Re: bug? - AccessControlException on Restlet GAE module
Thierry, I use gae, and this followRedirect seems to be missing from there. Zsolt 2009/4/29 Thierry Boileau thierry.boil...@noelios.com Hello Zsolt, if you want to catch the redirection, just disable the automatic redirection (ClientResource#setFollowRedirect(false)). Then, you can check the status. I hope this helps, Best regards, Thierry Boileau Bonjour Thierry, I do this: ClientResource itemsR = new ClientResource(http://localhost:8080/gae_restlet/items;); Representation r = itemsR.get(); In the web.xml all URLs are security constrained, so GAE automatically redirects get to its login page. I am stuck at this point, because I could not figure out the way to catch the redirect. Thanks, Zsolt 2009/4/28 Thierry Boileau thierry.boil...@noelios.com mailto:thierry.boil...@noelios.com Hello Zsolt, do you mean that you want your clientResource to redirect automatically? In this case, this is the new default behavior (see the followRedirect attribute). best regards, Thierry Boileau Hi Jerome, Your fix worked great for me! I use the FirstResource example to learn Restlet, which is based on ClientResource. Unfortunately I do not know how I should handle this kind of redirect in ClientResource. I have checked wiki and examples but I did not find any hints, so I would appretiate your help on this. Thanks, Zsolt 2009/4/25 Jerome Louvel jerome.lou...@noelios.com mailto:jerome.lou...@noelios.com mailto:jerome.lou...@noelios.com mailto:jerome.lou...@noelios.com Hi Keke, I've changed the way it this method is implemented in order to construct the Subject with the principals set already updated. This should prevent security exception. Let me know if it works better. Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org http://www.restlet.org/ Noelios Technologies ~ Co-founder ~ http://www.noelios.com http://www.noelios.com/ *De :* keke [mailto:iamk...@gmail.com mailto:iamk...@gmail.com mailto:iamk...@gmail.com mailto:iamk...@gmail.com] *Envoyé :* samedi 18 avril 2009 16:57 *À :* discuss@restlet.tigris.org mailto:discuss@restlet.tigris.org mailto:discuss@restlet.tigris.org mailto:discuss@restlet.tigris.org *Objet :* Re: bug? - AccessControlException on Restlet GAE module Can I simply return null in ServletCall.getSubject, because in GAE application usually relies on GAE's authentication. Cheers, Keke - We paranoid love life On Sat, Apr 18, 2009 at 10:25 PM, keke iamk...@gmail.com mailto:iamk...@gmail.com mailto:iamk...@gmail.com mailto:iamk...@gmail.com wrote: Hi, Does anybody else get AccessControlException when using restlet-gae? Everything goes well, unless I need to use GAE's authentication feature. After a successful login (on development env), I got following exception: java.security.AccessControlException: access denied (javax.security.auth.AuthPermission modifyPrincipals) B B B B B B B at java.security.AccessControlContext.checkPermission(Unknown Source) B B B B B B B at java.security.AccessController.checkPermission(Unknown Source) B B B B B B B at java.lang.SecurityManager.checkPermission(Unknown Source) B B B B B B B at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:76) B B B B B B B at javax.security.auth.Subject$SecureSet.add(Unknown Source) B B B B B B B at java.util.Collections$SynchronizedCollection.add(Unknown Source) B B B B B B B at org.restlet.engine.servlet.ServletCall.getSubject(ServletCall.java:345) B B B B B B B at org.restlet.engine.http.HttpRequest.getClientInfo(HttpRequest.java:231) Can I just use a mock Subject in gae env? Cheers, Keke - We paranoid love life -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId
RE: bug? - AccessControlException on Restlet GAE module
Hi Zsolt, The Restlet/GAE edition is a branch of the SVN trunk so it doesn't contain this feature yet. We will fully update the branch again for Restlet 1.2 M3. We also have some plans to automate the update of the GAE branch to remove such issues. Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org/ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com http://www.noelios.com _ De : Zsolt Kovacs [mailto:zs.m...@gmail.com] Envoyé : mercredi 29 avril 2009 13:03 À : discuss@restlet.tigris.org Objet : Re: bug? - AccessControlException on Restlet GAE module Thierry, I use gae, and this followRedirect seems to be missing from there. Zsolt 2009/4/29 Thierry Boileau thierry.boil...@noelios.com Hello Zsolt, if you want to catch the redirection, just disable the automatic redirection (ClientResource#setFollowRedirect(false)). Then, you can check the status. I hope this helps, Best regards, Thierry Boileau Bonjour Thierry, I do this: ClientResource itemsR = new ClientResource(http://localhost:8080/gae_restlet/items;); Representation r = itemsR.get(); In the web.xml all URLs are security constrained, so GAE automatically redirects get to its login page. I am stuck at this point, because I could not figure out the way to catch the redirect. Thanks, Zsolt 2009/4/28 Thierry Boileau thierry.boil...@noelios.com mailto:thierry.boil...@noelios.com � � Hello Zsolt, � � do you mean that you want your clientResource to redirect � � automatically? � � In this case, this is the new default behavior (see the � � followRedirect � � attribute). � � best regards, � � Thierry Boileau � � Hi Jerome, � � � � Your fix worked great for me! � � � � I use the FirstResource example to learn Restlet, which is based on � � ClientResource. Unfortunately I do not know how I should handle this � � kind of redirect in ClientResource. I have checked wiki and examples � � but I did not find any hints, so I would appretiate your help on � � this. � � � � Thanks, � � � � Zsolt � � � � 2009/4/25 Jerome Louvel jerome.lou...@noelios.com � � mailto:jerome.lou...@noelios.com � � mailto:jerome.lou...@noelios.com � � mailto:jerome.lou...@noelios.com � � � � � � Hi Keke, � � � � � � I've changed the way it this method is implemented in order to � � � � construct the Subject with the principals set already updated. � � � � This should prevent security exception. Let me know if it works � � � � better. � � � � � � Best regards, � � � � Jerome Louvel � � � � -- � � � � Restlet ~ Founder and Lead developer ~ http://www.restlet.org � � � � http://www.restlet.org/ � � � � Noelios Technologies ~ Co-founder ~ http://www.noelios.com � � � � http://www.noelios.com/ � � � � � � � � � � *De :* keke [mailto:iamk...@gmail.com � � mailto:iamk...@gmail.com mailto:iamk...@gmail.com � � mailto:iamk...@gmail.com] � � � � *Envoy� :* samedi 18 avril 2009 16:57 � � � � *� :* discuss@restlet.tigris.org � � mailto:discuss@restlet.tigris.org � � mailto:discuss@restlet.tigris.org � � mailto:discuss@restlet.tigris.org � � � � *Objet :* Re: bug? - AccessControlException on Restlet GAE � � module � � � � � � Can I simply return null in ServletCall.getSubject, because � � in GAE � � � � application usually relies on GAE's authentication. � � � � � � Cheers, � � � � Keke � � � � - � � � � We paranoid love life � � � � � � � � On Sat, Apr 18, 2009 at 10:25 PM, keke iamk...@gmail.com � � mailto:iamk...@gmail.com � � � � mailto:iamk...@gmail.com mailto:iamk...@gmail.com wrote: � � � � � � � � Hi, � � � � � � � � Does anybody else get AccessControlException when using � � � � � � restlet-gae? � � � � � � � � Everything goes well, unless I need to use GAE's � � � � � � authentication feature. After a successful login (on � � � � � � development env), I got following exception: � � � � � � java.security.AccessControlException: access denied � � � � � � (javax.security.auth.AuthPermission modifyPrincipals) � � � � � � B B B B B B B at � � � � java.security.AccessControlContext.checkPermission(Unknown Source) � � � � � � B B B B B B B at � � � � � � java.security.AccessController.checkPermission(Unknown � � Source) � � � � � � B B B B B B B at � � � � � � java.lang.SecurityManager.checkPermission(Unknown Source) � � � � � � B B B B B B B at � � � � com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:76) � � � � � � B B B B B B B at � � � � � � javax.security.auth.Subject$SecureSet.add(Unknown Source) � � � � � � B B B B B B B at � � � � � � java.util.Collections$SynchronizedCollection.add(Unknown � � Source) � � � � � � B B B B B B B
Re: bug? - AccessControlException on Restlet GAE module
Hi Jerome, Thanks, it is perfect. Zsolt 2009/4/30 Jerome Louvel jerome.lou...@noelios.com Hi Zsolt, The Restlet/GAE edition is a branch of the SVN trunk so it doesn't contain this feature yet. We will fully update the branch again for Restlet 1.2 M3. We also have some plans to automate the update of the GAE branch to remove such issues. Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com -- *De :* Zsolt Kovacs [mailto:zs.m...@gmail.com] *Envoyé :* mercredi 29 avril 2009 13:03 *À :* discuss@restlet.tigris.org *Objet :* Re: bug? - AccessControlException on Restlet GAE module Thierry, I use gae, and this followRedirect seems to be missing from there. Zsolt 2009/4/29 Thierry Boileau thierry.boil...@noelios.com Hello Zsolt, if you want to catch the redirection, just disable the automatic redirection (ClientResource#setFollowRedirect(false)). Then, you can check the status. I hope this helps, Best regards, Thierry Boileau Bonjour Thierry, I do this: ClientResource itemsR = new ClientResource(http://localhost:8080/gae_restlet/items;); Representation r = itemsR.get(); In the web.xml all URLs are security constrained, so GAE automatically redirects get to its login page. I am stuck at this point, because I could not figure out the way to catch the redirect. Thanks, Zsolt 2009/4/28 Thierry Boileau thierry.boil...@noelios.com mailto:thierry.boil...@noelios.com � � Hello Zsolt, � � do you mean that you want your clientResource to redirect � � automatically? � � In this case, this is the new default behavior (see the � � followRedirect � � attribute). � � best regards, � � Thierry Boileau � � Hi Jerome, � � � � Your fix worked great for me! � � � � I use the FirstResource example to learn Restlet, which is based on � � ClientResource. Unfortunately I do not know how I should handle this � � kind of redirect in ClientResource. I have checked wiki and examples � � but I did not find any hints, so I would appretiate your help on � � this. � � � � Thanks, � � � � Zsolt � � � � 2009/4/25 Jerome Louvel jerome.lou...@noelios.com � � mailto:jerome.lou...@noelios.com � � mailto:jerome.lou...@noelios.com � � mailto:jerome.lou...@noelios.com � � � � � � Hi Keke, � � � � � � I've changed the way it this method is implemented in order to � � � � construct the Subject with the principals set already updated. � � � � This should prevent security exception. Let me know if it works � � � � better. � � � � � � Best regards, � � � � Jerome Louvel � � � � -- � � � � Restlet ~ Founder and Lead developer ~ http://www.restlet.org � � � � http://www.restlet.org/ � � � � Noelios Technologies ~ Co-founder ~ http://www.noelios.com � � � � http://www.noelios.com/ � � � � � � � � � � *De :* keke [mailto:iamk...@gmail.com � � mailto:iamk...@gmail.com mailto:iamk...@gmail.com � � mailto:iamk...@gmail.com] � � � � *Envoy� :* samedi 18 avril 2009 16:57 � � � � *� :* discuss@restlet.tigris.org � � mailto:discuss@restlet.tigris.org � � mailto:discuss@restlet.tigris.org � � mailto:discuss@restlet.tigris.org � � � � *Objet :* Re: bug? - AccessControlException on Restlet GAE � � module � � � � � � Can I simply return null in ServletCall.getSubject, because � � in GAE � � � � application usually relies on GAE's authentication. � � � � � � Cheers, � � � � Keke � � � � - � � � � We paranoid love life � � � � � � � � On Sat, Apr 18, 2009 at 10:25 PM, keke iamk...@gmail.com � � mailto:iamk...@gmail.com � � � � mailto:iamk...@gmail.com mailto:iamk...@gmail.com wrote: � � � � � � � � Hi, � � � � � � � � Does anybody else get AccessControlException when using � � � � � � restlet-gae? � � � � � � � � Everything goes well, unless I need to use GAE's � � � � � � authentication feature. After a successful login (on � � � � � � development env), I got following exception: � � � � � � java.security.AccessControlException: access denied � � � � � � (javax.security.auth.AuthPermission modifyPrincipals) � � � � � � B B B B B B B at � � � � java.security.AccessControlContext.checkPermission(Unknown Source) � � � � � � B B B B B B B at � � � � � � java.security.AccessController.checkPermission(Unknown � � Source) � � � � � � B B B B B B B at � � � � � � java.lang.SecurityManager.checkPermission(Unknown Source) � � � � � � B B B B B B B at � � � � com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:76) � � � � � � B B B B B B B
Re: bug? - AccessControlException on Restlet GAE module
Hello Zsolt, do you mean that you want your clientResource to redirect automatically? In this case, this is the new default behavior (see the followRedirect attribute). best regards, Thierry Boileau Hi Jerome, Your fix worked great for me! I use the FirstResource example to learn Restlet, which is based on ClientResource. Unfortunately I do not know how I should handle this kind of redirect in ClientResource. I have checked wiki and examples but I did not find any hints, so I would appretiate your help on this. Thanks, Zsolt 2009/4/25 Jerome Louvel jerome.lou...@noelios.com mailto:jerome.lou...@noelios.com Hi Keke, I've changed the way it this method is implemented in order to construct the Subject with the principals set already updated. This should prevent security exception. Let me know if it works better. Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org http://www.restlet.org/ Noelios Technologies ~ Co-founder ~ http://www.noelios.com http://www.noelios.com/ *De :* keke [mailto:iamk...@gmail.com mailto:iamk...@gmail.com] *Envoyé :* samedi 18 avril 2009 16:57 *À :* discuss@restlet.tigris.org mailto:discuss@restlet.tigris.org *Objet :* Re: bug? - AccessControlException on Restlet GAE module Can I simply return null in ServletCall.getSubject, because in GAE application usually relies on GAE's authentication. Cheers, Keke - We paranoid love life On Sat, Apr 18, 2009 at 10:25 PM, keke iamk...@gmail.com mailto:iamk...@gmail.com wrote: Hi, Does anybody else get AccessControlException when using restlet-gae? Everything goes well, unless I need to use GAE's authentication feature. After a successful login (on development env), I got following exception: java.security.AccessControlException: access denied (javax.security.auth.AuthPermission modifyPrincipals) B B B B B B B at java.security.AccessControlContext.checkPermission(Unknown Source) B B B B B B B at java.security.AccessController.checkPermission(Unknown Source) B B B B B B B at java.lang.SecurityManager.checkPermission(Unknown Source) B B B B B B B at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:76) B B B B B B B at javax.security.auth.Subject$SecureSet.add(Unknown Source) B B B B B B B at java.util.Collections$SynchronizedCollection.add(Unknown Source) B B B B B B B at org.restlet.engine.servlet.ServletCall.getSubject(ServletCall.java:345) B B B B B B B at org.restlet.engine.http.HttpRequest.getClientInfo(HttpRequest.java:231) Can I just use a mock Subject in gae env? Cheers, Keke - We paranoid love life -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1960032
Re: bug? - AccessControlException on Restlet GAE module
Hi Jerome, Your fix worked great for me! I use the FirstResource example to learn Restlet, which is based on ClientResource. Unfortunately I do not know how I should handle this kind of redirect in ClientResource. I have checked wiki and examples but I did not find any hints, so I would appretiate your help on this. Thanks, Zsolt 2009/4/25 Jerome Louvel jerome.lou...@noelios.com Hi Keke, I've changed the way it this method is implemented in order to construct the Subject with the principals set already updated. This should prevent security exception. Let me know if it works better. Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com -- *De :* keke [mailto:iamk...@gmail.com] *Envoyé :* samedi 18 avril 2009 16:57 *À :* discuss@restlet.tigris.org *Objet :* Re: bug? - AccessControlException on Restlet GAE module Can I simply return null in ServletCall.getSubject, because in GAE application usually relies on GAE's authentication. Cheers, Keke - We paranoid love life On Sat, Apr 18, 2009 at 10:25 PM, keke iamk...@gmail.com wrote: Hi, Does anybody else get AccessControlException when using restlet-gae? Everything goes well, unless I need to use GAE's authentication feature. After a successful login (on development env), I got following exception: java.security.AccessControlException: access denied (javax.security.auth.AuthPermission modifyPrincipals) B B B B B B B at java.security.AccessControlContext.checkPermission(Unknown Source) B B B B B B B at java.security.AccessController.checkPermission(Unknown Source) B B B B B B B at java.lang.SecurityManager.checkPermission(Unknown Source) B B B B B B B at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:76) B B B B B B B at javax.security.auth.Subject$SecureSet.add(Unknown Source) B B B B B B B at java.util.Collections$SynchronizedCollection.add(Unknown Source) B B B B B B B at org.restlet.engine.servlet.ServletCall.getSubject(ServletCall.java:345) B B B B B B B at org.restlet.engine.http.HttpRequest.getClientInfo(HttpRequest.java:231) Can I just use a mock Subject in gae env? Cheers, Keke - We paranoid love life -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1943957
RE: bug? - AccessControlException on Restlet GAE module
Hi Keke, I've changed the way it this method is implemented in order to construct the Subject with the principals set already updated. This should prevent security exception. Let me know if it works better. Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org/ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com/ http://www.noelios.com _ De : keke [mailto:iamk...@gmail.com] Envoyé : samedi 18 avril 2009 16:57 À : discuss@restlet.tigris.org Objet : Re: bug? - AccessControlException on Restlet GAE module Can I simply return null in ServletCall.getSubject, because in GAE application usually relies on GAE's authentication. Cheers, Keke - We paranoid love life On Sat, Apr 18, 2009 at 10:25 PM, keke iamk...@gmail.com wrote: Hi, Does anybody else get AccessControlException when using restlet-gae? Everything goes well, unless I need to use GAE's authentication feature. After a successful login (on development env), I got following exception: java.security.AccessControlException: access denied (javax.security.auth.AuthPermission modifyPrincipals) B B B B B B B at java.security.AccessControlContext.checkPermission(Unknown Source) B B B B B B B at java.security.AccessController.checkPermission(Unknown Source) B B B B B B B at java.lang.SecurityManager.checkPermission(Unknown Source) B B B B B B B at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityMan ager.checkPermission(DevAppServerFactory.java:76) B B B B B B B at javax.security.auth.Subject$SecureSet.add(Unknown Source) B B B B B B B at java.util.Collections$SynchronizedCollection.add(Unknown Source) B B B B B B B at org.restlet.engine.servlet.ServletCall.getSubject(ServletCall.java:345) B B B B B B B at org.restlet.engine.http.HttpRequest.getClientInfo(HttpRequest.java:231) Can I just use a mock Subject in gae env? Cheers, Keke - We paranoid love life -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1909247
Re: bug? - AccessControlException on Restlet GAE module
Can I simply return null in ServletCall.getSubject, because in GAE application usually relies on GAE's authentication. Cheers, Keke - We paranoid love life On Sat, Apr 18, 2009 at 10:25 PM, keke iamk...@gmail.com wrote: Hi, Does anybody else get AccessControlException when using restlet-gae? Everything goes well, unless I need to use GAE's authentication feature. After a successful login (on development env), I got following exception: java.security.AccessControlException: access denied (javax.security.auth.AuthPermission modifyPrincipals) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:76) at javax.security.auth.Subject$SecureSet.add(Unknown Source) at java.util.Collections$SynchronizedCollection.add(Unknown Source) at org.restlet.engine.servlet.ServletCall.getSubject(ServletCall.java:345) at org.restlet.engine.http.HttpRequest.getClientInfo(HttpRequest.java:231) Can I just use a mock Subject in gae env? Cheers, Keke - We paranoid love life -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1791082
