Restlet Code

Custom AuthenticationHelper

6 messages Options
Embed this post
Permalink
Jean-Philippe Steinmetz

Custom AuthenticationHelper

Reply Threaded More More options
Print post
Permalink
Hello everyone,

Our restlet based web services platform is employing an authentication strategy that is extremely close to Amazon S3. After reading the tutorials and documentation I noticed that restlet actually supports S3 authentication but only in client form. What i'd like to do is extend this implementation for our purposes to support both client and server aspects as well as accommodate slight variations in our protocol. Unfortunately when it comes to the tutorials and documentation on this subject the material feels pretty light.

From what I can tell I need to make a subclass of the HttpAmazonS3Helper class that reimplements certain functions. What i'd like to know is whether I am going down the correct path? Also, if I am reimplementing for example the parseResponse method what do I need to know about the original S3 implementation to minimize the amount of work I need to do? Also, are there other classes I need to modify such as the ChallengeResponse class or Guard classes?

Any guidance or advice you can give on how to actually implement and extend this functionality is greatly appreciated.

Cheers,

Jean-Philippe Steinmetz
Jean-Philippe Steinmetz

Re: Custom AuthenticationHelper

Reply Threaded More More options
Print post
Permalink
Hi again,

Is there really no advice anyone can give me on how to create this custom functionality?

Jean-Philippe

On Wed, Oct 7, 2009 at 4:37 PM, Jean-Philippe Steinmetz <[hidden email]> wrote:
Hello everyone,

Our restlet based web services platform is employing an authentication strategy that is extremely close to Amazon S3. After reading the tutorials and documentation I noticed that restlet actually supports S3 authentication but only in client form. What i'd like to do is extend this implementation for our purposes to support both client and server aspects as well as accommodate slight variations in our protocol. Unfortunately when it comes to the tutorials and documentation on this subject the material feels pretty light.

From what I can tell I need to make a subclass of the HttpAmazonS3Helper class that reimplements certain functions. What i'd like to know is whether I am going down the correct path? Also, if I am reimplementing for example the parseResponse method what do I need to know about the original S3 implementation to minimize the amount of work I need to do? Also, are there other classes I need to modify such as the ChallengeResponse class or Guard classes?

Any guidance or advice you can give on how to actually implement and extend this functionality is greatly appreciated.

Cheers,

Jean-Philippe Steinmetz
jlouvel

RE: Custom AuthenticationHelper

Reply Threaded More More options
Print post
Permalink
Some javascript/style in this post has been disabled (why?)

Hi Jean-Philippe,

 

Here are some advices. First, make sure that you base your work on the latest SVN trunk as I’ve just done some refactoring in this part to help you achieve what you need.

 

You should start with a subclass of HttpAmazonS3Helper that sets the “serverSide” property to true. Then you need to override and implement these methods:

 

    public String formatRequest(ChallengeRequest challenge, Response response,

            Series<Parameter> httpHeaders);

 

    public void parseResponse(ChallengeResponse challenge, Request request,

            Series<Parameter> httpHeaders);

 

You should also check the AuthenticationUtils class has it is responsible for invoking your helper and has some generic parsing logic. In addition, I would suggest looking at the HttpBasicHelper in the same package for a example of client and server side authentication helper.

 

Hope it will help. If you are interested in contributing S3 server-side support, that would also be welcome!

 

Best regards,
Jerome Louvel
--
Restlet ~ Founder and Lead developer ~ http://www.restlet.org
Noelios Technologies ~ Co-founder ~ http://www.noelios.com

 

 

 

 

De : Jean-Philippe Steinmetz [mailto:[hidden email]]
Envoyé : lundi 12 octobre 2009 19:53
À : [hidden email]
Objet : Re: Custom AuthenticationHelper

 

Hi again,

Is there really no advice anyone can give me on how to create this custom functionality?

Jean-Philippe

On Wed, Oct 7, 2009 at 4:37 PM, Jean-Philippe Steinmetz <[hidden email]> wrote:

Hello everyone,

Our restlet based web services platform is employing an authentication strategy that is extremely close to Amazon S3. After reading the tutorials and documentation I noticed that restlet actually supports S3 authentication but only in client form. What i'd like to do is extend this implementation for our purposes to support both client and server aspects as well as accommodate slight variations in our protocol. Unfortunately when it comes to the tutorials and documentation on this subject the material feels pretty light.

From what I can tell I need to make a subclass of the HttpAmazonS3Helper class that reimplements certain functions. What i'd like to know is whether I am going down the correct path? Also, if I am reimplementing for example the parseResponse method what do I need to know about the original S3 implementation to minimize the amount of work I need to do? Also, are there other classes I need to modify such as the ChallengeResponse class or Guard classes?

Any guidance or advice you can give on how to actually implement and extend this functionality is greatly appreciated.

Cheers,

Jean-Philippe Steinmetz

 
Ty-3

RE: Custom AuthenticationHelper

Reply Threaded More More options
Print post
Permalink
I am also interested in implementing a new authenticator.  I am starting by doing something simple so I can understand how all the restlet code fits together.

I have created a new Helper based on the HttpBasicHelper.  This seemed reasonably simple.  I've looked around to find where the helpers get registered and all I can find is the list of internal Helpers in the engine class: registerDefaultAuthentications().  I noticed the discoverAuthenticators() method but I'm not sure what it's doing.

I also looked throuth the OAuth code and it seemed that the only hook into restlet is the OAuthHelper extending AuthenticationHelper; although it does have OAthProvider and OAuthGuard classes, but I didn't notice any code that links them into the restlet processing pipeline.

I must be missing something pretty fundamental here.  Could someone please put me out of my misery.

Here's my setup:
I have my own project in Eclipse.  The restlet library is included in the build path.  I created a new HttpNtlmHelper based on the HttpBasicHelper in org.restlet.ext.ntlm.  I think I need to know how to coerce the Engine.findHelper() method to find my Helper.

note: this isn't the real thing; it's just for me to get an understanding of where all the code fits together.

Thanks,
Ty

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=7458&dsMessageId=2413515
jlouvel

RE: Custom AuthenticationHelper

Reply Threaded More More options
Print post
Permalink
Ty,

The registration happens using a descriptor file in a "META-INF/services/
org.restlet.engine.security.AuthenticatorHelper" file. See the new
"org.restlet.ext.crypto" extension for an example with HTTP DIGEST and more
authentication schemes.

Best regards,
Jerome Louvel
--
Restlet ~ Founder and Lead developer ~ http://www.restlet.org
Noelios Technologies ~ Co-founder ~ http://www.noelios.com




-----Message d'origine-----
De : Ty [mailto:[hidden email]]
Envoyé : dimanche 1 novembre 2009 22:40
À : [hidden email]
Objet : RE: Custom AuthenticationHelper

I am also interested in implementing a new authenticator.  I am starting by
doing something simple so I can understand how all the restlet code fits
together.

I have created a new Helper based on the HttpBasicHelper.  This seemed
reasonably simple.  I've looked around to find where the helpers get
registered and all I can find is the list of internal Helpers in the engine
class: registerDefaultAuthentications().  I noticed the
discoverAuthenticators() method but I'm not sure what it's doing.

I also looked throuth the OAuth code and it seemed that the only hook into
restlet is the OAuthHelper extending AuthenticationHelper; although it does
have OAthProvider and OAuthGuard classes, but I didn't notice any code that
links them into the restlet processing pipeline.

I must be missing something pretty fundamental here.  Could someone please
put me out of my misery.

Here's my setup:
I have my own project in Eclipse.  The restlet library is included in the
build path.  I created a new HttpNtlmHelper based on the HttpBasicHelper in
org.restlet.ext.ntlm.  I think I need to know how to coerce the
Engine.findHelper() method to find my Helper.

note: this isn't the real thing; it's just for me to get an understanding of
where all the code fits together.

Thanks,
Ty

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=7458&dsMessageId=24135
15

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=7458&dsMessageId=2413794
Ty-3

RE: Custom AuthenticationHelper

Reply Threaded More More options
Print post
Permalink
Brilliant!  That's step 1 done.  Now for a coffee break and then step 2...

Thanks.

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=7458&dsMessageId=2413942
Free Embeddable Forum Powered by Nabble Help