RE: Re: Access to HttpSession from Restlet ...
Hi all, I'm fine with exposing the SSL session ID as a request attribute if that can be useful. Bruno, feel free to provide a patch for that purpose! If you need to build an alternative to Servlet sessions in Restlet, I could check this RFE: Alternatives to Servlet sessions http://restlet.tigris.org/issues/show_bug.cgi?id=364 The idea is to replace session objects with temporary RESTful resources. Of course, if your resources rely on cached state it will be local to a given JVM, reducing opportunity to load-balance requests across several JVMs, unless you use a distributed cache. Best regards, Jerome Louvel -- Restlet ~ Founder and Technical Lead ~ http://www.restlet.org Noelios Technologies ~ http://www.noelios.com -Message d'origine- De : Stefan Meissner [mailto:st.meiss...@gmail.com] Envoyé : jeudi 25 février 2010 18:32 À : discuss@restlet.tigris.org Objet : RE: Re: Access to HttpSession from Restlet ... Hi Bruno, Not sure how much experience you have with Java, but it doesn't really have the notion of addresses. [...@e51b2c is just the default output of toString() on an array object: I had no experience on working with bytes in Java so far. Sorry, I thought you were refering to the hash code of the byte[] object. I'd suggest searching for Java byte array to hex conversion if you want an string representing the values in your array in hexadecimal Thanks for the hint, I've got some proper ID now. What I'm still not clear about is what you're trying to do with it here (I don't how well you know SSL/TLS). Whether with Restlets or Servlets, it doesn't seem right to use that for maintaining some sort of application session. As you may have noticed I'm a newbie in all the fields you just mentioned ;) The use case I have in mind is like this: http://forums.java.net/jive/message.jspa?messageID=279268 As I said, it's not absurd want to expose the SSL session ID as a Request parameter (in the same was as client certificates and cipher suites are exposed). I could try to provide a patch to do so (if Jerome and Thierry are happy with it). That would be great :) Thanks a lot for your help! Best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=24521 48 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2452517
RE: Re: Access to HttpSession from Restlet ...
Hi, However, the SSL sessions have nothing to do with the Servlet's session (and they're unlikely to be suitable as a replacement for such sessions anyway). I was afraid it's not the same. What I need is an equivalent to: 'javax.servlet.request.ssl_session' I'd guess what you get is an enumeration of byte arrays, not Strings. An hexadecimal serialisation into string would probably be more appropriate. This being said, you won't necessarily get the right ID from this enumeration if there's more than one. Passing the SSLContext to your resources doesn't sound like good design either (again, it depends on what you do). If I print out the pure ID out of the byte array I get this: [...@e51b2c which looks like an hex address to me. How can I get to the value then? Anyway, in many of the cases of request there is no ID available at all. That's why I also think the SSL session context is not approriate here. Thanks for your answers. Best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2451951
RE: Re: Access to HttpSession from Restlet ...
Hi Stephan, Or use new String((byte[])byteArray); Thanks for your help, but the solution presented here: http://rgagnon.com/javadetails/java-0596.html looks more promising. Best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2452157
RE: Re: Access to HttpSession from Restlet ...
Hi Bruno, Not sure how much experience you have with Java, but it doesn't really have the notion of addresses. [...@e51b2c is just the default output of toString() on an array object: I had no experience on working with bytes in Java so far. Sorry, I thought you were refering to the hash code of the byte[] object. I'd suggest searching for Java byte array to hex conversion if you want an string representing the values in your array in hexadecimal Thanks for the hint, I've got some proper ID now. What I'm still not clear about is what you're trying to do with it here (I don't how well you know SSL/TLS). Whether with Restlets or Servlets, it doesn't seem right to use that for maintaining some sort of application session. As you may have noticed I'm a newbie in all the fields you just mentioned ;) The use case I have in mind is like this: http://forums.java.net/jive/message.jspa?messageID=279268 As I said, it's not absurd want to expose the SSL session ID as a Request parameter (in the same was as client certificates and cipher suites are exposed). I could try to provide a patch to do so (if Jerome and Thierry are happy with it). That would be great :) Thanks a lot for your help! Best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2452148
RE: Re: Access to HttpSession from Restlet ...
Ok Bruno, thanks for your assessement. I'll forward your expert's opinion to the architect who gave me this task :) But generally 10-15 minutes life-time of the session would be sufficient for my use-case. best regards Stefan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2452215
