Re: OAuth2: How to resolve "Unable to get the template authorize.html."_130102
Hi Richard, The ContextTemplateLoader ctl = new ContextTemplateLoader(getContext(), "clap:///"); loads the templates from the class path and in a WAR this is WEB-INF/classes and WEB-INF/lib. You have to put to WEB-INF/classes/authorize.html and it will find the page. Other alternatives you can use the ContextTemplateLoader ctl = new ContextTemplateLoader(getContext(), "war:///WEB-INF/oauth2") Regards, Laszlo -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2964991
RE: Login page for OAuth Authorization Server_129146
Hi Matthew, I use the OAuth2 extension a while ago but I had to integrate the with OpenAM[1] and I found it difficult to extend to my need. I made my own extension[2] and I hope one time this can be the part of the official Restlet extensions. Back to you question you want to use a custom Form based resource owner authentication then you need to make your own authentication filter. Rest is a state-less implementation and the Form based authentication requires some state-session information which you can use when the user-agent accesses to the authorization end-point. You can write a Form Authenticator and Session Manager [3] like I use or you write your own. First Request: User-Agent access to /authorize endpoint. The Restlet Authentication filter can not authenticate the user then it show a login-form. Second Request: User-Agent submits the username/password and the Restlet Authentication filter authenticates the user and allow to display the OAuth2 authorization page. Third Request: User-Agent submits the decesion but the Restlet Authentication filter can not authenticate the user unless some session information is available. I guess you see the problem why it work with Basic authentication where the credential are alway included into the Request header. I hope I could help you to get further with your implementation. See my example[2] if you want to see more. Regards, Laszlo [1] http://openam.forgerock.org [2] https://svn.forgerock.org/openam/branches/oauth2-branch/opensso/extensions/oauth2/ [3] https://svn.forgerock.org/openam/branches/oauth2-branch/opensso/extensions/oauth2/org.forgerock.restlet.ext.openam/src/main/java/org/forgerock/restlet/ext/openam/server/OpenAMServletAuthenticator.java -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2956130
OSGI startup issue_128844
Hi Dmitry, It looks like the issue with the manifest file is not fixed. I had the same issue. http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2931502&orderBy=createDate&orderType=desc You can configure the boot delegation in your OSGi container end exports these classes then it works. More proper solution would be to export these classes from the system bundle and change the manifest file and explicitly import them. You can repackage this manifest https://github.com/restlet/restlet-framework-java/blob/master/modules/org.restlet.ext.ssl/META-INF/MANIFEST.MF Manifest-Version: 1.0 Bundle-ManifestVersion: 2 Bundle-Name: Restlet Extension - SSL support Bundle-SymbolicName: org.restlet.ext.ssl Bundle-Version: 2.2 Bundle-Vendor: Restlet S.A.S. Export-Package: org.restlet.ext.ssl, org.restlet.ext.ssl.internal Import-Package: javax.net.ssl, javax.security.auth.callback, org.jsslutils.keystores, org.jsslutils.sslcontext, org.jsslutils.sslcontext.keymanagers, org.jsslutils.sslcontext.trustmanagers, org.restlet, org.restlet.data, org.restlet.engine, org.restlet.engine.connector, org.restlet.engine.header, org.restlet.engine.io, org.restlet.engine.security, org.restlet.resource, org.restlet.service, org.restlet.util Bundle-RequiredExecutionEnvironment: JavaSE-1.6 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2950099
Re: Wrong MANIFEST information in org.restlet.ext.jackson.jar of verion 2.0.11 ?_127255
See the same issue at https://github.com/restlet/restlet-framework-java/issues/427 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2934857
Testing 2.1-SNAPSHOT in OSGi
I'm testing the 2.1-SNAPSHOT OSGi edition in OSGi environment I looked into the planned roadmap and I see there is an upcoming release in a month. I started to test the SNAPSHOT version and I can report back some problems if we find one. There is one big blocking bug https://github.com/restlet/restlet-framework-java/issues/14 so if you could fix that I can distribute my test code and we may find some more bug before the release. Additionally I have other proposal. I'm looking for a way to use the Directory and CLAP This works well in non OSGi environment root.attach("/resources", new Directory(childContext, "clap:///resources")); I have tho use custom class ClassLoader because none of these can load my resources. class: the resources will be resolved from the classloader associated with the local class. system: the resources will be resolved from the system's classloader. thread: the resources will be resolved from the current thread's classloader. There would be a convenient way but the method is private. Could you change it to protected so then I can use my own class to load the resource. import org.restlet.Request; import org.restlet.Response; import org.restlet.data.Method; import org.restlet.engine.local.DirectoryServerResource; public class ClassDirectoryServerResource extends DirectoryServerResource { /** * Returns a representation of the resource at the target URI. Leverages the * client dispatcher of the parent directory's context. * * @param resourceUri The URI of the target resource. * @return A response with the representation if success. */ private Response getRepresentation(String resourceUri) { Request request = new Request(Method.GET, resourceUri); request.getAttributes().put("org.restlet.clap.classLoader", ClassDirectoryServerResource.class.getClassLoader()); return getClientDispatcher().handle(request); } } I think for the future the OSGi extension may have some bundle client protocol beyond the simple CLAP. Thank you in advance, Laszlo -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2931506
Re: Weird ClassNotFoundException: javax.net.ssl.SSLContext in 2.1-SNAPSHOT OSGi
Thank you, Shell I create an issue for this or you can handle this bug? If I have more bug where shell is create? Tigris.org or Github.com ? Regards Laszlo On 4 Mar 2012, at 20:43, Andrei Pozolotin wrote: > Laszlo: > > this is because of restlet packaging bug: > > javax.net.ssl is not imported in org.restlet.ext.ssl bundle manifest; > > workaround: re-package dependency yourself to produce valid manifest; > > Thank you, > > Andrei > > Original Message > Subject: Weird ClassNotFoundException: javax.net.ssl.SSLContext in > 2.1-SNAPSHOT OSGi > From: Laszlo Hordos > To: discuss@restlet.tigris.org > Date: Sun 04 Mar 2012 04:44:11 AM CST >> I'm running the Restlet in Felix 4.0.2 OSGi and I got this exception. I >> didn't investigate further because I don't use HTTPS at this moment. >> >> My System Bundle exports the packages: >> javax.net,version=0.0.0.1_006_JavaSE >> javax.net.ssl,version=0.0.0.1_006_JavaSE >> >> I have these Bundles: >> >> 50Restlet APIorg.restlet 2.1.0.snapshot-v20120303-1415 >> Active >> >> 51Restlet Extension - FreeMarker org.restlet.ext.freemarker >> 2.1.0.snapshot-v20120303-1415 Active >> >> 52Restlet Extension - Apache HTTP Client org.restlet.ext.httpclient >> 2.1.0.snapshot-v20120303-1415 Active >> >> 53Restlet Extension - Jacksonorg.restlet.ext.jackson >> 2.1.0.rc3-v20120215-1756Active >> >> 54Restlet Extension - Servletorg.restlet.ext.servlet >> 2.1.0.snapshot-v20120303-1415 Active >> >> 55Restlet Extension - SSL supportorg.restlet.ext.ssl >> 2.1.0.snapshot-v20120303-1415 >> >> and I get: >> java.lang.ClassNotFoundException: javax.net.ssl.SSLContext not found by >> org.restlet.ext.ssl [55] >> at >> org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1460) >> at >> org.apache.felix.framework.BundleWiringImpl.access$400(BundleWiringImpl.java:72) >> at >> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1843) >> at java.lang.ClassLoader.loadClass(ClassLoader.java:247) >> at >> org.restlet.ext.ssl.internal.SslUtils.getSslContextFactory(SslUtils.java:181) >> at >> org.restlet.ext.httpclient.HttpClientHelper.configure(HttpClientHelper.java:269) >> at >> org.restlet.ext.httpclient.HttpClientHelper.start(HttpClientHelper.java:478) >> at org.restlet.Client.start(Client.java:260) >> at org.restlet.Component.startClients(Component.java:555) >> at org.restlet.Component.start(Component.java:537) >> at org.restlet.Restlet.handle(Restlet.java:301) >> at org.restlet.Component.handle(Component.java:389) >> at >> org.restlet.ext.servlet.ServletAdapter.service(ServletAdapter.java:206) >> >> >> I didn't try explicitly import like: >> >> Import-Package: org.jsslutils.keystores, >> org.jsslutils.sslcontext, >> org.jsslutils.sslcontext.keymanagers, >> org.jsslutils.sslcontext.trustmanagers, >> org.restlet, >> org.restlet.data, >> org.restlet.engine, >> org.restlet.engine.connector, >> org.restlet.engine.header, >> org.restlet.engine.io, >> org.restlet.engine.security, >> org.restlet.resource, >> org.restlet.service, >> org.restlet.util, >> javax.net.ssl >> >> >> If you think it's an issue and adding the extra import solves this then I'm >> glad I could help with this. >> >> -- >> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2930885 >> > -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2931502
Weird ClassNotFoundException: javax.net.ssl.SSLContext in 2.1-SNAPSHOT OSGi
I'm running the Restlet in Felix 4.0.2 OSGi and I got this exception. I didn't investigate further because I don't use HTTPS at this moment. My System Bundle exports the packages: javax.net,version=0.0.0.1_006_JavaSE javax.net.ssl,version=0.0.0.1_006_JavaSE I have these Bundles: 50 Restlet APIorg.restlet 2.1.0.snapshot-v20120303-1415 Active 51 Restlet Extension - FreeMarker org.restlet.ext.freemarker 2.1.0.snapshot-v20120303-1415 Active 52 Restlet Extension - Apache HTTP Client org.restlet.ext.httpclient 2.1.0.snapshot-v20120303-1415 Active 53 Restlet Extension - Jacksonorg.restlet.ext.jackson 2.1.0.rc3-v20120215-1756Active 54 Restlet Extension - Servletorg.restlet.ext.servlet 2.1.0.snapshot-v20120303-1415 Active 55 Restlet Extension - SSL supportorg.restlet.ext.ssl 2.1.0.snapshot-v20120303-1415 and I get: java.lang.ClassNotFoundException: javax.net.ssl.SSLContext not found by org.restlet.ext.ssl [55] at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1460) at org.apache.felix.framework.BundleWiringImpl.access$400(BundleWiringImpl.java:72) at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1843) at java.lang.ClassLoader.loadClass(ClassLoader.java:247) at org.restlet.ext.ssl.internal.SslUtils.getSslContextFactory(SslUtils.java:181) at org.restlet.ext.httpclient.HttpClientHelper.configure(HttpClientHelper.java:269) at org.restlet.ext.httpclient.HttpClientHelper.start(HttpClientHelper.java:478) at org.restlet.Client.start(Client.java:260) at org.restlet.Component.startClients(Component.java:555) at org.restlet.Component.start(Component.java:537) at org.restlet.Restlet.handle(Restlet.java:301) at org.restlet.Component.handle(Component.java:389) at org.restlet.ext.servlet.ServletAdapter.service(ServletAdapter.java:206) I didn't try explicitly import like: Import-Package: org.jsslutils.keystores, org.jsslutils.sslcontext, org.jsslutils.sslcontext.keymanagers, org.jsslutils.sslcontext.trustmanagers, org.restlet, org.restlet.data, org.restlet.engine, org.restlet.engine.connector, org.restlet.engine.header, org.restlet.engine.io, org.restlet.engine.security, org.restlet.resource, org.restlet.service, org.restlet.util, javax.net.ssl If you think it's an issue and adding the extra import solves this then I'm glad I could help with this. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2930885
OAuth extension - update from draft-10 to latest
Hi, I'm planning to implement my OAuth 2 authorization server and I'm looking for library I can use to implement it. I found the OAuth extension easy and I managed to develop one so good work, thank you. Now I'm looking into the details and I try to make a flexible and secure implementation. There are some constraints in the implementation that does not let me do without many workaround. So I hope I can get some help about what the close feature plan. I see Kristoffer Gronowski is working on the extension so I can offer my help and contribute back if he needs help. My goal is to support the latest draft (One reason is http://developers.facebook.com/docs/oauth2-https-migration/) and following the http://kantarainitiative.org/confluence/display/uma/Home initiative. The specification has six authentication Flow and it's open for custom ones and the current public "enum Flow { NONE, PASSWORD, REFRESH;}" does not let me extend. I also have many other suggestion we can discuss if I can use this extension to implement my server with this extension. Regards Laszlo Hordos -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2926213