Re: SSL modifications since 2.0 RC 1 ?

[Bruno Harbulot]

Hi Nicolas,

On 03/05/2010 15:09, Nicolas Rinaudo wrote:
 Hi Bruno,

 You certainly put a lot of effort into that !

 I have to admit that some of it went over my head - you obviously are
 a bit of an expert on the matter, which I'm not.

 If I understand you properly, the problem isn't Restlet, Safari, or
 even Java specific - it's a generic flaw (?) in client certificates
 management ?

Yes, it looks like it. I guess few services that rely on client
certificates reach that sort number of CAs they'd trust w.r.t. client
certificates. Usually, you'd tend to configure your server to accept
certificates for a smaller number of CAs, I think. 120+ is rather large 
and probably unusual.


 Which means that in my very specific, very selfish case, I should
 disable client certificate requests to make the problem go away.
 Which also means getting rid of the Simple connector, since this is
 hardcoded and can't be modified.

 Is that a fair summary, or did I misunderstand you even more badly
 than I thought ?

There are a few options:

1. Send an e-mail on the Simple framework list to request the feature. 
I'm afraid I don't have any spare time to do it, but the maintainer of 
Simple doesn't seem to be against the idea. Of course, that could take a 
bit of time to be implemented, but I guess it's worth asking. (Once it's 
in Simple, in a version that's then integrated in Restlet, adapting the 
connector should be straightforward.)

2. Use another connector and don't enable client certificate negotiation 
(the default in the other Restlet connectors).

3. Keep using Simple (with optional client-certificate negotiation), but 
use a smaller truststore (Note that you can't use an empty truststore.)
The easy way to do this would be to use your keystore as a truststore 
too (configuring the truststore* properties in addition to the 
keystore* properties to use the same corresponding values). You 
probably won't have more than your server certificate or perhaps the CA 
certificates in its chain, so you won't get anywhere near the limit.


Best wishes,

Bruno.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2602692

Re: Client Custom Header

[Jean-Philippe Steinmetz]

Since no one seems to have responded to this problem I was hoping someone
could shed some light on cookie setting. Similarly to adding my own header
to all outgoing client requests I could instead set a cookie. My one
requirement here is that I don't want to modify every outgoing request
individually. In other words, the following code *won't *work...

request.getCookies().add(myCookie, value);

Instead I need a solution where I set the cookie for the Client instance
once and it is respected across all future connections and requests. Is this
possible? Or am I really stuck having to add it to every outgoing request?
Also please note it is *not* possible to set the cookie on the server side.

On Mon, May 3, 2010 at 5:24 PM, Jean-Philippe Steinmetz 
caskate...@gmail.com wrote:

 Hi Stephan,

 Thank you for the response. I've implemented a filter and created one while
 setting the next property to be my client but I am not getting any calls
 to the beforeHandle function. My code looks like the following.

 class MyFilter extends Filter
 {
 public MyFilter() { this(null);
 public MyFilter(Context context) { this(context, null); }
 public MyFilter(Context context, Restlet next) { super(context, next);
 }

 public int beforeHandle(Request request, Response response)
 {
 System.out.println(HIT!);
 return CONTINUE;
 }
 }

 And my Spring configuration looks like this...

 bean id=client class=org.restlet.Client
 constructor-arg index=0
 bean class=org.restlet.Context/
 /constructor-arg
 constructor-arg index=1
 util:constant static-field=org.restlet.data.Protocol.HTTP/
 /constructor-arg
 /bean
 bean id=clientHelper
 class=com.noelios.restlet.ext.httpclient.HttpClientHelper
 constructor-arg ref=client/
 /bean
 bean id=myFilter class=MyFilter
 property name=next ref=client /
 /bean

 What am I missing? Thanks again.

 Jean-Philippe


 On Sat, May 1, 2010 at 3:49 AM, Stephan Koops stephan.ko...@web.dewrote:

 Hi Jean,

 the access is on both sides the same. That's an advantage of Restlet.
 To add the header for every request you could create a filter. It adds
 the header. Instead of send the request directly by the Client object
 you set the Client as next Restlet in the filter and your application
 sends all request via the filter.
 (I hope that's right ...)

 best regards
   Stephan

 Jean-Philippe Steinmetz schrieb:
  Hi,
 
  I'm trying to add a custom HTTP header to outgoing requests when using
  the restlet client API. Ideally i'm looking for some way to implement
  a helper class that can inject my header into every request as they
  are processed. However in looking through the documentation i'm not
  really finding what i'm looking for. I see in the FAQ it's possible to
  access headers but this seems to be from the server perspective. How
  do I get access from a client perspective?
 
  Thanks in advance,
 
  Jean-Philippe Steinmetz

 --

 http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2600427




--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2603060