Jersey security + UriResolver

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Jersey security + UriResolver

Patrick Julien
Not sure where to post this since this involves some code automatically generated by NetBeans.  I have created some rest services using the wizard and some entity classes.

The problem I am having is that the generated UriResolver makes a new http connection to resolve any references that are made in a post.   If it so happens those services are protected by the container, this is a new http connection and so will get rejected by the container.

There are at least 2 bugs here:

1. UriResolver has no idea how to forward any security tokens made by the original requester
2. The real http status code is thrown away in favor of a generic not found error (404) message.  In this case, the error was a 401 (auth denied).

--
http://www.spectrumdt.com
http://codepimps.org
Reply | Threaded
Open this post in threaded view
|

Re: Jersey security + UriResolver

Paul Sandoz
Administrator
Hi Patrick,

This is a good place to post, the NetBeans guys responsible for
developing of the generated code are listening in and will hopefully
reply to you soon.

Paul.

Patrick Julien wrote:

> Not sure where to post this since this involves some code automatically
> generated by NetBeans.  I have created some rest services using the
> wizard and some entity classes.
>
> The problem I am having is that the generated UriResolver makes a new
> http connection to resolve any references that are made in a post.   If
> it so happens those services are protected by the container, this is a
> new http connection and so will get rejected by the container.
>
> There are at least 2 bugs here:
>
> 1. UriResolver has no idea how to forward any security tokens made by
> the original requester
> 2. The real http status code is thrown away in favor of a generic not
> found error (404) message.  In this case, the error was a 401 (auth denied).
>
> --
> http://www.spectrumdt.com
> http://codepimps.org

--
| ? + ? = To question
----------------\
    Paul Sandoz
         x38109
+33-4-76188109

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Jersey security + UriResolver

Patrick Julien-2
Any idea where I log bugs for this instead?  Doesn't seem likely I will get a response here.

On Thu, Jul 24, 2008 at 5:00 AM, Paul Sandoz <[hidden email]> wrote:
Hi Patrick,

This is a good place to post, the NetBeans guys responsible for developing of the generated code are listening in and will hopefully reply to you soon.

Paul.


Patrick Julien wrote:
Not sure where to post this since this involves some code automatically generated by NetBeans.  I have created some rest services using the wizard and some entity classes.

The problem I am having is that the generated UriResolver makes a new http connection to resolve any references that are made in a post.   If it so happens those services are protected by the container, this is a new http connection and so will get rejected by the container.

There are at least 2 bugs here:

1. UriResolver has no idea how to forward any security tokens made by the original requester
2. The real http status code is thrown away in favor of a generic not found error (404) message.  In this case, the error was a 401 (auth denied).

--
http://www.spectrumdt.com
http://codepimps.org

--
| ? + ? = To question
----------------\
  Paul Sandoz
       x38109
+33-4-76188109

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]




--
http://www.spectrumdt.com
http://codepimps.org
Reply | Threaded
Open this post in threaded view
|

Re: Jersey security + UriResolver

Paul Sandoz
Administrator
Patrick Julien wrote:
> Any idea where I log bugs for this instead?  

See here:

http://www.netbeans.org/community/issues.html

I do not know the exact category to log it under.

See also the email list:

[hidden email]
http://www.netbeans.org/servlets/SummarizeList?listName=nbj2ee

where you can ask questions about the RESTful Web services plugin.

Paul.

> Doesn't seem likely I will
> get a response here.
>
> On Thu, Jul 24, 2008 at 5:00 AM, Paul Sandoz <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Hi Patrick,
>
>     This is a good place to post, the NetBeans guys responsible for
>     developing of the generated code are listening in and will hopefully
>     reply to you soon.
>
>     Paul.
>
>
>     Patrick Julien wrote:
>
>         Not sure where to post this since this involves some code
>         automatically generated by NetBeans.  I have created some rest
>         services using the wizard and some entity classes.
>
>         The problem I am having is that the generated UriResolver makes
>         a new http connection to resolve any references that are made in
>         a post.   If it so happens those services are protected by the
>         container, this is a new http connection and so will get
>         rejected by the container.
>
>         There are at least 2 bugs here:
>
>         1. UriResolver has no idea how to forward any security tokens
>         made by the original requester
>         2. The real http status code is thrown away in favor of a
>         generic not found error (404) message.  In this case, the error
>         was a 401 (auth denied).
>
>         --
>         http://www.spectrumdt.com
>         http://codepimps.org
>
>
>     --
>     | ? + ? = To question
>     ----------------\
>       Paul Sandoz
>            x38109
>     +33-4-76188109
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: [hidden email]
>     <mailto:[hidden email]>
>     For additional commands, e-mail: [hidden email]
>     <mailto:[hidden email]>
>
>
>
>
> --
> http://www.spectrumdt.com
> http://codepimps.org

--
| ? + ? = To question
----------------\
    Paul Sandoz
         x38109
+33-4-76188109

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Jersey security + UriResolver

Peter Liu-2
In reply to this post by Paul Sandoz
Hi Patrick,

For NB 6.5, we have enhanced the generated code to not use the
UriResolver if the input document contains the id that can be used
internally to look up
the reference instead of issuing a http request.

Peter


Paul Sandoz wrote:

> Hi Patrick,
>
> This is a good place to post, the NetBeans guys responsible for
> developing of the generated code are listening in and will hopefully
> reply to you soon.
>
> Paul.
>
> Patrick Julien wrote:
>> Not sure where to post this since this involves some code
>> automatically generated by NetBeans.  I have created some rest
>> services using the wizard and some entity classes.
>>
>> The problem I am having is that the generated UriResolver makes a new
>> http connection to resolve any references that are made in a post.  
>> If it so happens those services are protected by the container, this
>> is a new http connection and so will get rejected by the container.
>>
>> There are at least 2 bugs here:
>>
>> 1. UriResolver has no idea how to forward any security tokens made by
>> the original requester
>> 2. The real http status code is thrown away in favor of a generic not
>> found error (404) message.  In this case, the error was a 401 (auth
>> denied).
>>
>> --
>> http://www.spectrumdt.com
>> http://codepimps.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Jersey security + UriResolver

Peter Liu-2
In reply to this post by Paul Sandoz
Sorry, I didn't see the message until now. I just responded to it.

Peter

Paul Sandoz wrote:

> Patrick Julien wrote:
>> Any idea where I log bugs for this instead?  
>
> See here:
>
> http://www.netbeans.org/community/issues.html
>
> I do not know the exact category to log it under.
>
> See also the email list:
>
> [hidden email]
> http://www.netbeans.org/servlets/SummarizeList?listName=nbj2ee
>
> where you can ask questions about the RESTful Web services plugin.
>
> Paul.
>
>> Doesn't seem likely I will get a response here.
>>
>> On Thu, Jul 24, 2008 at 5:00 AM, Paul Sandoz <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>
>>     Hi Patrick,
>>
>>     This is a good place to post, the NetBeans guys responsible for
>>     developing of the generated code are listening in and will hopefully
>>     reply to you soon.
>>
>>     Paul.
>>
>>
>>     Patrick Julien wrote:
>>
>>         Not sure where to post this since this involves some code
>>         automatically generated by NetBeans.  I have created some rest
>>         services using the wizard and some entity classes.
>>
>>         The problem I am having is that the generated UriResolver makes
>>         a new http connection to resolve any references that are made in
>>         a post.   If it so happens those services are protected by the
>>         container, this is a new http connection and so will get
>>         rejected by the container.
>>
>>         There are at least 2 bugs here:
>>
>>         1. UriResolver has no idea how to forward any security tokens
>>         made by the original requester
>>         2. The real http status code is thrown away in favor of a
>>         generic not found error (404) message.  In this case, the error
>>         was a 401 (auth denied).
>>
>>         --         http://www.spectrumdt.com
>>         http://codepimps.org
>>
>>
>>     --     | ? + ? = To question
>>     ----------------\
>>       Paul Sandoz
>>            x38109
>>     +33-4-76188109
>>
>>    
>> ---------------------------------------------------------------------
>>     To unsubscribe, e-mail: [hidden email]
>>     <mailto:[hidden email]>
>>     For additional commands, e-mail: [hidden email]
>>     <mailto:[hidden email]>
>>
>>
>>
>>
>> --
>> http://www.spectrumdt.com
>> http://codepimps.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Jersey security + UriResolver

Patrick Julien-2
In reply to this post by Peter Liu-2
any solution in the interim?  I'm using the EntityManager directly right now to work around this?

Is this in 6.5M1?

On Fri, Jul 25, 2008 at 4:16 PM, Peter Liu <[hidden email]> wrote:
Hi Patrick,

For NB 6.5, we have enhanced the generated code to not use the UriResolver if the input document contains the id that can be used internally to look up
the reference instead of issuing a http request.

Peter



Paul Sandoz wrote:
Hi Patrick,

This is a good place to post, the NetBeans guys responsible for developing of the generated code are listening in and will hopefully reply to you soon.

Paul.

Patrick Julien wrote:
Not sure where to post this since this involves some code automatically generated by NetBeans.  I have created some rest services using the wizard and some entity classes.

The problem I am having is that the generated UriResolver makes a new http connection to resolve any references that are made in a post.   If it so happens those services are protected by the container, this is a new http connection and so will get rejected by the container.

There are at least 2 bugs here:

1. UriResolver has no idea how to forward any security tokens made by the original requester
2. The real http status code is thrown away in favor of a generic not found error (404) message.  In this case, the error was a 401 (auth denied).

--
http://www.spectrumdt.com
http://codepimps.org



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]




--
http://www.spectrumdt.com
http://codepimps.org