Re: What is the importantce of passwords when configuring HTTPS?

On 29/11/2011 20:39, Mark Kharitonov wrote: > Hi. > I have followed the Restlet HTTPS guide > (http://wiki.restlet.org/docs_2.0/13-restlet/27-restlet/46-restlet/213-restlet.html) > to configure HTTPS. In particular, it results in a code similar to this one: > > parameters.add("sslContextFactory",

Re: SSL needClientAuthentication not working

On 30/11/2011 07:12, Sean wrote: > Looks like this is definitely a bug... I have tried knocking Restlet back to > 2.0 and it functions as expected. 2.1RC1 and the 2.1 snapshot both won't > force clientauthentication. > I'd rather not switch back to 2.0 as I am using some of the new methods in > 2.1

Re: Client Authentication SSL using Jetty

On 28/11/2011 12:16, David C wrote: > Hi > > As it turned out. The problem was that setting the trust information lies > outside the restlet framework. Adding these two lines solved the user > authenticaiton problem using SSL for me. > > System.setProperty("javax.net.ssl.trustStore", key

Re: An unexpected status was returned: Communication Error (1001) - sun.security.validator.ValidatorExce

Hi, You should be able to pass your own SSLContext (similar to what you'd use with Apache HTTP Client 4) via an SslContextFactory in the "sslContextFactory" attribute, more or less like this: final SSLContext mySslContext = client.getContext().getAttributes().put("sslContextFactory",

Re: SAML 2.0 with Restlet

On 18/09/10 12:52, Sanchit wrote: > I am developing a web-services based project which is supposed to use > SAML as security token for communication with a centralized server... > The centralized server maintains the roles& policies associated with > other entities in the ecosystem. The centralize

Re: Embedded Jetty

Hi Roy, On 17/09/10 00:31, webp...@tigris.org wrote: > Bruno, > > I have a standalone Restlet server and I need to support HTTPS, so > I'm using jetty.xml to configure the SSLSocketConnector. I thought > Jetty 7 was the current version but I don't know any reason why Jetty > 6 won't work, so I'll

Re: Embedded Jetty

Hi, On 13/09/10 02:22, webp...@tigris.org wrote: > I'm attempting to use Jetty 7.1.5 with Restlet 1.1.10 however there's no > connector jar included for this version of Jetty - only Jetty 6.1. So, I'm > wondering is it possible to use Jetty 7? > > Also, I'm not sure where put jetty.xml so I can

Re: restlets : communicating in SSL with tomcat

On 25/08/10 13:53, Xavier Méhaut wrote: > Hi Bruno, > Actually our architecture is the following : > A PC runs a restlet server locally (withou a servlet container); the > resources served by this server call themselves other restlets which are > located into another restlet serveron another PC, bu

Re: HTTPS server

Hi Nicho, The second command (parameters.add("DefaultSslContextFactory", ...)) actually doesn't do anything, since it's the "sslContextFactory" parameter name that is user ("DefaultSslContextFactory" is a possible value but not the parameter name), so this falls back to the default configurati

Re: Use of ClientResource inside a server resource

Hi Xavier, In addition, if you're running the application within a servlet environment, you can configure the clients by adding this in the web.xml file: org.restlet.clients HTTP HTTPS CLAP FILE (Adapt the param-value as you need, it's a space-

Re: HTTPS connector

Hi Nicho, It looks like you need to add the com.noelios.ext.net or com.noelios.ext.httpclient jars to your classpath. Best wishes, Bruno. On 16/08/10 17:30, webp...@tigris.org wrote: > I am writing HTTPs client code as below, but encountered warning message. I > am using Restlet 1.1. I suspec

Re: restlets : communicating in SSL with tomcat

> at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > Source) > ... 19 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at > sun.security.provi

Re: restlets : communicating in SSL with tomcat

Hi Xavier, If you're using Restlet within a Servlet environment, it's the container configuration that matters regarding SSL. If you have configured SSL on your Tomcat container, this should be enough. What kind of errors do you get (and which version of Restlet, just in case)? Best wishes, Br

Content negotiation problem when using a specific server connector (Jetty, Simple or Netty)

Hi, The problem I described in was fixed in version 2.0.0 (I was using 2.0-RC4 for this test). Great! However, there's a new problem. (I'm using the same code: ) This works:

Optional authentication and ClientInfo.getAuthenticated()

Hi all, Perhaps something that I should have noticed earlier... Currently, an optional authenticator sets the ClientInfo to be authenticated whether or not the authentication was successful or took place. This is due to beforeHandle and authenticated: @Override protected int beforeHan

Re: Paging resources in GWT

On 03/08/10 15:35, Harald Pehl wrote: > I thought using query parameters too, but decided against it, because it > prevents caching of the resources. I'd say you're more likely to have problems with caching if you use a 'Range' header with a custom range unit than with a "normal" request with q

Re: Paging resources in GWT

On 03/08/10 14:36, Harald Pehl wrote: > In our current project we have lots of resources which return a subset of > bigger datasets. For that the paging information is provided as part of the > URL: > > //{offset}/{limit}[/{sortBy}[/{sortDirection}]] > > [] parts are optional. So valid URLs are >

Content negotiation problem when Content-Type in a GET request

Hello, I know it's unusual, but one of the clients I'm using (jQuery) sends a "Content-Type: application/x-www-form-urlencoded" header with its GET requests (because there's some data that's serialized in the query part of the URI, see [1][2]). I've looked at the HTTP specification, but I can't

Re: Chaining an authorization filter after a router

I would try something like this (two routers): Router usernameRouter = new Router(getContext()); router.attach("/users/{username}/", authorizer); Router otherRouter = new Router(getContext()); // I'm sure you'll find a better name authorizer.setNext(otherRouter); otherRouter.attach("", UserResou

Re: Chaining an authorization filter after a router

Hi, I think I misunderstood your original question. I thought that you could only know the owner of the resource once you got to that resource (e.g. by loading it from a database). If the path is your what determines ownership, then you should be able to do this by chaining the putting the aut

Re: Chaining an authorization filter after a router

On 28/06/10 16:27, Carles Barrobés wrote: > I'm trying to do the following: for URLs matching a pattern > "/user/{username}/resource...", where username designates the resource's > owner, I want to grant access only if the authenticated user matches the > owner of the resource. > I created a custo

Re: authentication error with jetty on browser

On 28/06/10 14:36, Laurent Garrigues wrote: > Hi Bruno, thanks for your answer > > I have no idea if it's a basic/digest authentication or a SSL/certificate. > When I use the browser, it does not open the login pop-up. > > If I remove "jettyServer.start();" it works fine, but not in jetty: > "22 ju

Content-type negotiation and user-agent tunnel

Hi, I'm trying to understand why Chrome and MSIE get a different content type via the tunnel than Opera, although the settings seem to be the same. I'm using 2.0-RC4, and accept.properties [1] seems to have the same settings for all the browsers. User-agent tunnelling is enabled in the applic

Re: Custom WWW-Authentication

On 23/06/2010 17:42, webp...@tigris.org wrote: > Thanks the reply. > > My plan is first step client calls server by http GET, second step > server response in 401 with WWW-Authentication: PPPK realm="***", > nonce="***", opaque="***", keyid="***", version="***". In the end, > client will response b

Re: How to obtain rootRef from the Application?

Hi, On 19/06/10 15:34, Thierry Boileau wrote: > Hello Kevin, > > at this time, the application is instantiated and attached, when handling the > first request. The main reason is that the context path of the app is not > known by advance. > You can still get this value as follow: > ServletContex

Re: authentication error with jetty on browser

Hi Laurent, On 16/06/10 16:49, Laurent Garrigues wrote: > Hello, > > I have an autentification error when I try to reach the URI on my browser > (Firefox). What kind of authentication error do you get, SSL/certificate or basic/digest authentication? If it's just basic/digest authentication, it

Re: Basic authentication via URL arguments

On 17/06/10 20:29, webp...@tigris.org wrote: > I've been using the "ChallengeResponse" mechanism to authenticate users so > far. > > ChallengeResponse challengeResponse = getRequest().getChallengeResponse(); > if( challengeResponse == null ){ > throw new RuntimeException("not authenticated")

Re: restlet on ijetty

Hi Martin, I'm sure a number of Restlet users would be interested in this (including Jerome and Thierry of course). There seems to be an open issue about it: http://restlet.tigris.org/issues/show_bug.cgi?id=1110 This may also be relevant if you're willing to contribute some code: http://www.res

Re: Unable to set Reason Phrase on successful request using Jetty

Hi Michael, On 07/06/10 15:41, Michael Rehse wrote: > Using Restlet 1.1.10 and the Jetty connector (com.noelios.restlet.ext.jetty > 1.1.10) deployed as a standalone application, if I set the status to "200 > Foo" the response comes back as "200 OK". > > This is not the expected behavior - is it? >

Re: java client code to https service under tomcat

On 08/06/10 16:19, p Nut wrote: > Thanks for your reply bruno. > > One thing i didnt mention in my earlier post was that my client app runs as a > portlet under liferay portal framework. So I am looking into the possibility > of liferay messing things up, but i doubt it. > > I have tried your cod

Re: java client code to https service under tomcat

Hi, On 07/06/2010 22:45, p Nut wrote: > I am trying to write a java client which calls the web service. all the > following circumstances work. > -access service using browser using http and also https. Using https, I can > access my service using a browser. I will have to accept the exception i

Re: Using multiple Applications

On 01/06/10 21:51, jupiterroom wrote: > Hi. > > I have an application and have implemented createInboundRoot to root the the > resources I want to use. Now I have something I consider to be a new > application and what to keep the routing seperate with a different > implementation of createInbound

Re: Which tool to use to see request/responses ?

There's also: - TCPmon , which sits explicitly between the client and the server (so the client has to know to send the request to the intermediate host/port). (It looks similar to CharlesWebProxy.) - Wireshark : this one capture

Re: Verifying Content-MD5

Hi Jean-Philippe, It doesn't, and the main problem is that you need to consume the stream for the digest to be computed. If you want to do it in a filter, you have to store whatever your read and then put the data back into the representation. I've just tried with a simple example and a some t

Re: HTTP over SSL client

On 18/05/2010 18:17, webp...@tigris.org wrote: > Hi Bruno, > I'd like to sincerely thanks for your answer :) > > After following your suggestions now I set parameters in this way: > > org.restlet.Server https_server = new org.restlet.Server(Protocol.HTTPS, > https_port); > https_server.setContext(

Re: HTTP over SSL client

Hi, On 18/05/10 16:19, iammyr wrote: > Hi everyone, > I have set up a REST application, using restlet-jse-2.0snapshot to which > I've added to servers: the first one supports the http protocol on port > 9877, while the second one supports the https protocol on port 9873 > > org.restlet.Server http

Re: Restlet - CharacterSet problem in represent method

Hi, I'm not sure where this comes from, but it might come from the original string that you're reading (it's not clear from your code fragment). It looks like it could be read in UTF-8 and then written as if it was ISO-8859-1. You might be able to get the correct output if you make sure it's th

Re: JAAS and JBoss 5.1

Hi Kevin, This sounds good. One of the main reasons to separate the Enroler from the Verifier was to give the ability to have two sources of information (for example, if verifying the credentials is done via Kerberos and fetching the roles is done via LDAP). I don't see using the Enroler as a s

Re: SSL issue with Jetty, Simple

Hi Dave, On 08/05/10 17:31, David Fogel wrote: > Hi Bruno- > > Thanks for your feedback and suggestions on this. We've sorted out a > few things: > > 1) You were right that the Simple extension needs to have the > truststorePath and truststorePassword configured in order to run. > Once we added t

Re: SSL issue with Jetty, Simple

Hi Dave, On 06/05/2010 17:07, David Fogel wrote: >> What does Firefox say in detail? Usually, you can get the certificate >> and it will tell you what's wrong with it (on the first dialog after the >> warning page, the one where you can get the cert and choose to >> accept/refuse it). > > firefox

Re: SSL issue with Jetty, Simple

Hi Dave, On 06/05/2010 15:16, David Fogel wrote: > > We had previously set up SSL with a self-signed cert, generated using > java keytool. This worked fine on Jetty and, until recently, with the > Simple connector, which had some hanging issues a few revisions ago > (but which may have been fixed

Re: SSL modifications since 2.0 RC 1 ?

Hi Nicolas, On 03/05/2010 15:09, Nicolas Rinaudo wrote: > Hi Bruno, > > You certainly put a lot of effort into that ! > > I have to admit that some of it went over my head - you obviously are > a bit of an expert on the matter, which I'm not. > > If I understand you properly, the problem isn't Res

Re: SSL modifications since 2.0 RC 1 ?

On 30/04/2010 16:06, Bruno Harbulot wrote: > Hi Nicolas, > > On 28/04/2010 12:55, Nicolas Rinaudo wrote: >> This might be an important bit of information. After running a few more >> tests, I realised that Safari would: >> - fail ignoring certificates if th

Re: SSL modifications since 2.0 RC 1 ?

Hi Nicolas, On 28/04/2010 12:55, Nicolas Rinaudo wrote: > This might be an important bit of information. After running a few more > tests, I realised that Safari would: > - fail ignoring certificates if the server is running on OS X. > - succeed in ignoring certificates if the server is running o

Re: SSL modifications since 2.0 RC 1 ?

Hi Nicolas, Nicolas Rinaudo wrote: > First, thanks for taking the time to look into this, I really appreciate it. > > Now, to answer your post. > >> 2. By default, the SSLContext (on the server connectors) is created by >> the DefaultSslContextFactory, which follows the defaults of the JSSE Ref

Re: SSL modifications since 2.0 RC 1 ?

Nicolas Rinaudo wrote: >> Could you clarify what you mean by accept/ignore? I'm not sure what this >> means in the context of Firefox/Safari. > > Right, sorry, that wasn't very clear. > > "Accept": the browser will load the page without complaint. > > "Refuse": the browser will fail to load the

Re: SSL modifications since 2.0 RC 1 ?

Hi Nicolas, Nicolas Rinaudo wrote: > Hey, > > We've just upgraded form RC 1 to RC 3 (we skipped RC 2 due to blocking > issues), and there appears to have been some changes in the way SSL keystores > are managed - our test self-signed certificate that worked perfectly with RC > 1 now has issues

Re: HTTPS / SSL not working after updating to trunk

Hi Dave, On 25/03/2010 21:47, David Fogel wrote: > Hi Bruno- > > So, I got Jetty working as the connector, and yes, it does seem to > work fine with our previously discussed HTTPS configuration. So that > can hold us for now, but we do eventually want to use the Simple > connector. > > Incidental

Re: HTTPS / SSL not working after updating to trunk

To give you a bit more details, just in case you manage to see a bit more what's happening on your side, the patch that was put in the trunk today (r6407) was clearly due to the fact I had omitted a very important line: the one that passes the parameters to the factory: if (result ==

Re: HTTPS / SSL not working after updating to trunk

Hi David, David Fogel wrote: > Hi Bruno, Jerome- > > Thanks for taking a look at this! I've just updated to the latest in > trunk (SVN revision 6407). > > Unfortunately, the fix doesn't seem to be working- in fact now what > I'm seeing is that the connection is never made from the client, but >

Re: HTTPS / SSL not working after updating to trunk

sttest"); The use of SslContextFactory is for people who want to pass more customised SSLContexts. Best wishes, Bruno. Bruno Harbulot wrote: > Hi, > > Sorry, that's probably due to a patch I submitted a few weeks ago and > that was put in the trunk a couple of days

Re: HTTPS / SSL not working after updating to trunk

Hi, Sorry, that's probably due to a patch I submitted a few weeks ago and that was put in the trunk a couple of days ago. The aim was to consolidate the SSL settings to have them in one place, but it seems that there was a line missing unfortunately. Here is a patch: diff --git a/modules/org.

Re: Context and Application

Hi, I tend to go for option 2 or to use JNDI, which may help when using a Servlet container. Unless your ServerResources are extremely generic, it's quite likely that they're going to have to know what to expect to load from the context (or JNDI). One way to make sure changing the attribute nam

Re: Content type negotiation with annotations

Hi Thierry, Thanks, removing these lines solves the problem. Best wishes, Bruno. Thierry Boileau wrote: > Hello Bruno, > > thanks for the test case. You can remove the following lines from the > "init" method : > > getVariants().add(new Variant(MediaType.TEXT_HTML)); > getVariants().add(new

Re: Content type negotiation with annotations

Hi Thierry, I've just tried it on 2.0-RC1. Here is a jUnit test case. SampleResource1 and SampleResource2 offer both plain text and HTML on GET, and for simplicity, only HTML on POST (but that's only determined by the method itself -- the problem is that it's not even called). SampleResource1

Content type negotiation with annotations

Hi, Firstly, I'd like to write a ServerResource that uses @Get("xml") and @Get("html") for content negotiation on GET but not on POST (where it would return a different content-type depending on what the method does, or do the negotiation internally). Secondly, I'd like to be able to post some

Re: A GET with query parameters?

Hi, Any specific reason why you don't want to use a "normal" query like this? http://mysite.com/farms?size=n You could then get the query parameters with: Form queryParams = getRequest().getResourceRef().getQueryAsForm(); String size = queryParams.getFirstValue("size"); Best wishes, Br

Re: Access to HttpSession from Restlet ...

Hi, I've just submitted a patch: http://restlet.tigris.org/issues/show_bug.cgi?id=1050 It can be useful for some applications to have access to the TLS session ID. (This could possibly be used by some ongoing FOAF+SSL work for example.) Regarding the use of SSL session ID for maintaining sessi

Re: M7 and TunnelService fix still not working for IE7/8 (or so it seems)

Hi, Just in case it may help, last week, I had to use the following configuration for IE8, using the snapshot in the Maven repository (org.restlet-2.0-20100210.140104-6132.jar). #Internet explorer agentName: msie acceptOld: */* acceptNew: text/html,application/xhtml+xml,application/xml;q=0.9,*/*

Re: ConcurrentModificationException from Resource

Hi, The groupIds in the Maven repository have changed after 2.0M3 to take into account the notion of editions (JEE, JSE, GWT, Android). You can use org.restlet.jee or org.restlet.jse (for example) instead of org.restlet. Best wishes, Bruno. Ruben Hernando wrote: > > Hi, > > I can't see that

Re: Access to HttpSession from Restlet ...

Stefan Meissner wrote: >> What I'm still not clear about is what you're trying to do with it here >> (I don't how well you know SSL/TLS). Whether with Restlets or Servlets, >> it doesn't seem right to use that for maintaining some sort of >> application session. > > As you may have noticed I'm

Re: Access to HttpSession from Restlet ...

Hi, Stefan Meissner wrote: > Hi, > >> However, the SSL sessions have nothing to do with the Servlet's session >> (and they're unlikely to be suitable as a replacement for such sessions >> anyway). > > I was afraid it's not the same. What I need is an equivalent to: > 'javax.servlet.request.s

Re: Access to HttpSession from Restlet ...

Hi, It currently isn't possible to retrieve the SSL session ID (in the same way as it's possible to retrieve the cipher suite or the client certificates from the Restlet Request. It could make sense to implement this, and I wouldn't mind contributing a patch to do so. Feel free to put an RFE in

Re: Restlet client connecting to server with self signed certificate

On 11/02/2010 23:14, Rocky V wrote: >>> >>> Do you mean to say, I can use something like this: >>> secureProtocolSocketFactory = new >>> SslContextedSecureProtocolSocketFactory(...); >>> org.apache.commons.httpclient.protocol.Protocol >>> .registerProtocol( >>> "https", new org.apache.

Re: Restlet client connecting to server with self signed certificate

Hi Rocky, On 10/02/2010 19:08, Rocky V wrote: > Bruno Harbulot wrote: >> Rocky V wrote: >>> I am on Restlet 1.1.5 and can upgrade to 1.1.8 (last known stable version >>> from restlet.org) if need arises. >>> My problem is to trust all certificates for my Re

Re: Restlet client connecting to server with self signed certificate

Hi Rocky, Rocky V wrote: > I am on Restlet 1.1.5 and can upgrade to 1.1.8 (last known stable version > from restlet.org) if need arises. > My problem is to trust all certificates for my Restlet client using HTTPS > (apache common). Am I right in understanding that you want your client to trust an

Re: Restlet Client class with custom SSLSocket/SSLContext

Hi Adrian, In Restlet 2, you can pass SslContextFactories to the client context. import org.restlet.engine.security.SslContextFactory; import org.restlet.engine.security.DefaultSslContextFactory; ... // Example with the default SslContextFactory SslContextFactory sslContextFactory = new DefaultS

Re: @Get for many Variants

Hi, You could use org.restlet.engine.converter.ConverterHelper too. You might want to register your own Converter if you're not satisfied with the default ones. In this case, the if-MediaType logic will be in the ConverterHelper's toRepresentation method. public class SearchResource extends Se

Re: including restlet in a maven project

Hello, Marc Limotte wrote: > Great, this worked for me... got 2.0-m6, although I had to use the > instructions to manually download it into my local repository. > You can also add the repository to your POM: restlet Public online Restlet repository

Re: how to set up client certificate in restlet 1.1.4 for HTTPS?

Hi, Using client-certificates with Restlet 1.1 is not well supported (in fact, it's not supported at all, but there are workarounds to make it work in some cases). I'd suggest upgrade to Restlet 2; there might still be bugs with some connectors, but the Apache HTTP client and the Net connector

Re: 'java.security.UnrecoverableKeyException: Cannot recover key' in https Restlet client

I've just created this issue on this topic: http://restlet.tigris.org/issues/show_bug.cgi?id=977 Bruno. Bruno Harbulot wrote: > Hi Mikis, > > This definitely sounds like a bug. I'll try to address it shortly. > Meanwhile, I'd suggest working around it by using anot

Re: 'java.security.UnrecoverableKeyException: Cannot recover key' in https Restlet client

Hi Mikis, This definitely sounds like a bug. I'll try to address it shortly. Meanwhile, I'd suggest working around it by using another connector if you can (for example, but putting the org.restlet.ext.net or org.restlet.ext.httpclient on the classpath if you can). I suspect that these connect

Re: 'java.security.UnrecoverableKeyException: Cannot recover key' in https Restlet client

Hello, Do you know if your user has a '.keystore' file in the home directory? Would it work better if this file was out of the way? If so, this could be related to the side effect I found when fixing . I'd suggest fixing this issue by

Re: HTTPS with Tomcat

Hi Dustin, If you're running within Tomcat (or other servlet containers), it's Tomcat that deals with the SSL connector, not the Restlet connector. Therefore, this setup has nothing to do with what's on the Restlet wiki regarding SslContextFactories (which are only for connections with a direct

Re: FirstResource Example - What is Item

Hello, I'm not sure where you got your examples from (perhaps there's a packaging error somewhere), but it's in the same package, in the subversion repository: http://restlet.tigris.org/source/browse/restlet/trunk/modules/org.restlet.example/src/org/restlet/example/firstResource/ Best wishes,

[2.0 trunk] Using get(Variant) to return representation after PUT

Hello, I've just tried a short-cut to return the representation after a PUT: calling get(variant), but it doesn't work as if it was doing a direct GET. I'm not sure if it's a just a bad idea or if we should try to make it work. The test case looks like this: public MyClass extends ServerResou

Re: SEVERE: don't pass the component context to child Restlets anymore

Hi Jim, It's actually quite important to separate the various settings you pass to the Component (and the connectors) from those you pass to the Application itself. This way, you prevent leakage of sensitive information (such as private keys for SSL connectors) to the Application. One easy way

Re: Disabling weak ciphers in Restlet

Hi, You should be able to select the cipher suites you want explicitly (otherwise, the default ones will be used) by setting the "enabledCipherSuites" and/or "disabledCipherSuites" attributes on your instance of Server. These attributes should contain a array of Strings (for example "TLS_RSA_W

Re: Integrating Apache and Restlet server like Apache and Tomcat

Hi Ashish, As Rémi said, mod_proxy might be better for what you need. In addition, mod_jk seems to have been deprecated in favour of mod_proxy_ajp (both use AJP). There is more about this on the Jetty wiki: http://docs.codehaus.org/display/JETTY/Configuring+AJP13+Using+mod_jk The only case wh

Re: Integrating Apache and Restlet server like Apache and Tomcat

Hi Ashish, Ashish Sharma wrote: > Hello, > > I have my Apache http server running on localhost:80 and restlet server on > localhost:8182, but I want to configure above combination just like Apache > http server and Apache tomcat servlet container can be configured with mod_jk > library. > > I

Re: Client Authentication PKI

Hi Dan, The idea is to pass an instance of an SslContextFactory as an attribute (or a class name as a parameter) of the Context. In the 1.1 branch on the server side, the SSLContext is set up as follows: 1. If there is a *instance* of SslContextFactory in the "sslContextFactory" *attribute* of

Re: Client Authentication PKI

I should also say that this feature has only been implemented quite recently on the client side, so you might need a recent version of Restlet. More on this topic at: http://restlet.tigris.org/issues/show_bug.cgi?id=586 Best wishes, Bruno. Bruno Harbulot wrote: > Hi Dan, > >

Re: Client Authentication PKI

Hi Dan, You can't really do this with a ChallengeScheme/ChallengeResponse or something similar, since it the certificates are passed at the SSL/TLS layer, which is under HTTP. If you don't want to use the system properties, you can use your own SslContextFactory passed as an argument to the cl

Re: Client HTTPS Invalid keystore format

Hi Laurent, Laurent Garrigues wrote: > keytool -genkey -v -alias serverX -dname "CN=serverX,OU=IT,O=JPC,C=GB" > -keypass password -keystore serverX.jks -storepass password -keyalg "RSA" > -sigalg "MD5withRSA" -keysize 2048 -validity 3650 I'd suggest using SHA1withRSA instead of MD5withRSA, si

Re: Client HTTPS Invalid keystore format

Hi Laurent, Where do you put this file and/or where do you configure it (are you passing it via system properties)? It might not be using the file you want. I suspect that, if you haven't configured anything more, it would be using the cacerts file provided with your JRE. Best wishes, Bruno.

Re: Auth by client's certificate

Hi, I'm not sure. If GrizzlyServerCall is running from the same thread the SSLReadFilter is used, SSLReadFilter.doPeerCertificateChain(...), with the selection key in the GrizzlyServerCall should work. What you need ultimately is to get hold of the SSLSession (via SSLEngine or SSLSocket), inva

Re: Auth by client's certificate

Hi Evgeny, Evgeny Shepelyuk wrote: > Hello, > > I'm using Jetty as restlet HTTP engine with SSL enabled and client's > certificate auth. > Probabaly it's more related to Jetty but is this possible to make server > only ask > for certificates only for certain URL. > > I'm NOT USING needClient

Re: Patch for MetadataService to support XSL files with the more common extension ".xsl"

Hi Fabian, The procedure to contribute to Restlet is described here: http://www.restlet.org/community/contribute In short, for a patch to be included, you would have to sign the JCA and get in touch with Jerome or Thierry. Best wishes, Bruno. Fabian Mandelbaum wrote: > Hello, > > I've asked

Re: Restlet SSL and Weblogic (even tomcat would help)

Hi Andy, webp...@tigris.org wrote: > > When I started this as a Java application, I didn't need any other relavent > configuration, no web.xml. I don't really understand how but somehow this > starts up a > Jetty Container. I am told (please correct if I am wrong) that somewhere in > org.rest

Re: Question about 'org.restlet.engine.Engine.registerHelper(ClassLoader, URL, List, Class)'

Hi, Marcelo Paternostro wrote: > My environment is: > > - Eclipse 3.5 > - The Jetty support offered by Eclipse > > So I've added all 'org.mortbay.jetty.*' bundles that come with Eclipse plus > 'org.restlet.ext.jetty' to the class path and run the basic restlet example > just to see it dying in

Re: Restlet SSL and Weblogic (even tomcat would help)

Hello, Andrew Whelan wrote: > Hello, > > I am trying to deploy a Restlet application as a Servlet to weblogic using > SSL for authentication and authorization. I have successfully gotten the SSL > authentication to work with my Restlet, running it as a Java application > using the default Jett

Re: Licensing question

Hello, webp...@tigris.org wrote: > Thanks for the help. I actually ended up finding another source for the > javax.xml.stream jar at http://stax.codehaus.org/Home which uses the Apache > 2.0 license. I'm actually confused by the process by which you're verifying the licences of Restlet and it

Re: Licensing question

Hello, (Please don't consider what I'm saying here as legal advice...) Restlet 1.1.4 only bundles the compiled code (so no source code to scan there) and provides a link to . The source bundle I've been able to get from (I'm not sure i

Re: Content Negotiation for Safari 4. Any way to override?

Hi Bruce/Thierry, It seems that the code has changed between version 1.1 and 2.0. In 1.1.5, com.noelios.restlet.application.TunnelFilter uses 'equalsIgnoreCase' (line 388), whereas in the trunk (2.0), org.restlet.engine.application.TunnelFilter uses 'equals' (line 528). I think it makes sense

Re: Content Negotiation for Safari 4. Any way to override?

Hi Thierry, I'm not entirely sure what the intended behaviour of the TunnelService (regarding user-agents) is. Could you confirm this should be as follow (assuming the user agent tunnel is switched on in the service)? Step 1. The TunnelService parses the 'User-Agent' header and compares it to

Re: 2.0m3 and content negotiation

Hi Jerome, Sorry, I might have been using the wrong jars by mistake. It seems to work now indeed. Thanks! (This being said, I think this gave me the opportunity to find another unrelated bug :-) : I'm going to send an e-mail to the dev list about that.) Best wishes, Bruno. Jerome Louvel wrot

Re: Relative URI in GWT Restlet

Hello, I'm having the very same problem (regarding relative URIs). I think I've traced the problem: it's a client-side issue, and an exception is currently thrown if the URI doesn't start with "http". I'd like to suggest the following patch to allow for relative URIs too: diff --git a/module

Re: 2.0m3 and content negotiation

Hi Jerome, I've just upgraded to revision 5104. (I've have looked in details at the changes in the code.) I'm still not clear what should work with annotations. The simple test-case I'm using tries to do content-type negotiation between text/plain and application/xml. public class TestResour

Re: 2.0m3 and content negotiation

ally useful, since there's always going to be the problem when building the returned representation within the method (for example, it doesn't prevent from making mistakes and having a method with @Get("xml") returning a StringRepresentation built with MediaType.IMAGE_JPEG). Be

Re: 2.0m3 and content negotiation

rverResource.java doesn't seem to be formatted properly in revision 5060, by the way. Best wishes, Bruno. Bruno Harbulot wrote: > Hi Jerome, > > Is there a full list of the annotation parameters? > According to these pages, they're not media-types: > - http://wiki.re

  1   2   >