlets, 
 it doesn't seem right to use that for maintaining some sort of 
 application session.

As you may have noticed I'm a newbie in all the fields you just mentioned ;) 

The use case I have in mind is like this:
http://forums.java.net/jive/message.jspa?messageID=279268

 As I said, it's not absurd want to expose the SSL session ID as a 
 Request parameter (in the same was as client certificates and cipher 
 suites are exposed). I could try to provide a patch to do so (if Jerome 
 and Thierry are happy with it).

That would be great :)
Thanks a lot for your help!

Best regards
Stefan

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2452148

RE: Re: Access to HttpSession from Restlet ...

2010-02-25 Thread Stefan Meissner 
Ok Bruno, thanks for your assessement.

I'll forward your expert's opinion to the architect who gave me this task :)

But generally 10-15 minutes life-time of the session would be sufficient for my 
use-case.

best regards
Stefan

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2452215

RE: Re:Access to HttpSession from Restlet ...

2010-02-24 Thread Stefan Meissner 
OK, does the same constraint apply for SSL sessions? 
Is it possible to get the SSL session IDs using Simple HTTPS server connector?

Can the SSLSessionContext IDs be used in the same way as in servlet API like 
this:

String sslID = 
(String)request.getAttribute(javax.servlet.request.ssl_session);

What I did so far:

Server server = component.getServers().add(Protocol.HTTPS, 8183);
SeriesParameter param = server.getContext().getParameters();

param.add(keystorePath, ./mySrvKeystore);
param.add(keystorePassword, 123456);

HttpsServerHelper helper = new HttpsServerHelper(server);

SSLContext sslContext;
try {
helper.start();
sslContext = helper.getSslContext();

Enumerationbyte[] sessionIDs = sslcontext.getServerSessionContext().getIds();

component.getDefaultHost().attach(new FilterApplication(sslContext));

// Start the component.
component.start();

} catch (Exception e) {
e.printStackTrace();
}

I also called the getIds() method inside the FilterApplication (beforeHandle), 
but in most of the cases there is no session ID present upon request. And if 
there is one ID it contains weird characters such as the follwing 
session ID: K?7?%?[?s?#1GGb?2???^?a??

I've tried several charsets using:
String sID = new String(id,UTF-8);
but I never get a better representation of the ID.

Can someone please give me a clue what I'm doing wrong.

Best regards
Stefan

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2451596

RE: Re:Access to HttpSession from Restlet ...

2010-02-24 Thread Stefan Meissner 
Hi Stephan,

the use of SSL ID is required in the project I am working on. But as you said, 
REST might be not the right choice for the implementation then.

thanks for your reply
Stefan

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2451664