RE: Re: Access to HttpSession from Restlet ...
Hi, However, the SSL sessions have nothing to do with the Servlet's session (and they're unlikely to be suitable as a replacement for such sessions anyway). I was afraid it's not the same. What I need is an equivalent to: 'javax.servlet.request.ssl_session' I'd guess what you get is an enumeration of byte arrays, not Strings. An hexadecimal serialisation into string would probably be more appropriate. This being said, you won't necessarily get the right ID from this enumeration if there's more than one. Passing the SSLContext to your resources doesn't sound like good design either (again, it depends on what you do). If I print out the pure ID out of the byte array I get this: [...@e51b2c which looks like an hex address to me. How can I get to the value then? Anyway, in many of the cases of request there is no ID available at all. That's why I also think the SSL session context is not approriate here. Thanks for your answers. Best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2451951
RE: Re: Access to HttpSession from Restlet ...
Hi Stephan, Or use new String((byte[])byteArray); Thanks for your help, but the solution presented here: http://rgagnon.com/javadetails/java-0596.html looks more promising. Best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2452157
RE: Re: Access to HttpSession from Restlet ...
Hi Bruno, Not sure how much experience you have with Java, but it doesn't really have the notion of addresses. [...@e51b2c is just the default output of toString() on an array object: I had no experience on working with bytes in Java so far. Sorry, I thought you were refering to the hash code of the byte[] object. I'd suggest searching for Java byte array to hex conversion if you want an string representing the values in your array in hexadecimal Thanks for the hint, I've got some proper ID now. What I'm still not clear about is what you're trying to do with it here (I don't how well you know SSL/TLS). Whether with Restlets or Servlets, it doesn't seem right to use that for maintaining some sort of application session. As you may have noticed I'm a newbie in all the fields you just mentioned ;) The use case I have in mind is like this: http://forums.java.net/jive/message.jspa?messageID=279268 As I said, it's not absurd want to expose the SSL session ID as a Request parameter (in the same was as client certificates and cipher suites are exposed). I could try to provide a patch to do so (if Jerome and Thierry are happy with it). That would be great :) Thanks a lot for your help! Best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2452148
RE: Re: Access to HttpSession from Restlet ...
Ok Bruno, thanks for your assessement. I'll forward your expert's opinion to the architect who gave me this task :) But generally 10-15 minutes life-time of the session would be sufficient for my use-case. best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2452215
RE: Re:Access to HttpSession from Restlet ...
OK, does the same constraint apply for SSL sessions? Is it possible to get the SSL session IDs using Simple HTTPS server connector? Can the SSLSessionContext IDs be used in the same way as in servlet API like this: String sslID = (String)request.getAttribute(javax.servlet.request.ssl_session); What I did so far: Server server = component.getServers().add(Protocol.HTTPS, 8183); SeriesParameter param = server.getContext().getParameters(); param.add(keystorePath, ./mySrvKeystore); param.add(keystorePassword, 123456); HttpsServerHelper helper = new HttpsServerHelper(server); SSLContext sslContext; try { helper.start(); sslContext = helper.getSslContext(); Enumerationbyte[] sessionIDs = sslcontext.getServerSessionContext().getIds(); component.getDefaultHost().attach(new FilterApplication(sslContext)); // Start the component. component.start(); } catch (Exception e) { e.printStackTrace(); } I also called the getIds() method inside the FilterApplication (beforeHandle), but in most of the cases there is no session ID present upon request. And if there is one ID it contains weird characters such as the follwing session ID: K?7?%?[?s?#1GGb?2???^?a?? I've tried several charsets using: String sID = new String(id,UTF-8); but I never get a better representation of the ID. Can someone please give me a clue what I'm doing wrong. Best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2451596
RE: Re:Access to HttpSession from Restlet ...
Hi Stephan, the use of SSL ID is required in the project I am working on. But as you said, REST might be not the right choice for the implementation then. thanks for your reply Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2451664