Re: Unauthenticated access returns 204.
I've always thought that 401 "Not Authorized" was poorly chosen wording, because it really says the same thing as 403 "Forbidden". However, the requirement that a 401 status also MUST send a WWW-Authenticate header I think in practice has led 401 to really mean "Not Authenticated" and 403 to really mean "Not Authorized". Whereas in the description of 403 in rfc2616 section 10 explicitly states that "Authentication will not help", which implies that either no authentication is possible, the user is simply trying to do something the server doesn't want done, or it implies that the user is in fact authenticated, and the server is saying the authenticated user isn't authorized to do that. So where does that leave us? I guess I think that the abstract implementation of Authenticator should not simply return 204 to the client if Authentication has been set to be required, and a concrete subclass has returned false in the authenticate() method. It is OK, because it does in fact stop the filter, but I think it could be a little bit easier on the programmer implementing the concrete subclass. Perhaps setting the status to 403 is more appropriate in this case. Anyway, I trust the restlet team's judgement here, but if you decide to keep the behavior as it is, then I encourage you to document clearly that the unauthenticated() method will also need to be overridden in subclasses in order to produce behavior that results in a 401 or 403 upon returning false from the authenticate() method. I would be happy to look at possible implementations of changing the default behavior if it is something the restlet team thinks would be worthwhile. The good news is that as far as my current project goes, I have custom subclasses of Authenticators and Authorizers working very well and I really like the new security architecture, I'm just trying to figure out if this particular aspect of the behavior is as simple as it could be. Thanks for your time, Matt -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2429029
RE: ERROR messages in log file
Hi Jerome - I am sorry for such a long delay in my response. I am using ServerServlet in my application. I have one class which extends Application and several classes which extends Resource class. In my web.xml I have RestletServlet com.noelios.restlet.ext.servlet.ServerServlet In my case restlet functionality is working perfect by error messages appear in log file after each call. I can't use getLogService().setEnabled(false) because I do not inherit from Component. I make lots of debugging and have found out that Restlet Log has one Handler - Console handler. I have removed it and this helped to solve my problem, but this is not very good solution. Could you please help me? If you need more information, please let me know. Thanks, Denys jlouvel wrote: > > Denys, > > Could you give us more details about your Restlet configuration? For > example, do you deploy in a Servlet container? Do you use ServerServlet or > ServletAdapter (ex-ServletConverter)? > > Best regards, > Jerome Louvel > -- > Restlet ~ Founder and Lead developer ~ http://www.restlet.org > Noelios Technologies ~ Co-founder ~ http://www.noelios.com > > -Message d'origine- > De : Denys Hryvastov [mailto:dhryvas...@serena.com] > Envoyé : vendredi 12 juin 2009 15:47 > À : discuss@restlet.tigris.org > Objet : RE: ERROR messages in log file > > Thank you for response, Jerome - > > One more question: am I doing something wrong? What may be the reasons of > this ERROR messages? > > Thank you for help, > - Denys > > > jlouvel wrote: >> >> Hi Denys, >> >> This is produced by the LogService. It is similar to regular Web servers >> logging except that it goes in the console by default. To customize >> logging >> level and output formats, check: >> http://wiki.restlet.org/docs_1.2/13-restlet/48-restlet/101-restlet.html >> >> You can also turn it off altogether by calling >> getLogService().setEnabled(false) on your Component instance. >> >> Best regards, >> Jerome Louvel >> -- >> Restlet ~ Founder and Lead developer ~ http://www.restlet.org >> Noelios Technologies ~ Co-founder ~ http://www.noelios.com >> >> >> -Message d'origine- >> De : Denys Hryvastov [mailto:dhryvas...@serena.com] >> Envoyé : mardi 2 juin 2009 09:44 >> À : discuss@restlet.tigris.org >> Objet : ERROR messages in log file >> >> Hi All! >> I am using restlet 1.2-M2 and I am faced with such problem: >> I make calls to restlet services and get correct response, but after each >> call I get such messages in log file: >> ERROR 2009-06-02 10:33:57,654 STDERR -- 2/6/2009 10:33:57 >> org.restlet.engine.LogFilter afterHandle >> >> Can somebody tell me what is the reason why this messages appear? >> -- >> View this message in context: >> http://n2.nabble.com/ERROR-messages-in-log-file-tp3010777p3010777.html >> Sent from the Restlet Discuss mailing list archive at Nabble.com. >> >> -- >> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=23586 >> 79 >> >> -- >> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2360905 >> >> > > -- > View this message in context: > http://n2.nabble.com/ERROR-messages-in-log-file-tp3010777p3067726.html > Sent from the Restlet Discuss mailing list archive at Nabble.com. > > -- > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2361605 > > -- > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2362578 > > -- View this message in context: http://n2.nabble.com/ERROR-messages-in-log-file-tp3010777p4140039.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2428883
Re: IE 8 HTML request not working
Hello Fabian and Erick, thanks to your report, I've relaxed the checks made on the agent properties which was based on a string comparison sensible to the case. Now, the comparison ignore the case which should enable you to use the tunnel filter. The code is available in the svn repository and will be available in the next snapshot. Best regards, Thierry Boileau > Hello Thierry, > > For IE8, the logs show: > > INFO: 2009-12-04 12:43:27192.168.1.100 - - 9000 > GET /workspaces - 401 312 - 14 > http://192.168.1.10:9000Mozilla/4.0 > (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET > CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC > 6.0) - > > For IE7, the logs show: > > INFO: 2009-12-04 12:45:38192.168.1.10- - 9000 > GET /workspaces - 401 312 - 3 > http://192.168.1.10:9000Mozilla/4.0 > (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR > 3.0.4506.2152; .NET CLR 3.5.30729) > > If I add a small debug line to my resource, I get (after authenticating): > > INFO: ***DBG: getClientInfo().getAgentName(): MSIE > > for both IE7 and IE8, and both get the same representation, a ZIP (one > of the available representations), which is different from what all > the other browsers get, HTML > > On Fri, Dec 4, 2009 at 11:13 AM, Thierry Boileau > wrote: > >> Hi Fabian, >> >> could you tell us what is  the user-agent header sent by IE8? >> >> Best regards, >> Thierry Boileau >> >> >>> Hello there, >>> >>> I've enabled the TunnelService (Restlet 2.0M5, still didn't switch to >>> M6) like this: >>> >>>   public MyApp() { >>>     super(); >>>     getTunnelService().setUserAgentTunnel(true); >>>   } >>> >>> in the constructor of MyApp which extends Application, and IE (tested >>> with IE7, don't know about the others, but I'm sure it will be the >>> same), is still getting different representations (XML, JSON, ZIP, >>> instead of HTML) than the rest of the browsers. What's missing? >>> >>> Thanks in advance. >>> -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2428859
Re: Gzip on netty
ok.. thx ! work now ! On Wed, Dec 9, 2009 at 5:58 PM, Thierry Boileau wrote: > Hi kiwi, > > the gzip encoding of the entity is available via the "Encoder" filter. > For example, when declaring your application: >public Restlet createInboundRoot() { >Router router = new Router(getContext()); >router.attachDefault(HelloWorldResource.class); >[...] > >Filter filter = new Encoder(getContext()); >filter.setNext(router); >return filter; >} > > It will encode the provided entity according to the client's preferences. > > Best regards, > Thierry Boileau > > > hi, > > > > I just setup a rest app that use Netty as front end. > > > > however, it seem like is not g-zip enabled by default. > > > > how can i configure it and test it out ? > > > > kiwi > > > > happy hacking ! > > > > -- > > > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2427753 > > > > > > -- > > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2428801 > -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2428821
Re: riap authentication
Hi Thierry, Thanks a lot, I'll have a look. zsolt On Wed, Dec 9, 2009 at 12:25 PM, Thierry Boileau wrote: > Hi Zsolt, > > I send you a sample application that illustrates the scenario. > > Best regards, > Thierry Boileau >> Hello >> >> Is it possible to authenticate a request via the RIAP protocol? One of >> my application is guarded by BASIC authentication, and I'd like to use >> it from another restlet application. Both application are in the same >> component in servlet environment. >> >> Any documentation, code snippet would help. >> >> Thanks >> >> Zsolt >> >> -- >> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2426345 >> >> > > -- > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2428826 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2428831
Re: riap authentication
Hi Zsolt, I send you a sample application that illustrates the scenario. Best regards, Thierry Boileau > Hello > > Is it possible to authenticate a request via the RIAP protocol? One of > my application is guarded by BASIC authentication, and I'd like to use > it from another restlet application. Both application are in the same > component in servlet environment. > > Any documentation, code snippet would help. > > Thanks > > Zsolt > > -- > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2426345 > > -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2428826package riap; import org.restlet.Application; import org.restlet.Component; import org.restlet.Request; import org.restlet.Response; import org.restlet.Restlet; import org.restlet.data.ChallengeScheme; import org.restlet.data.LocalReference; import org.restlet.data.MediaType; import org.restlet.data.Protocol; import org.restlet.resource.ClientResource; import org.restlet.routing.Router; import org.restlet.security.ChallengeAuthenticator; import org.restlet.security.MapVerifier; public class Test { public static void main(String[] args) throws Exception { Component c = new Component(); c.getServers().add(Protocol.HTTP, 8182); c.getDefaultHost().attach("/a2", new A2()); c.getInternalRouter().attach("/a1", new A1()); c.getInternalRouter().attach("/a2", new A2()); c.start(); ClientResource r = new ClientResource( "http://localhost:8182/a2/restlet";); r.get().write(System.out); c.stop(); } private static class A1 extends Application { @Override public Restlet createInboundRoot() { Router router = new Router(getContext()); Restlet hello = new Restlet(getContext()) { @Override public void handle(Request request, Response response) { response.setEntity("hello, world", MediaType.TEXT_PLAIN); } }; Restlet restlet = new Restlet(getContext()) { @Override public void handle(Request request, Response response) { try { ClientResource r = new ClientResource(LocalReference .createRiapReference( LocalReference.RIAP_APPLICATION, "/hello")); r.get().write(System.out); System.out.println(" - called from a1"); } catch (Exception e) { System.out.println("Error when requesting /hello"); } response.setEntity("hello, world from A1: " + request.getResourceRef().getScheme(), MediaType.TEXT_PLAIN); } }; router.attach("/hello", hello); router.attach("/restlet", restlet); ChallengeAuthenticator guard = new ChallengeAuthenticator( getContext(), ChallengeScheme.HTTP_BASIC, "realm"); MapVerifier verifier = new MapVerifier(); verifier.getLocalSecrets().put("scott", "tiger".toCharArray()); guard.setVerifier(verifier); guard.setNext(router); return guard; } } private static class A2 extends Application { @Override public Restlet createInboundRoot() { Router router = new Router(getContext()); Restlet hello = new Restlet(getContext()) { @Override public void handle(Request request, Response response) { response.setEntity("hello, world", MediaType.TEXT_PLAIN); } }; Restlet restlet = new Restlet(getContext()) { @Override public void handle(Request request, Response response) { try { ClientResource r = new ClientResource(LocalReference .createRiapReference( LocalReference.RIAP_COMPONENT, "/a1/restlet")); r.setChallengeResponse(ChallengeScheme.HTTP_BASIC, "scott", "tiger"); r.get().write(System.out); System.out.println(" - called from a2"); } catch (Exception e) { System.out.println("Error when requesting /a1"); } ClientResource r2 = new ClientResource(LocalReference .createRiapReference( LocalReference.RIAP_APPLICATI
Re: Empty HTTP WWW-Authenticate header in response
Hello Yu, I think that your helper is either not recognized or does not specify correctly the "serverSide" attribute. Could you check that "serverSide" attribute is set to true, and that the Engine registers correctly your helper (check the Engine.getInstance().getRegisteredAuthenticators() list)? Best regards, Thierry Boileau > Hi, > > I implemented a custom Guard that handles multiple authentications, e.g. HTTP > Simplem, Amazon S3 (my own AmazonS3ServerHelper implementation), etc. > > According to HTTP spec., the server responses the "WWW-Authenticate" > header(s) when credentials are not provided in the request. So my code had > lines like: > > final List list = new > CopyOnWriteArrayList(); > list.add(new ChallengeRequest(ChallengeScheme.HTTP_BASIC, "HTTP > Simple Authentication")); > list.add(new ChallengeRequest(ChallengeScheme.HTTP_AWS_S3, > "Amazon S3 Authentication")); > //list.add(new ChallengeRequest(ChallengeScheme.HTTP_AWS, > "Amazon S3 Authentication")); > list.add(new ChallengeRequest(ChallengeScheme.HTTP_OAUTH, "HTTP > OAuth Authentication")); > response.setChallengeRequests(list); > > However, the HTTP response looks like: > HTTP/1.1 401 Unauthorized > Server: Apache-Coyote/1.1 > Date: > WWW-Authenticate: Basic realm="MRSP Simple Authentication" > WWW-Authenticate: > WWW-Authenticate: OAuth realm="HTTP OAuth Authentication" > Accept-Ranges: bytes > ... > The header value for Amazon S3 was empty. > > Does anyone know what and where it's wrong? > > BRs, > Yu > > -- > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2426314 > > -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2428817
Re: XML format in ATOM content element
Hello Rob, at this time the XMl writer consider the "content" element as simple text in any case (in the most general case, it can contain both text and XML elements) without taking care of formatting options. However, it is possible to use formatting in the special case of XML content. I've entered a new issue for that: http://restlet.tigris.org/issues/show_bug.cgi?id=975 Best regards, Thierry Boileau > Hi, > > I am trying to use the Restlet ATOM extension and I cannot figure out why > I am losing the formatting of my element in the Atom document I am > creating. Here is a piece of code from my class that extends ServerResource: > > public Representation getAtomFeed() throws IOException { > Feed f = new Feed(); > Map attrs; > > f.setTitle(new Text(MediaType.TEXT_PLAIN, "Feed Title")); > > f.setId("some identifier"); > > Person p = new Person(); > p.setName("me"); > f.getAuthors().add(p); > > Generator gen = new Generator(); > gen.setName("RESTlet"); > gen.setUri(new Reference("http://www.restlet.org";)); > gen.setVersion("2.0M6"); > f.setGenerator(gen); > > f.setUpdated(new Date()); > > //Add feed links > //... > > //Perform query that returns a map of strings. > attrs = something.getAttributes(someValue); > > Entry entry = new Entry(); > entry.setUpdated(new Date()); > entry.setId(identifier); > > Content c = new Content(); > c.setToEncode(false); > > c.setInlineContent(new SaxRepresentation(MediaType.APPLICATION_XML) { > @Override > public void write(XmlWriter writer) { >for(Map.Entry e : attrs.entrySet()){ > try { > writer.dataElement(e.getKey(), e.getValue() == null ? "" > : e.getValue()); > } catch (SAXException e1) { > e1.printStackTrace(); > } >} > } > }); > > entry.setContent(c); > > //Add entry links > //... > > f.getEntries().add(entry); > > return f; >} > > > Here is the ATOM feed that this code creates: > > > http://www.w3.org/2005/Atom";> > > me > >http://www.restlet.org"; version="2.0M6">RESTlet >some identifier >Feed Title >2009-12-07T13:03:04.79Z > > John Smith MD > John > Smith > MD > > entry identifier > 2009-12-07T13:03:07.65Z > > > > Is there a way to correct this format issue or I am completely off base with > my resource code. Any help is appreciated. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2428812
Re: Gzip on netty
Hi kiwi, the gzip encoding of the entity is available via the "Encoder" filter. For example, when declaring your application: public Restlet createInboundRoot() { Router router = new Router(getContext()); router.attachDefault(HelloWorldResource.class); [...] Filter filter = new Encoder(getContext()); filter.setNext(router); return filter; } It will encode the provided entity according to the client's preferences. Best regards, Thierry Boileau > hi, > > I just setup a rest app that use Netty as front end. > > however, it seem like is not g-zip enabled by default. > > how can i configure it and test it out ? > > kiwi > > happy hacking ! > > -- > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2427753 > > -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2428801
Re: Component configuration
Hi Jean-Christophe, there is a light sample code in the org.restlet.test.ComponentXmlTestCase class. Best regards, Thierry Boileau > Hello, > > I am looking for an example on how to configure a component with an xsd. > Anyone has a such example ? > > Thanks, > J-Christophe -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2428796
Re: Problem with virtualHost
Hello Jean-Christophe, I think you should use the other VirtualHost constructor, that is to say the one with the parent context: VirtualHost host = new VirtualHost(component.getContext()); best regards, Thierry Boileau > Hi, > > I have a problem with virtualHost. > > The following code works : > > public static void main(String[] args) { > try { > > final ConfigFile conf = new ConfigFile(); > > > // Create a new Component. > Component component = new Component(); > > // Add a new HTTP server listening on port 8182. > component.getServers().add(Protocol.HTTP, conf.getPort()); > component.getClients().add(Protocol.FILE); > > Application application = new Application() { > > @Override > public Restlet createRoot() { > Directory directory = new Directory(getContext(), > conf.getRoot_uri()); > directory.setListingAllowed(true); > directory.setModifiable(false); > directory.setDeeplyAccessible(true); > return directory; > } > }; > > // Attach the application. > component.getDefaultHost().attach(application); > > // Start the component. > component.start(); > } catch (Exception e) { > // Something is wrong. > e.printStackTrace(); > } > } > > > > but the following code does not work : > > > public static void main(String[] args) { > try { > > final ConfigFile conf = new ConfigFile(); > > > // Create a new Component. > Component component = new Component(); > > // Add a new HTTP server listening on port 8182. > component.getServers().add(Protocol.HTTP, conf.getPort()); > component.getClients().add(Protocol.FILE); > > Application application = new Application() { > > @Override > public Restlet createRoot() { > Directory directory = new Directory(getContext(), > conf.getRoot_uri()); > directory.setListingAllowed(true); > directory.setModifiable(false); > directory.setDeeplyAccessible(true); > return directory; > } > }; > > // Attach the application. > VirtualHost host = new VirtualHost(); > host.setHostDomain(conf.getHostname()); > host.setHostPort(String.valueOf(conf.getPort())); > host.attach(application); > > // Attach the host to the component. > component.getHosts().add(host); //host = localhost| > component.updateHosts(); > > // Start the component. > component.start(); > } catch (Exception e) { > // Something is wrong. > e.printStackTrace(); > } > } > > I do not understand why the second code does not work. Anyone can > explain me please ? > > Thanks, > J-Christophe -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2428794
Re: Unauthenticated access returns 204.
Hi Matt, basically, an authenticator aims at extracting all interesting data from the request in order to authenticate the request, that is to say check that the credentials conveyed by the request correspond to a known user. The enroler is then used to complete the Request#clientInfo attribute in order to give the application all necessary data about the current user. Another step is to say that this user is authorized according to the application policy to access the requested resource (via an authorizer filter). If the current user is not authorized, a 401 status code is returned. Having said that, one subclass of Authenticator, called ChallengeAuthenticator aims at handling requests based on "challenge schemes". This filter relies on an instance of the Verifier class that checks the credentials and authenticates users. In addition, due to the challenge mecanism, it ensures that the response to a unauthenticated request contains the necessary data (a ChallengeRequest object, corresponding to the "WWW-Authenticate" HTTP header) that will help the client to understand what happens and to correctly fulfill the next request. Thus, the 401 status code is used (perhaps a "unauthenticated request" status code would be better). I should mention that the DigestAuthenticator class is a subclass of ChallengeAuthenticator that specifically handles the case of the HTTP_DIGEST challenge scheme. Of course, this must not be confused with the "authorization" step which help to decides if an authenticated user is allowed or not to access precisely to a resource. Best regards, Thierry Boileau > I'm trying to implement a custom authenticator class and I'm a little stumped > by the behavior so far. When I override the authenticate() method to always > return false, I get back an HTTP 204 error. However, if I have it always > return true, then the request goes through correctly, so I think I have > everything wired up the right way. Based on my reading of the available > documentation, if authentication is set as required in the Authenticator > subclass (which is the default setting), then a 401 response should be sent. > Is this a bug? Or am I missing a required step in my subclass implementation? > > Thanks, > Matt > > The following illustrates the problem (in Groovy): > > import org.restlet.*; > import org.restlet.data.*; > import org.restlet.security.Authenticator; > import org.restlet.representation.*; > > class TestAuthenticator extends Authenticator > { > @Override > public TestAuthenticator(Context ctx){ super(ctx); } > > @Override > protected boolean authenticate(Request request, Response response) > { > return false; > //return true; > } > } > > class TestRestlet extends Restlet > { > @Override > public void handle(Request request, Response response) > { > response.setEntity(new StringRepresentation("hello, world\n", > MediaType.TEXT_PLAIN)); > } > } > > def component = new Component(); > Server http = component.servers.add(Protocol.HTTP, 8181); > component.clients.add(Protocol.FILE); > Context workingCtx = http.context; > def guard = new TestAuthenticator(workingCtx); > def restlet = new TestRestlet(); > guard.setNext(restlet); > component.defaultHost.attach(guard); > component.start(); > > -- > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2426801 > > -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2428784