headers
Kristoffer Gronowski | 1 Nov 2011 15:46
Picon

RE: Possible discrepancy in OAuth extension - scope encoding in token validation request

Hi John!

Then I got you right the first time.
When it comes to the API between the Authorization server and the Resource server it is outside of the scope
of the OAuth 2 spec. Here is a quote:

"1.1.  Roles

   OAuth defines four roles:

   resource owner
      An entity capable of granting access to a protected resource (e.g.
      end-user).
   resource server
      The server hosting the protected resources, capable of accepting
      and responding to protected resource requests using access tokens.
   client
      An application making protected resource requests on behalf of the
      resource owner and with its authorization.
   authorization server
      The server issuing access tokens to the client after successfully
      authenticating the resource owner and obtaining authorization.

   The interaction between the authorization server and resource server
   is beyond the scope of this specification.  The authorization server
   may be the same server as the resource server or a separate entity.
   A single authorization server may issue access tokens accepted by
   multiple resource servers."

Having that said in Restlet the interfaces are designed in a way so that you should use them and not care about
(Continue reading)

Permalink | Reply | 3 comments |
headers
Sebastian Wenninger | 2 Nov 2011 11:22
Picon

SSL on Google App Engine

Hi!

I want to secure my Rest-Application on the Google App-Engine by only
allowing calls via HTTPS/SSL.
Because i didn't really know how to do this, i first removed the
HTTP-Connector from the list of available connectors in my web.xml.

<servlet>
	<servlet-name>RestletServlet</servlet-name>
	<servlet-class>org.restlet.ext.servlet.ServerServlet</servlet-class>
	<init-param>
		<param-name>org.restlet.application</param-name>
		<param-value>de.server.rest.ServiceApp</param-value>
	</init-param>
		

       <init-param>
           <param-name>org.restlet.clients</param-name>
          <param-value>HTTPS FILE</param-value>
       </init-param>
</servlet>

It's still possible to access my webservice via plain HTTP though.
What do i have to do to only allow HTTPS?
Do i have to provide my own SSL-Certificate, or does somebody know a way to
use the certificate provided by the appspot.com Domain?

Best Regards,
Sebastian
(Continue reading)

Permalink | Reply | 2 comments |
headers
Stephan Koops | 2 Nov 2011 19:36
Picon

RE: Re: JAX-RS and charsets in posts

I think FormReade is a general restlet class, not especially JAX-RS, right? Than it could be a general issue.

best regards
  Stephan

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2871360
Permalink | Reply | 0 comments |
headers
lagarde mathieu | 3 Nov 2011 15:42
Picon

Session, google app and sip

Hello

It's been a while since I ever used restlet and I have some question. I hope they'll be understandable, and if
my english isn't good enough you can correct me :)

1. I wan't to know (Actually I have a doubt) if restlet is multithreaded for message reception.

2. In this case, I think it used a thread pool but how
configure it ?

3. In Google app engine (gae), after a research I noticed that thread isn't allowed and they said to used task
queue. So the gae restlet version, used task queu or it's just a monothread version ?

4. How can I contact a client because I noticed sessions isn't allowed and it's not restfull ? because I wan't
to make some social tool in my application (video game) like a chat or friend management.

5. I see that there is a sip extention that allow me to do a video games (this is my case). But in documentation I
can't find any session function or other. Have you got an idea ?

6. I know sip isn't http but can I used (can't remember name) url segmentation with it?
exemple:
send something to using sip to:
http://myserver/party/[partyid]

thanks you for all your answer.

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2872441
(Continue reading)

Permalink | Reply | 1 comment |
headers
Nitin Arora | 5 Nov 2011 03:41
Picon
Favicon

Problem ignoring local addresses when calling restlet webservices using HtpClientConnector (Ext package)

Hi Guys,

I'm facing an issue of proxy not getting bypassed for local addresses that I
use to access server rest api's. Here is the description of the scenario.

I have a server with Rest api's running locally on port 8006. I'm using
Restlet client (HttpClientHelper) connector to access the services. Client
machines access internet through a proxy server.

When the application initialized, I read the proxy settings automatically
and set it as displayed below:

client.getContext().getParameters().add("proxyHost",
proxySelector.getHostname());
client.getContext().getParameters().add("proxyPort",
Integer.toString(proxySelector.getPort()));

I also set the system proxy to bypass proxy for local calls as displayed
below:

System.setProperty("nonProxyHosts", "localhost|127.0.0.1");

But, calls to http://localhost:8006 still goes through the proxy. I debugged
it further and found that 
*org.restlet.ext.httpclient.HttpClientHelper* has no code to read this
system property and enable the calls to use this.

I'm stuck on this. Can somebody throw some light on how to make
HttpClientHelper read this system property to bypass the proxy while
accessing local server?
(Continue reading)

Permalink | Reply | 5 comments |
headers
pangwei | 7 Nov 2011 07:18
Picon

Problems about restlet URL

hi

We have two questions when we use restlet. Could you be so kind to help
us out?

We find that in the site:
http://www.ibm.com/developerworks/webservices/library/ws-restful/
----------------------------
One of the key characteristics of a RESTful Web service is the explicit use of HTTP methods in a way that
follows the protocol as defined by RFC 2616.
----------------------------

So could you tell us :
1. Is the restlet URL encoding compatible for  RFC 2616 protocol?
so that we can tell our users the rule that the URL encoding should obey.

2. Can we use the restlet URL according to  RFC2616 protolcol?
Does restlet implement the RFC2616 protolcol fully  or partialy?
If latter, which parts are implemented and which parts are not
implemented?

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2875881
Permalink | Reply | 1 comment |
headers
Jerome Louvel | 7 Nov 2011 09:47
Gravatar

RE: Session, google app and sip

Hi Matthieu!

1+2) Yes, this is the case. The thread pool can be configured and its
parameters vary depending on the HTTP server connector used.

For the internal HTTP connector (inside org.restlet.jar), you can find
details here:
http://wiki.restlet.org/docs_2.1/13-restlet/27-restlet/48-restlet/86-restlet
/184-restlet.html

For Jetty its here:
http://wiki.restlet.org/docs_2.1/13-restlet/28-restlet/78-restlet.html

And so on :)

3) GAE comes with its own HTTP server connector (actually a Servlet engine)
which is leveraged by Restlet, so you application is indeed multithreaded,
but thread creation isn't under your control.

4)  GAE comes with support for XMPP, which might help:
http://code.google.com/intl/fr/appengine/docs/java/xmpp/

Otherwise you can try HTTP polling.

6) SIP was designed based on HTTP but isn't HTTP indeed. It uses its own
URIs but the Restlet routing mechanisms can still be used. Note that
Restlet/SIP support isn't available in GAE as it requires thread and socket
creation...

Best regards,
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jerome Louvel | 7 Nov 2011 09:50
Gravatar

RE: SSL on Google App Engine

Hi Sebastian,

The "org.restlet.clients" parameter is only available to define client
connectors, not server ones. In GAE case, the HTTP/HTTPS server connector
isn't configured at Restlet level but at GAE level. You should explore your
GAE application console for HTTPS configuration options.

Best regards,
Jerome
--
http://www.restlet.org
http://twitter.com/#!/jlouvel

-----Message d'origine-----
De : Sebastian Wenninger [mailto:sebastian.wenninger <at> gmail.com] 
Envoyé : mercredi 2 novembre 2011 11:22
À : discuss <at> restlet.tigris.org
Objet : SSL on Google App Engine

Hi!

I want to secure my Rest-Application on the Google App-Engine by only
allowing calls via HTTPS/SSL.
Because i didn't really know how to do this, i first removed the
HTTP-Connector from the list of available connectors in my web.xml.

<servlet>
	<servlet-name>RestletServlet</servlet-name>
	<servlet-class>org.restlet.ext.servlet.ServerServlet</servlet-class>
	<init-param>
(Continue reading)

Permalink | Reply | 1 comment |
headers
Nitin Arora | 7 Nov 2011 10:01
Picon
Favicon

Re: custom exception message

Hi Sean,

I hope you have made the appropriate changes in the configuration file to
make use of the status service class which you have created.

In your main method you need specify the status service class by calling the
application.setStatusService method and pass the class that you have
created.

Hope this will resolve your issue if you are not doing it already.

Thanks
Nitin

--
View this message in context: http://restlet-discuss.1400322.n2.nabble.com/custom-exception-message-tp6969248p6969639.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2875911
Permalink | Reply | 0 comments |
headers
Sebastian Wenninger | 7 Nov 2011 17:23
Picon

RE: SSL on Google App Engine

Hi Jerome,

thanks you're absolutely right of course.
I added this lines to my web.xml and now it demands a certificate when
accessing the Rest-services:

<security-constraint>
	<web-resource-collection>
		<web-resource-name>HTTPS Rest</web-resource-name>
		<url-pattern>/rest/*</url-pattern>
	</web-resource-collection>
	<user-data-constraint>
		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
	</user-data-constraint>
</security-constraint>

--
View this message in context: http://restlet-discuss.1400322.n2.nabble.com/SSL-on-Google-App-Engine-tp6954679p6970990.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2876043
Permalink | Reply | 0 comments |

Gmane