Guillaume Laforge | 29 Jul 16:24 2015

Discussions moving to the new Google Group!

Hi all,

This Tigris-based mailing-list was the last element still hosted at Tigris, and we've decided to move the list to a brand new Google Group!

Here's the URL of the framework-discuss at restlet dot org group:

From now on, please post your questions, suggestions, contributions, etc, on the new mailing-list.

If you haven't been added to the new Google Group, please don't hesitate to subscribe to it!
As we can't easily export the list of accounts from our old Tigris lists, we might have missed some of you. So please double check that you can continue the discussion with us on the new mailing-list!

Thanks a lot for your attention, and looking forward to fruitful discussions there!

Guillaume Laforge
Product Ninja & Advocate

Tal Liron | 28 Jul 15:33 2015

Jetty 9.3 connector

Please help me test it! Especially exciting is support for HTTP/2.

Available here:


Ramesh | 21 Jul 15:19 2015

CSRF/XSRF prevention in Restlet

I am using Restlet 2.2.0 and CookieAuthentication with an embedded Jetty
plugin. In my application, I have 2 sets of pages.
   1) Pages that can be viewed by an unauthenticated user
   2) Pages that can be viewed only by an authenticated user

In both cases, I want to prevent CSRF/XSRF attack. It seems that by default
Restlet applications are vulnerable to CSRF/XSRF unless we do "something" to
prevent this. I could not figure out what to do in my application to prevent
such attacks. I have read about many solutions in the internet, but none of
them are discussing in reference to Restlet applications. 

I would appreciate if someone can guide me on how to prevent a Restlet
application from CSRF/XSRF attacks.


View this message in context:
Sent from the Restlet Discuss mailing list archive at


Jerome Louvel | 23 Jun 04:09 2015

Restlet Framework 2.3.3 released

Hi all,

We have just released a maintenance version on the stable branch. Here is the changes log:

    - Bugs fixed
       - Redirector does not translate response's entity location reference.
         Issue #1069.
       - Fixed tunnelFilter. + symbol (%2b) converted incorrectly when media 
         query parameter is used. Issue #804.
         Reported by Rob Elsner.
       - Fixed never ending call when an exception happens while writing the 
         response's entity using the internal HTTP server connector.
         Issue #1061. Reported by Gernot Pansy.
       - Prevented insertion of query params into POST request for JAX-RS client.
         Issue #1072. Reported by Edouard Mercier.
       - Fixed NPE when OAuth refresh token request when no scope is provided. 
         Issue #1080. Reported by Gernot Pansy.
       - Internal HTTP client doesn't fail anymore with null values in headers.
       - Improved robustness of Swagger translation code (import/export).
       - Fixed security scheme issue in RAML translator.
    - Enhancements
       - Allowed spaces in the values of the Java methods annotations. Issue #1099.
       - Added support for Chromium browser when extracting user agent info.
       - Added Swagger 2.0 import support in Swagger and APISPark extensions.

Download link:
Arjohn Kampman | 3 Apr 16:00 2015

unicode character in (disposition) headers

Hi all,

Restlet doesn't seem to support the encoding and decoding of non-ascii 
characters in http headers; at least not with the 2.2.3 release that 
we're using. The encoding of such characters is covered by RFC 5987 and 
RFC 6266. Is this already supported by 2.3.1? If not, any chance it can 
be added? I'm specifically looking for a way to encode non-ascii 
filenames in Content-Disposition headers. An overview of browser support 
for this encoding can be found at


Arjohn Kampman


Chirayu Desai | 16 Mar 12:30 2015

Unable to find converter for java.util.UUID

I am working on a client server application. I was using Restlet 2.0.3. Due
to a heavy load task my client was getting timed-out. I searched on the
forum and found that switching over to Restlet 2.2 would help. So I did
that. I upgraded my Restlet to 2.2.1. But now my code has stopped working at
precisely this method.

*public synchronized UUID generateUniqueSessionId(String userAtDomain)
        UUID newSessionId = UUID.randomUUID();
        SessionAttributes sessionAttributes = new SessionAttributes();
        loggedInUsers.put(newSessionId, sessionAttributes);
        return newSessionId;
So I am returning the UUID at last. This code is on the server and invoked
during login. Following is the error that I am getting from the logs.

*16 Mar 2015 11:23:18 WARN - Unable to find a converter for this object :

And this object referred in the log belongs to java.util.UUID

The code on the client side which invokes the server looks like this.

*public UUID authenticateUser(String username, String passwd) {

        try {
            String url =
RESTLetWebSvcsFactory.getFactoryInstance().getServer_URL() + "login/" +
username + "/" + passwd;

            Context context = new Context();

            Client client = new Client(context, Protocol.HTTP);
            ClientHelper helper = new ClientHelper(client);

            ClientResource cr = new ClientResource(url);
            LoginLogoutResource resource =
            return resource.loginUser();
        } catch (ResourceException re) {
            if (re.getStatus().isConnectorError()) {
                try {
                    String url =
RESTLetWebSvcsFactory.getFactoryInstance().getServer_URL() + "login/" +
username + "/" + passwd;
                    ClientResource cr = new ClientResource(url);
                    LoginLogoutResource resource =
                    return resource.loginUser();
                } catch (ResourceException re1) {
                    int statusCode = new
                    if (statusCode != -1) {
                        throw new UserCRUDException(statusCode);
            } else {
                throw new UserCRUDException(new
        return null;
Note: USERCRUDException is my own exception and not one of JAVA

Please help me resolve this problem which probably prevents returning the
UUID from the server and thus my application isn't moving ahead.

Thanks in advance

View this message in context:
Sent from the Restlet Discuss mailing list archive at


Chirayu Desai | 10 Mar 21:04 2015

Restelt Client Internal Connector Error (1002)

I am using a restlet 2.1 client sever based architecture, my client times out
within 1 minute after sending the request. and I get the following exception
Internal Connector Error (1002) - The calling thread timed out while waiting
for a response to unblock it.
	at org.restlet.resource.ClientResource$1.invoke(
	at com.sun.proxy.$Proxy17.getTaskList(Unknown Source)....

My code is as below :

import org.restlet.resource.ClientResource;

*ClientResource cr = new ClientResource(uri);
MyResource resource= cr.wrap(MyResource .class);
				updateStatus = resource.updateData(Parameter);*

how should I configure my client resource to avoid timeout ?

View this message in context:
Sent from the Restlet Discuss mailing list archive at


Xybrek | 8 Feb 07:49 2015

Restlet cannot process query parameter on ROOT path

I have this code:

 <at> Override
public Restlet createInboundRoot() {

     Router router = new Router(getContext());

     Redirector forward = new Redirector(getContext(), SOME_URL,

     router.attach("/" + "{id}", forward);
     router.attach("/rest/", RootServerResource.class);

     MyFilter myFilter = new MyFilter(getContext());

     return myFilter;

The problem with this code is that Restlet cannot seem to process query 
parameter on ROOT path:


Filter does not trigger.

However, when through the /rest/ part


Filter gets triggered.

What could be the problem with this code?


Jerome Louvel | 3 Feb 16:30 2015

Restlet Framework 2.3.1 released

Hi all,

We have just pushed the first maintenance version on the "stable" branch.
Here are the bug fixed:
- Reintroduced registration by default of the internal HTTP server connectors in JEE edition. - FormDataSet not properly serializing text/plain files. Issue #1006. Reported by johnjaylward. - Fixed fileupload extension for GAE and JEE editions. - Fixed potential NPE. Issue #1004. Reported by Philippe Perrault. - Reference scheme reverts to http when using https. Issue #998. Reported by Stephen C. Pope. - Fixed bug that prevented client code to properly consume error responses #1004 and #1018. Reported by Philippe Perrault and spraguep.
Xybrek | 15 Jan 13:27 2015

Is there any concrete example on how to use Restlet File Upload extension with Google App Engine?

Is there any concrete example on how to use Restlet File Upload 
extension with Google App Engine?

There are lots of example for Restlet File Upload but not for the GAE 
edition of Restlet? Is there any complete Upload example to do file 
upload with Restlet?


Xybrek | 14 Jan 01:45 2015

CRUD Operation for Calling ServerResouce with ClientProxy

I have this ServerResource that is called by a ClientProxy:

public class GaeThingServerResource extends SelfInjectingServerResource
         implements ThingResource {
     private static final Logger LOG
             = Logger.getLogger(GaeThingServerResource.class.getName());
      <at> Override
     public ThingItem createThing(ThingItem Thing) {
         return Thing;
      <at> Override
     public ThingItem readThing(Long id) {"Read Thing id=" + id);
         ThingItem result = store().get(ThingItem.class, id);
         return result;
      <at> Override
     public ThingItem updateThing(ThingItem Thing) {"Updating Thing=" + Thing.toString());
         return Thing;
      <at> Override
     public void deleteThing(Long id) {"Delete Thing id=" + id);
         store().delete(ThingItem.class, id);

This is called by:

public interface ThingResourceProxy extends ClientProxy {
      <at> Get
     public void readThing(Long id, Result<ThingItem> callback);
      <at> Delete
     public void deleteThing(Long id, Result<Void> callback);
      <at> Post
     public void createThing(ThingItem thing, Result<ThingItem> callback);
      <at> Put
     public void updateThing(ThingItem thing, Result<ThingItem> callback);
      <at> Get
     public void list(Result<ThingResultItem> callback);

With this code:

                 ThingResourceProxy thingResource = 

thingResource.getClientResource().setReference("/rest/thing/" + id);
                 thingResource.readThing(id, new Result<ThingItem>() {

However readThing method the Long id is always null, when is called, 
what could be the problem?