Client X509Certificate attribute using the AJP connector

2007-11-02 Thread Bruno Harbulot
Hello, Using Servlets and Tomcat behind Apache Httpd/AJP (configured to require or want a client certificate in HTTPS), it's possible to get the client certificate chain using this: request.getAttribute(javax.servlet.request.X509Certificate); I've tried to get this piece of information

Re: Client X509Certificate attribute using the AJP connector

2007-11-05 Thread Bruno Harbulot
using the ServerServlet adapter class or directly the Jetty AJP connector with Restlet ? Thanks, Jerome 2007/11/2, Bruno Harbulot [EMAIL PROTECTED]: Hello, Using Servlets and Tomcat behind Apache Httpd/AJP (configured to require or want a client certificate in HTTPS), it's possible to get

Re: Client X509Certificate attribute using the AJP connector

2007-11-06 Thread Bruno Harbulot
Hi Jerome, Regarding Jetty, AJP and the client certificates, I submitted a patch a couple of days ago for Jetty, as there was a small bug: http://jira.codehaus.org/browse/JETTY-457 I'm please to say Greg Wilkins (Jetty) has already incorporated the changes in Jetty 6.1.6rc1. I'll try to

Reaching target Resources that do not exist

2007-11-06 Thread Bruno Harbulot
Hello, I'd like to model resources using Restlet in a similar way as Section 12 of the tutorial (Reaching target Resources). As a simple example, I'd like to map URIs like /users/{user}/birthday to read the full name of a user from a database (or hash-table). As far as I understand the

Re: Client X509Certificate attribute using the AJP connector

2007-11-06 Thread Bruno Harbulot
this clarifies what I was trying to get in the first place. Thank you, Bruno. Bruno Harbulot wrote: Hi Jerome, Regarding Jetty, AJP and the client certificates, I submitted a patch a couple of days ago for Jetty, as there was a small bug: http://jira.codehaus.org/browse/JETTY-457 I'm please

Re: Client X509Certificate attribute using the AJP connector

2007-11-06 Thread Bruno Harbulot
Bruno Harbulot wrote: I could try to write a patch, but since it may modify the API (or at least the interfaces), it might be better if someone more experienced with the code does it. I'm going to copy and paste all this in an RFE. Here it is: http://restlet.tigris.org/issues/show_bug.cgi?id

Re: Reaching target Resources that do not exist

2007-11-06 Thread Bruno Harbulot
Hi Thierry, Thierry Boileau wrote: on one hand, you define a route which binds all uris such as /users/{user}/birthday to a new instance of the BirthdayResource class. On the other hand, the resource is in charge to perform the request, that is to say return a representation (if any) in case of

Re: problem serving up mp4 video for iphone

2008-02-25 Thread Bruno Harbulot
Hello, Andy Roberts wrote: My REST service has to also serve static mp4 video files - for use on an iPhone. I'm having problems where the iPhone won't play the video files when I call an open() command on the file URL which is located in the static content area of my restlet application.

Issue 376

2008-03-03 Thread Bruno Harbulot
Hello, I'm interested in trying to contribute to solve issue 376: http://restlet.tigris.org/issues/show_bug.cgi?id=376 There are in fact two sub-problems in this issue: (1) exposing javax.servlet.request.X509Certificate and (2) defining something that would provide the equivalent of

Re: Issue 376

2008-03-10 Thread Bruno Harbulot
authentication. Best regards, Jerome -Message d'origine- De : news [mailto:[EMAIL PROTECTED] De la part de Bruno Harbulot Envoyé : lundi 3 mars 2008 12:43 À : discuss@restlet.tigris.org Objet : Issue 376 Hello, I'm interested in trying to contribute to solve issue 376: http

SSL and KeyStores

2008-03-10 Thread Bruno Harbulot
Hello, Whilst looking into Issue 376 http://restlet.tigris.org/issues/show_bug.cgi?id=376, I've been trying to implement a test that uses HTTPS, since I can't find one in the current test suite. There are a few problems I came across, mainly related to Issue 281

Re: Issue 376

2008-03-11 Thread Bruno Harbulot
Hi Jerome, Jerome Louvel wrote: 1. Even with a clean download of the SVN trunk at the moment (without my patch), I can't get it to pass all the tests (in 'verify-tests'). I've tried to build the latest code and test it on a Mac (10.5 and Java 5) and on a Linux (Java 6), but there's always

Re: SSL and KeyStores

2008-03-11 Thread Bruno Harbulot
Hi Jerome, Jerome Louvel wrote: Hi Bruno, [...] 1. I can't find which properties need to be used for setting the keystores and truststores used by the clients. Did I miss something? I've had to use -Djavax.net.ssl.keyStore, and similar VM parameters. No those parameters are indeed missing

Re: sketch of a simple authentication protocol

2008-04-04 Thread Bruno Harbulot
Hello, Story Henry wrote: The 5 steps explained: 1. Romeo's User Agent GETs Juliette's public foaf file at http://juliette.org/, that file contains the relation: rdfs:seeAlso https://juliette.org/protected/juliette . 2. Romeo's UserAgent does a GET on the HTTPS URL with the extra

Re: sketch of a simple authentication protocol

2008-04-04 Thread Bruno Harbulot
Story Henry wrote: On 3 Apr 2008, at 16:15, Adam Rosien wrote: It may be more appropriate to use the Authorization HTTP header to pass along Romeo's credentials. Rob's email using SSL certs only seems a lot cleaner and doesn't need the client to push anything into the request. I need to

SSL configuration

2008-04-07 Thread Bruno Harbulot
Hello, I've been looking into enhancing SSL support in Restlet. The main problem is that the way SSL can be set up is fine for basic cases, but isn't really sufficiently flexible for more serious uses. Some of the problems have been described in

Guards and Principals

2008-04-28 Thread Bruno Harbulot
Hello, I've just had a look at the implementation of Guard in 1.1-M3. I was looking at implementing my own authorisation mechanism, based on the existing authentication mechanisms (assuming HTTP Basic for now). It seems that the Principal-related features have moved into ChallengeResponse (I

Guards and authentication mechanisms

2008-05-28 Thread Bruno Harbulot
Hi all, Following the discussion on the authentication scheme a few days ago, I've been looking at - Access to connector authentication http://restlet.tigris.org/issues/show_bug.cgi?id=503 - Add notion of realm http://restlet.tigris.org/issues/show_bug.cgi?id=504 - Add support for

Re: Guards and authentication mechanisms

2008-06-01 Thread Bruno Harbulot
Hi all, Jerome Louvel wrote: Hi all, Thanks Bruno for the nice synthesis, that definitely helps moving forward. I have entered a new RFE to consolidate your comments and other ones from Stephan: Refactor authentication and authorization http://restlet.tigris.org/issues/show_bug.cgi?id=505

Re: Guards and authentication mechanisms

2008-06-02 Thread Bruno Harbulot
Hi Jerome, One think that could help in the short term for experimenting would be to be able to override the standard HTTP headers. I'm thinking of HttpConstants.HEADER_WWW_AUTHENTICATE to be specific, which HttpConverter.addAdditionalHeaders(...) makes impossible to override. It's therefore

Re: Guards and authentication mechanisms

2008-06-03 Thread Bruno Harbulot
Hi Jerome, Jerome Louvel wrote: Hi Bruno, I'm not sure we want to add such a feature in an official build. Fair enough. Also, if you can come up with a patch that would add a getChallengeRequests():ListChallengeRequest method on Response and deprecate the current challengeRequest

Re: Guards and authentication mechanisms

2008-06-04 Thread Bruno Harbulot
Hi Jerome, Jerome Louvel wrote: Hi Bruno, Thanks for the patch! A slightly modified version has been checked in SVN trunk: - better concurrency support - no more addChallengeRequest() method - use getChallengeRequests().add(..) instead) Let me know if I broke anything :-) Thanks,

Re: from the org.restlet.data.Request, get the HttpServletRequest

2008-06-04 Thread Bruno Harbulot
Hi Jennifer, Jennifer J. Chen wrote: Bruno, Thank you for your response. Currently I have two purchased systems communicating with each other through custom software using a servlet and xml response. What I will like to do is to turn this into web service client and service architecture.

Re: Guards and authentication mechanisms

2008-06-10 Thread Bruno Harbulot
Hello, Tim Peierls wrote: On Wed, Jun 4, 2008 at 9:00 AM, Bruno Harbulot [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Josh Bloch has a nice presentation of the tradeoffs in Effective Java, 2nd edition, Item 71. I'll try to summarize briefly. First, and most important, don't use

Re: from the org.restlet.data.Request, get the HttpServletRequest

2008-06-10 Thread Bruno Harbulot
Hi Rob, Rob Heittman wrote: I think we need an RFE on that utility, and it should be a standard part of the Servlet extension. Very good points. Just a small comment: isn't the Servlet extension what allows Restlets to be wrapped into a Servlet environment (I don't actually use it)? I

Re: Guards and authentication mechanisms

2008-06-10 Thread Bruno Harbulot
authentication http://restlet.tigris.org/issues/show_bug.cgi?id=444 Best regards, Jerome -Message d'origine- De : news [mailto:[EMAIL PROTECTED] De la part de Bruno Harbulot Envoyé : dimanche 1 juin 2008 23:50 À : discuss@restlet.tigris.org Objet : Re: Guards and authentication

Re: Safari content-negotiation...

2008-06-17 Thread Bruno Harbulot
Hello, I'm not sure if it the answer you're looking for, but to solve this problem, rather than relying on the user-agent header, I declare the variants in the following order: getVariants().add(new Variant(MediaType.APPLICATION_XHTML_XML)); getVariants().add(new

Re: SSL + Virtual Hosts and Issue #489?

2008-07-02 Thread Bruno Harbulot
Hi Alex, I'll start with the short answer: the workaround you're using, which consists of putting a single pair of key/certificate (with associated chain of certificates perhaps) per keystore, seems to be the most practical solution. That's what I do, personally. I find it easier to manage

Re: SSL + Virtual Hosts and Issue #489?

2008-07-03 Thread Bruno Harbulot
Hi Alex, Alex Milowski wrote: On Wed, Jul 2, 2008 at 7:45 AM, Bruno Harbulot [EMAIL PROTECTED] wrote: Hi Alex, Any particular reason why you would need two pairs of private key/certificates in the same keystore in practice? If you want to use two certificates, you're going to have

Re: XForm integration with the RestLet framework possible?

2008-07-08 Thread Bruno Harbulot
Hi, In our system, we use content-type negotiation to serve our own content-type (XML-based) to the client API and XHTML to web-browsers. An XSLT transform to produce some XHTML with XForms and incorporate the data into the XForm instance. The browser-based interface was originally intended

Re: SSL + Virtual Hosts and Issue #489?

2008-07-09 Thread Bruno Harbulot
Hi Alex, Alex Milowski wrote: On Thu, Jul 3, 2008 at 2:36 PM, Bruno Harbulot [EMAIL PROTECTED] wrote: There can only be one certificate per IP address (unless using a different port), thus one certificate per connector. (An exception to this would be to use something like what GnuTLS does [1

Re: SSL + Virtual Hosts and Issue #489?

2008-07-09 Thread Bruno Harbulot
Bruno Harbulot wrote: 2. We can set up two different Contexts for the two servers, using something along these lines: Component component = new Component(); Server server1 = new Server(Protocol.HTTPS, host1.example.org, 8443, null); Server server2 = new Server(Protocol.HTTPS, host2

Re: SSL + Virtual Hosts and Issue #489?

2008-07-10 Thread Bruno Harbulot
Hi all, Bruno Harbulot wrote: 1. We assume there's going to be a single SSLContext common to all servers of the component created via an SslContextFactory (it's set up in the Context of the Component). In theory, it should be possible to set up the SSLContext to use a custom X509KeyManager

Re: Resource as an Observer...

2008-07-11 Thread Bruno Harbulot
Hi, If you think of the Resource class in a Model-View-Controller pattern, you can think of the Resource the class that will implement the Controller (getRepresentation, acceptRepresentation, storeRepresentation -- probably a completely different terminology than your 'controller') which

Re: XForm integration with the RestLet framework possible?

2008-07-11 Thread Bruno Harbulot
Of Bruno Harbulot Sent: Tuesday, July 08, 2008 4:41 PM To: discuss@restlet.tigris.org Subject: Re: XForm integration with the RestLet framework possible? Hi, Since Firefox 3, this plugin not available for FF3,... Bruno.

Re: Routing problem

2008-07-16 Thread Bruno Harbulot
Hi all, [EMAIL PROTECTED] wrote: Thierry Boileau [EMAIL PROTECTED] wrote on 07/16/2008 04:32:30 AM: 1) to our minds, the routes /foo and /foo/ identify two separate resources. Mostly because this has an impact on relative URIs. When we encountered this kind of issue when developping the

Re: SSL + Virtual Hosts and Issue #489?

2008-07-18 Thread Bruno Harbulot
Alex Milowski wrote: On Wed, Jul 16, 2008 at 2:32 AM, Jerome Louvel [EMAIL PROTECTED] wrote: Hi Alex, I have added a paragraph on Confidentiality in the Securing applications page covering this topic: http://wiki.restlet.org/docs_1.1/g1/13-restlet/29-restlet/99-restlet/46-rest let.html At

Server with multiple protocols and a single port?

2008-07-27 Thread Bruno Harbulot
Hello, I've just had a look at the Component XML configuration mechanism and how it's implemented. I've noticed that there can be several protocols but only one port in the attributes. This matches the interface of the Server class, the constructors of which can take a list of protocols, but

Re: Server with multiple protocols and a single port?

2008-07-29 Thread Bruno Harbulot
-Message d'origine- De : news [mailto:[EMAIL PROTECTED] De la part de Bruno Harbulot Envoyé : lundi 28 juillet 2008 00:15 À : discuss@restlet.tigris.org Objet : Server with multiple protocols and a single port? Hello, I've just had a look at the Component XML configuration mechanism

Re: Server with multiple protocols and a single port?

2008-07-29 Thread Bruno Harbulot
it could also work for connected protocols no? Best regards, Jerome -Message d'origine- De : news [mailto:[EMAIL PROTECTED] De la part de Bruno Harbulot Envoyé : mardi 29 juillet 2008 14:37 À : discuss@restlet.tigris.org Objet : Re: Server with multiple protocols and a single port? Hi

Re: SSL + Virtual Hosts and Issue #489?

2008-07-30 Thread Bruno Harbulot
Hello, Following the changes in the way Components can be configured (latest subversion revisions), configuring SSL to use an SslContextFactory is now possible this way: 1. Using the DefaultSslContextFactory: component xmlns=http://www.restlet.org/schemas/1.1/Component;

Re: How to create multiple https connector with different certificates?

2008-07-31 Thread Bruno Harbulot
Hi, You would need one of the latest subversion revisions to do this. Some changes regarding this problem are very recent (yesterday). You can do this by having a Context per Server and a distinct SslContextFactory in each. The documentation will improve, meanwhile you can check these two

Re: How to create multiple https connector with different certificates?

2008-08-04 Thread Bruno Harbulot
Hi, Bruce Lee wrote: Thanks for the information, I guess we will have to wait until Restlet 1.1 becomes stable so we can try out the feature. I've put some documentation in the wiki. If possible, you could this try when Restlet 1.1-M5 is out (probably easier than subversion builds). This

Re: HTTP Negotiate and Basic authentication

2008-08-09 Thread Bruno Harbulot
Hi Roman, Here is my experimental SPNEGO Filter: http://git.kato.mvc.mcc.ac.uk/bruno/spnegofilter.git/ It provides a Negotiate and a Basic challenge at the same time. It works at least for small tests, but it's definitely not ready for production usage. I haven't used much of the existing

Re: HTTP Negotiate and Basic authentication

2008-08-11 Thread Bruno Harbulot
Roman Geus wrote: Hi Bruno Thanks for sharing your experimental SPNEGO Filter! I never used git before. To download your code I tried the following (and failed) $ git clone http://git.kato.mvc.mcc.ac.uk/bruno/spnegofilter.git/ spnegofilter Initialized empty Git repository in

Re: Knowing if a client disconnected?

2008-08-14 Thread Bruno Harbulot
Hi Marc, I think what Kevin meant (and was more along my interpretation of the original question) is that you can know that a socket has been closed before attempting to write to it, but you cannot know that it's going to be open for writing until you actually write to it. As Jerome pointed

Re: SSL problem

2008-08-17 Thread Bruno Harbulot
Hi Christy, Christy Ring wrote: I wasnt aware of the certificate issue, thanks. I've modified the keytool command to reflect the changes you suggest as follows, deleted the .keystore and recreated it. I assume this is all I have to do with the keystore to get up and running? keytool

Re: Virtual hosts - no domain only ip address

2008-08-20 Thread Bruno Harbulot
(I sent this message yesterday, but it didn't get through. Apologies if you get duplicates.) Hi Christy, Christy Ring wrote: Hi all, I am running a VM on a host, currently I have a work example that is routing requests to a resource at https://localhost:8183/jbox/v1/ The virtual machine

Re: PUT method without body entity

2008-08-22 Thread Bruno Harbulot
Hi Vincent, We had this discussion a few month ago: http://thread.gmane.org/gmane.comp.web.services.rest/8046 In short, the conclusion was that a PUT without an entity wasn't allowed, but a PUT with a Content-Length: 0 entity was. Strictly speaking, the query string in the URI is part of

Re: client-side support for Negotiate authentication scheme

2008-08-28 Thread Bruno Harbulot
Hi Roman, When you take someone else's code and modify it, you might want to look at the beginning of the file (or the licence file), especially when you post a file to a public mailing list and thus have no chance of being able to amend it once archived: Copyright (c) 2008, The University

Re: client-side support for Negotiate authentication scheme

2008-08-28 Thread Bruno Harbulot
Hi Roman, Roman Geus wrote: Hello Bruno I'm sorry about not paying more attention to the licensing issues. I meant no harm and I am certainly not trying to take credit for your work. Just to explain: the code I posted is not a quick rip-off of your filter. I put considerable amount of time

Re: client-side support for Negotiate authentication scheme

2008-10-01 Thread Bruno Harbulot
Hi all, I'd be happy to put it in the Restlet repository. Jerome, do you have any preferred place in the repository for this? By the way, I had mentioned I had started some work on the structure of the Guards, etc. (mostly for my project's needs but that could be used for 1.2). Perhaps it

Re: Restlets contained within servlets

2008-10-13 Thread Bruno Harbulot
Hello, Simon Reinhardt wrote: Hugh Acland wrote: So in an ideal world where one's IT budget was larger than management have given you would have a dedicated restlet 'box' serving only restlets on port 80. The problem i have is that i am constrained to one physical server which has apache on

Re: Authenticating and other thoughts

2008-10-14 Thread Bruno Harbulot
Hi Hugh, Hugh Acland wrote: And here is my main reservation about this wonderful Restful world of distributed computing: how do we authenticate and authorize across the web in a way whereby one web-service (in London), which might be happy dealing with the client’s request, then gets to a

Re: Consuming a REST response

2008-10-21 Thread Bruno Harbulot
Hi, buzzterrier wrote: I think I was missing the forest for the trees on this. I am kind of a framework junkie, but in hindsight since I am only consuming the rest response I don't really need restlets at all. Basically I just need to suck the response into a dom, and then use jaxb with

Re: client-side support for Negotiate authentication scheme

2008-11-04 Thread Bruno Harbulot
d'origine- De : news [mailto:[EMAIL PROTECTED] De la part de Bruno Harbulot Envoyé : mercredi 1 octobre 2008 12:50 À : discuss@restlet.tigris.org Objet : Re: client-side support for Negotiate authentication scheme Hi all, I'd be happy to put it in the Restlet repository. Jerome, do you have any

Re: What is missing from Restlet?

2008-11-04 Thread Bruno Harbulot
Hello, (OT: does anyone know why the beginning of this thread and a few other messages don't seem to have made it to Gmane recently?) Admittedly, I don't know much about the security implementation in Spring, but this looks like the right way to do it. I had started to work on something

Re: Well HTTPS

2008-11-21 Thread Bruno Harbulot
Hi, Ben Johnson wrote: Hi I am new to Restlet and web programming, HTTP and SSL certificates in general, but hopefully my recent experiences will help. I spent the last several days trying to find a Restlet example using HTTPS (there isn't one), and eventually pieced together the

Re: Well HTTPS

2008-11-21 Thread Bruno Harbulot
Hi, I'm not sure you're clear on what certificates, signing and encryption are. Roughly speaking, an X.509 certificate is the combination of a public key and some information (subject distinguished name, date from/to, other attributes) that has been signed using a private key usually

Re: Well HTTPS

2008-11-21 Thread Bruno Harbulot
John D. Mitchell wrote: For what it's worth... For production use, I've come to the point where I do *NOT* like implementing SSL solutions directly in Java. The extra overhead, hassles, etc. just aren't worth it in general. For example, for both Krugle and MarkMail, we have SSL (ala HTTPS)

Re: Guard suggestion

2008-11-26 Thread Bruno Harbulot
Hi Jerome and Remi, I think, in the context of wider refactorisation of authentication and authorisation, that authentication should provided a Principal when a client has been authenticated (and perhaps a default guest principal when no one has, like jGuard does, but that's a different

Re: Guard suggestion

2008-11-27 Thread Bruno Harbulot
Hi Stephan, Stephan Koops wrote: Hi Bruno, I think, in the context of wider refactorisation of authentication and authorisation, that authentication should provided a Principal when a client has been authenticated (and perhaps a default guest principal when no one has, like jGuard does, but

Re: contributing - areas of interest

2008-12-08 Thread Bruno Harbulot
Hi, You might also be interested in RFE 505, which already has a few comments, including pointers to discussions on this mailing list: http://restlet.tigris.org/issues/show_bug.cgi?id=505 (I doubt I'll be able to follow the discussions in details over the next couple of weeks at least.)

Re: How to set the SSLContextFactory in the Client

2009-01-12 Thread Bruno Harbulot
Hi Chris, christian.hai...@gmail.com wrote: I use Restlet Version 1.1 I tried it this way: Client client = new Client(new Context(), Protocol.HTTPS); Context con = client.getContext(); SeriesParameter param1 = con.getParameters();

Re: How to set the SSLContextFactory in the Client

2009-01-16 Thread Bruno Harbulot
Hi Chris, Bruno Harbulot wrote: Hi Chris, christian.hai...@gmail.com wrote: I use Restlet Version 1.1 I tried it this way: Client client = new Client(new Context(), Protocol.HTTPS); Context con = client.getContext(); SeriesParameter param1 = con.getParameters

Re: HTTPS trustAnchors error

2009-01-29 Thread Bruno Harbulot
Hi Dan, It looks like a bug in the code I wrote... I'm going to look into this. Can you try using com.noelios.restlet.util.DefaultSslContextFactory instead of com.noelios.restlet.ext.ssl.PkixSslContextFactory meanwhile? Best wishes, Bruno. Dan Noble wrote: Hello all, I am new to

Re: CSS and HTTPS problem ...

2009-04-01 Thread Bruno Harbulot
Hi, Rob Heittman wrote: You'd have to change the CSS to also reference the images, etc. over https. The warning you describe will be triggered whenever you have an HTML page, delivered over https, that calls images, CSS, or javascript from another source, delivered over http. This isn't

Re: Restlet and maven

2009-04-08 Thread Bruno Harbulot
Bruno Harbulot wrote: Rémi Dewitte wrote: Hello, I know there is some ongoing work about maven and restlet. If I checkout the trunk and build it, how do I install the new artifacts into my local m2 repository ? Assuming you're on a unix machine, I find the easiest to be: 1. Edit

Re: Restlet and maven

2009-04-08 Thread Bruno Harbulot
Rémi Dewitte wrote: Hello, I know there is some ongoing work about maven and restlet. If I checkout the trunk and build it, how do I install the new artifacts into my local m2 repository ? Assuming you're on a unix machine, I find the easiest to be: 1. Edit build/build.properties to set

Re: Grizzly Https Server

2009-04-08 Thread Bruno Harbulot
Hi Sheshakiran, Are you looking for using Grizzly or Restlet with the Grizzly connector? In Restlet, SSL support has been harmonised using an SslContextFactory for all the connectors. It supports client-certificate authentication (provided your configure it with the trust store you require.)

Re: Restlet 1.1.4 + Jetty + SSL - trustAnchors exception

2009-04-17 Thread Bruno Harbulot
Hello, It looks like it's the same problem as here: http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1068636. It's time for me to make a new release of jSSLutils with the fix. Meanwhile, can you use com.noelios.restlet.​util.DefaultSslConte​ xtFactory instead? It should

Re: Restlet 1.2 to become Restlet 2.0

2009-05-06 Thread Bruno Harbulot
Hi, This sounds sensible. Just a quick question: what does this mean with respect to support for Java 6? I thought it had been mentioned that Java 6 support was planned for Restlet 2.0. I'm not personally requiring Java 6, although support for SPNEGO would (unless we re-implement what was

Re: HttpClient Alternatives

2009-05-06 Thread Bruno Harbulot
Hi Rob, Rob Heittman wrote: Hi all... I think today I lost my last fight with HttpClient misbehavior... Failure to consume entity (not in my control) consumes a connection; subsequent attempts block ... This is a crummy failure mode. I'm weary. I'd like a Restlet client connector

Dispatching calls to resources internally

2009-05-08 Thread Bruno Harbulot
Hello, I'm trying to perform operations on a resource in a way that affects other resources in the same system (because they depend partly on the same domain objects). For example, in the tutorial http://www.restlet.org/documentation/1.1/tutorial#part12, UserResource and OrderResource both

Re: Restlet with a large dataset

2009-06-11 Thread Bruno Harbulot
Hi Jean-Christophe, You should be able to keep the memory usage small if you write to the OutputStream directly, using an OutputRepresentation: return new OutputRepresentation(MediaType.APPLICATION_XML) { @Override public void write(OutputStream

Re: 2.0m3 and content negotiation

2009-06-12 Thread Bruno Harbulot
Hi Jerome, Is there a full list of the annotation parameters? According to these pages, they're not media-types: - http://wiki.restlet.org/developers/172-restlet/226-restlet.html - http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1596334 I'm using revision 5060. * Case

Re: 2.0m3 and content negotiation

2009-06-12 Thread Bruno Harbulot
properly in revision 5060, by the way. Best wishes, Bruno. Bruno Harbulot wrote: Hi Jerome, Is there a full list of the annotation parameters? According to these pages, they're not media-types: - http://wiki.restlet.org/developers/172-restlet/226-restlet.html - http://restlet.tigris.org/ds

Re: 2.0m3 and content negotiation

2009-06-12 Thread Bruno Harbulot
, since there's always going to be the problem when building the returned representation within the method (for example, it doesn't prevent from making mistakes and having a method with @Get(xml) returning a StringRepresentation built with MediaType.IMAGE_JPEG). Best wishes, Bruno. Bruno Harbulot

Re: Content Negotiation for Safari 4. Any way to override?

2009-06-24 Thread Bruno Harbulot
Hi Thierry, I'm not entirely sure what the intended behaviour of the TunnelService (regarding user-agents) is. Could you confirm this should be as follow (assuming the user agent tunnel is switched on in the service)? Step 1. The TunnelService parses the 'User-Agent' header and compares it

Re: Content Negotiation for Safari 4. Any way to override?

2009-06-25 Thread Bruno Harbulot
Hi Bruce/Thierry, It seems that the code has changed between version 1.1 and 2.0. In 1.1.5, com.noelios.restlet.application.TunnelFilter uses 'equalsIgnoreCase' (line 388), whereas in the trunk (2.0), org.restlet.engine.application.TunnelFilter uses 'equals' (line 528). I think it makes sense

Re: Licensing question

2009-07-14 Thread Bruno Harbulot
Hello, (Please don't consider what I'm saying here as legal advice...) Restlet 1.1.4 only bundles the compiled code (so no source code to scan there) and provides a link to https://sjsxp.dev.java.net/. The source bundle I've been able to get from https://sjsxp.dev.java.net/ (I'm not sure it's

Re: Restlet SSL and Weblogic (even tomcat would help)

2009-07-17 Thread Bruno Harbulot
Hello, Andrew Whelan wrote: Hello, I am trying to deploy a Restlet application as a Servlet to weblogic using SSL for authentication and authorization. I have successfully gotten the SSL authentication to work with my Restlet, running it as a Java application using the default Jetty

Re: Question about 'org.restlet.engine.Engine.registerHelper(ClassLoader, URL, List, Class)'

2009-07-17 Thread Bruno Harbulot
Hi, Marcelo Paternostro wrote: My environment is: - Eclipse 3.5 - The Jetty support offered by Eclipse So I've added all 'org.mortbay.jetty.*' bundles that come with Eclipse plus 'org.restlet.ext.jetty' to the class path and run the basic restlet example just to see it dying in a

Re: Restlet SSL and Weblogic (even tomcat would help)

2009-07-20 Thread Bruno Harbulot
Hi Andy, webp...@tigris.org wrote: When I started this as a Java application, I didn't need any other relavent configuration, no web.xml. I don't really understand how but somehow this starts up a Jetty Container. I am told (please correct if I am wrong) that somewhere in

Re: Patch for MetadataService to support XSL files with the more common extension .xsl

2009-08-14 Thread Bruno Harbulot
Hi Fabian, The procedure to contribute to Restlet is described here: http://www.restlet.org/community/contribute In short, for a patch to be included, you would have to sign the JCA and get in touch with Jerome or Thierry. Best wishes, Bruno. Fabian Mandelbaum wrote: Hello, I've asked

Re: Auth by client's certificate

2009-08-19 Thread Bruno Harbulot
Hi Evgeny, Evgeny Shepelyuk wrote: Hello, I'm using Jetty as restlet HTTP engine with SSL enabled and client's certificate auth. Probabaly it's more related to Jetty but is this possible to make server only ask for certificates only for certain URL. I'm NOT USING

Re: Auth by client's certificate

2009-08-20 Thread Bruno Harbulot
Hi, I'm not sure. If GrizzlyServerCall is running from the same thread the SSLReadFilter is used, SSLReadFilter.doPeerCertificateChain(...), with the selection key in the GrizzlyServerCall should work. What you need ultimately is to get hold of the SSLSession (via SSLEngine or SSLSocket),

Re: Client HTTPS Invalid keystore format

2009-08-20 Thread Bruno Harbulot
Hi Laurent, Where do you put this file and/or where do you configure it (are you passing it via system properties)? It might not be using the file you want. I suspect that, if you haven't configured anything more, it would be using the cacerts file provided with your JRE. Best wishes, Bruno.

Re: Client HTTPS Invalid keystore format

2009-08-21 Thread Bruno Harbulot
Hi Laurent, Laurent Garrigues wrote: keytool -genkey -v -alias serverX -dname CN=serverX,OU=IT,O=JPC,C=GB -keypass password -keystore serverX.jks -storepass password -keyalg RSA -sigalg MD5withRSA -keysize 2048 -validity 3650 I'd suggest using SHA1withRSA instead of MD5withRSA, since

Re: Client Authentication PKI

2009-09-17 Thread Bruno Harbulot
Hi Dan, You can't really do this with a ChallengeScheme/ChallengeResponse or something similar, since it the certificates are passed at the SSL/TLS layer, which is under HTTP. If you don't want to use the system properties, you can use your own SslContextFactory passed as an argument to the

Re: Client Authentication PKI

2009-09-17 Thread Bruno Harbulot
I should also say that this feature has only been implemented quite recently on the client side, so you might need a recent version of Restlet. More on this topic at: http://restlet.tigris.org/issues/show_bug.cgi?id=586 Best wishes, Bruno. Bruno Harbulot wrote: Hi Dan, You can't really

Re: Client Authentication PKI

2009-09-18 Thread Bruno Harbulot
Hi Dan, The idea is to pass an instance of an SslContextFactory as an attribute (or a class name as a parameter) of the Context. In the 1.1 branch on the server side, the SSLContext is set up as follows: 1. If there is a *instance* of SslContextFactory in the sslContextFactory *attribute* of

Re: Integrating Apache and Restlet server like Apache and Tomcat

2009-09-22 Thread Bruno Harbulot
Hi Ashish, Ashish Sharma wrote: Hello, I have my Apache http server running on localhost:80 and restlet server on localhost:8182, but I want to configure above combination just like Apache http server and Apache tomcat servlet container can be configured with mod_jk library. Is it

Re: Integrating Apache and Restlet server like Apache and Tomcat

2009-09-23 Thread Bruno Harbulot
Hi Ashish, As Rémi said, mod_proxy might be better for what you need. In addition, mod_jk seems to have been deprecated in favour of mod_proxy_ajp (both use AJP). There is more about this on the Jetty wiki: http://docs.codehaus.org/display/JETTY/Configuring+AJP13+Using+mod_jk The only case

Re: Disabling weak ciphers in Restlet

2009-10-17 Thread Bruno Harbulot
Hi, You should be able to select the cipher suites you want explicitly (otherwise, the default ones will be used) by setting the enabledCipherSuites and/or disabledCipherSuites attributes on your instance of Server. These attributes should contain a array of Strings (for example

Re: SEVERE: don't pass the component context to child Restlets anymore

2009-10-29 Thread Bruno Harbulot
Hi Jim, It's actually quite important to separate the various settings you pass to the Component (and the connectors) from those you pass to the Application itself. This way, you prevent leakage of sensitive information (such as private keys for SSL connectors) to the Application. One easy way

[2.0 trunk] Using get(Variant) to return representation after PUT

2009-11-17 Thread Bruno Harbulot
Hello, I've just tried a short-cut to return the representation after a PUT: calling get(variant), but it doesn't work as if it was doing a direct GET. I'm not sure if it's a just a bad idea or if we should try to make it work. The test case looks like this: public MyClass extends

Re: FirstResource Example - What is Item

2009-11-23 Thread Bruno Harbulot
Hello, I'm not sure where you got your examples from (perhaps there's a packaging error somewhere), but it's in the same package, in the subversion repository: http://restlet.tigris.org/source/browse/restlet/trunk/modules/org.restlet.example/src/org/restlet/example/firstResource/ Best wishes,

Re: HTTPS with Tomcat

2009-11-30 Thread Bruno Harbulot
Hi Dustin, If you're running within Tomcat (or other servlet containers), it's Tomcat that deals with the SSL connector, not the Restlet connector. Therefore, this setup has nothing to do with what's on the Restlet wiki regarding SslContextFactories (which are only for connections with a

Re: 'java.security.UnrecoverableKeyException: Cannot recover key' in https Restlet client

2009-12-03 Thread Bruno Harbulot
Hello, Do you know if your user has a '.keystore' file in the home directory? Would it work better if this file was out of the way? If so, this could be related to the side effect I found when fixing http://restlet.tigris.org/issues/show_bug.cgi?id=586#desc15. I'd suggest fixing this issue by

  1   2   >