Permalink
Browse files

merge from trunk to acl6 branch

  • Loading branch information...
1 parent ef28e65 commit cf7924f42f59354db15495c03cf29452337102aa layer committed Mar 7, 2002
Showing with 483 additions and 180 deletions.
  1. +27 −0 ChangeLog
  2. +19 −3 authorize.cl
  3. +15 −2 cgi.cl
  4. +3 −1 client.cl
  5. +47 −11 doc/aserve.html
  6. +31 −33 doc/tutorial.html
  7. +179 −37 examples/chat.cl
  8. +6 −2 examples/examples.cl
  9. +5 −0 htmlgen/ChangeLog
  10. +7 −5 htmlgen/htmlgen.cl
  11. +14 −2 main.cl
  12. +3 −3 makefile
  13. +3 −2 proxy.cl
  14. +5 −5 publish.cl
  15. +1 −1 readme.txt
  16. +118 −73 test/t-aserve.cl
View
@@ -1,4 +1,8 @@
*******************************************************************************
+Thu Mar 7 08:13:09 PST 2002
+merge from trunk to acl6 branch
+cmd: join.sh trunk trunk_to_acl6_merge7 trunk_to_acl6_merge8 aserve
+*******************************************************************************
Mon Jan 21 13:58:24 PST 2002
merge from trunk to acl6 branch
cmd: join.sh trunk trunk_to_acl6_merge6 trunk_to_acl6_merge7 aserve
@@ -36,6 +40,29 @@ command: ../../join.sh trunk trunk_to_acl61_merge1 trunk_to_acl61_merge2 aserve
merge from trunk to acl61 branch
command: ../../join.sh trunk acl61 trunk_to_acl61_merge1 aserve
*******************************************************************************
+2002-02-28 John Foderaro <jkf@tiger.franz.com>
+1.2.23
+>>> * incompatible change:
+ The path part of a uri can't contain certain characters
+ unless they are escaped like %xx. Even characters that
+ needn't be escaped *can* be escaped. Thus to canonicalize
+ the uri path and to allow it to be easily mapped to filenames
+ we now decode the uri path (convert %xx to the actual character)
+ before processing it (looking for matches in the published
+ entities). If you had published a path like "foo%20bar"
+ then you must change it to "foo bar".
+ * cgi.cl - add default for :script-name arg
+ * various - open socket in nodelay mode to maximize performance
+
+
+
+2002-02-13 John Foderaro <jkf@tiger.franz.com>
+1.2.22
+ * authorize.cl - add new authorizer: function-authorizer
+
+ * cgi.cl - run-cgi-program takes a :env arguemnt to allow
+ additional environment variables to be specified.
+
2002-01-15 John Foderaro <jkf@tiger.franz.com>
1.2.21
* main.cl - fix bug where the value of
View
@@ -23,7 +23,7 @@
;; Suite 330, Boston, MA 02111-1307 USA
;;
-;; $Id: authorize.cl,v 1.4.10.1 2002/01/21 21:58:52 layer Exp $
+;; $Id: authorize.cl,v 1.4.10.2 2002/03/07 16:13:55 layer Exp $
;; Description:
;; classes and functions for authorizing access to entities
@@ -52,7 +52,7 @@
:initform nil)
(realm :accessor password-authorizer-realm
:initarg :realm
- :initform "Allegro iServe")
+ :initform "AllegroServe")
))
@@ -180,7 +180,23 @@
))
-
+;; - function authorization
+
+(defclass function-authorizer (authorizer)
+ ((function :accessor function-authorizer-function
+ :initarg :function
+ :initform nil)))
+
+(defmethod authorize ((auth function-authorizer)
+ (req http-request)
+ (ent entity))
+ (let ((fun (function-authorizer-function auth)))
+ (if* fun
+ then (funcall fun req ent auth))))
+
+
+
+
View
17 cgi.cl
@@ -23,7 +23,7 @@
;; Suite 330, Boston, MA 02111-1307 USA
;;
;;
-;; $Id: cgi.cl,v 1.5.4.2 2002/01/21 21:58:52 layer Exp $
+;; $Id: cgi.cl,v 1.5.4.3 2002/03/07 16:13:55 layer Exp $
;; Description:
;; common gateway interface (running external programs)
@@ -39,11 +39,12 @@
&key
path-info
path-translated
- script-name
+ (script-name (net.uri:uri-path (request-uri req)))
(query-string nil query-string-p)
auth-type
(timeout 200)
error-output
+ env
)
;; program is a string naming a external command to run.
;; invoke the program after setting all of the environment variables
@@ -155,6 +156,18 @@
(string (car head)))))
(cdr head))
envs)))
+
+ (dolist (header env)
+ (if* (not (and (consp header)
+ (stringp (car header))
+ (stringp (cdr header))))
+ then (error "bad form for environment value: ~s" header))
+ (let ((ent (assoc (car header) envs :test #'equal)))
+ (if* ent
+ then ; replace value with user specified value
+ (setf (cdr ent) (cdr header))
+ else ; add new value
+ (push header envs))))
;; now to invoke the program
;; this requires acl6.1 on unix since this is the first version
View
@@ -23,7 +23,7 @@
;; Suite 330, Boston, MA 02111-1307 USA
;;
;;
-;; $Id: client.cl,v 1.21.2.6 2002/01/21 21:58:52 layer Exp $
+;; $Id: client.cl,v 1.21.2.7 2002/03/07 16:13:55 layer Exp $
;; Description:
;; http client code.
@@ -398,13 +398,15 @@ or \"foo.com:8000\", not ~s" proxy))
:remote-port pport
:format :bivalent
:type net.aserve::*socket-stream-type*
+ :nodelay t
)))
else (setq sock
(socket:make-socket :remote-host host
:remote-port port
:format :bivalent
:type
net.aserve::*socket-stream-type*
+ :nodelay t
))
(if* ssl
View
@@ -8,7 +8,7 @@
<body>
<h1 align="center">AllegroServe - A Web Application Server<br>
-<small><small><small>version <font face="Courier New">1.2.21</font></small></small></small></h1>
+<small><small><small>version <font face="Courier New">1.2.23</font></small></small></small></h1>
<p align="left"><strong><small>copyright(c) 2000-2001. Franz Inc</small></strong></p>
@@ -62,6 +62,7 @@ <h2 align="left">Table of Contents</h2>
&nbsp; <a href="#f-set-basic-authorization">set-basic-authorization</a><br>
&nbsp; <a href="#c-password-authorizer">password-authorizer</a><br>
&nbsp; <a href="#c-location-authorizer">location-authorizer</a></font><br>
+&nbsp;&nbsp;&nbsp;&nbsp; <a href="#c-function-authorizer"><font face="Courier New">function-authorizer</font></a><br>
<a href="#cookies">Cookies</a><br>
<font face="Courier New">&nbsp; <a href="#f-set-cookie-header">set-cookie-header</a><br>
&nbsp; <a href="#f-get-cookie-values">get-cookie-values</a></font><br>
@@ -288,9 +289,13 @@ <h2 align="left">In<a name="introduction"></a>troduction</h2>
<ul>
<li>the <strong>path</strong> of the url.&nbsp; This is the part of the url after the host
- name and before the query string (if any).&nbsp; For example in the url&nbsp; <a
- href="http://bar.com:8030/files/foo?xx=3&amp;yy=4">http://bar.com:8030/files/foo?xx=3&amp;yy=4</a>
- the part we call the path&nbsp; is just <strong>/files/foo.</strong></li>
+ name and before the query string (if any).&nbsp; For example in the url&nbsp; <font
+ color="#0080FF"><u><strong>http://bar.com:8030/files/foo?xx=3&amp;yy=4</strong></u></font>
+ the part we call the path&nbsp; is just <strong><font color="#0080FF">/files/foo</font>.<br>
+ If </strong>the path contains escaped characters (e.g. /foo%20bar) then we replace the %xx
+ in the path with the actual character before processing the request.&nbsp; Thus if you're
+ publishing an entity to handle a uri such as <font color="#0080FF"><u><strong>http://www.machine.com/foo%20bar</strong></u></font>
+ you should publish the path <strong>&quot;foo bar&quot;</strong> and <em>not</em> <strong>&quot;foo%20bar&quot;</strong>.</li>
<li>the <strong>host</strong> to which the request is directed.&nbsp;&nbsp; This is not
necessarily the host that is receiving the request due to virtual hosts and proxy
servers.&nbsp; This value comes from the <strong>Host:</strong> header line, if one is
@@ -619,8 +624,11 @@ <h2 align="left">In<a name="introduction"></a>troduction</h2>
to subdirectories<br>
; publish html and cgi files, but not those beginning with a period<br>
(:files :allow (&quot;\\.html$&quot; &quot;\\.cgi$&quot;) :deny (&quot;^\\.&quot;)) <br>
-(:mime :types ((&quot;text/jil&quot; &quot;jil&quot; &quot;jlc&quot;) (&quot;text/c&quot;
-&quot;c&quot; &quot;cc&quot;)))</font></p>
+; specify mime type for non-standard file extensions.&nbsp; Also<br>
+; specify that a file named exactly ChangeLog should be given<br>
+; mime type &quot;text/plain&quot;<br>
+(:mime :types ((&quot;text/jil&quot; &quot;jil&quot; &quot;jlc&quot;)
+(&quot;text/plain&quot; &quot;cl&quot; (&quot;ChangeLog&quot;))))</font></p>
<p>&nbsp;</p>
@@ -1059,7 +1067,7 @@ <h2 align="left">In<a name="introduction"></a>troduction</h2>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
script-name query-string <br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-auth-type timeout error-output)</strong></font></p>
+auth-type timeout error-output env)</strong></font></p>
<p>In response to an http request, this runs <strong>program</strong> which must be a
string naming an exectuable program or script followed optionally by command line
@@ -1074,7 +1082,15 @@ <h2 align="left">In<a name="introduction"></a>troduction</h2>
variable, and similarly for<strong> path-translated, script-name, query-string</strong>
and <strong>auth-type.</strong>&nbsp;&nbsp; If <strong>query-string</strong> is <em>not</em>
given and the <strong>uri</strong> that invoked this request contains a query part then
-that query part is passed in the QUERY_STRING environment variable.</p>
+that query part is passed in the QUERY_STRING environment variable.&nbsp;&nbsp; If <strong>script-name</strong>
+is not given then its value defaults to the path of the uri of the request.&nbsp;&nbsp; If
+you wish to add or modify the environment variables set for the cgi process you can
+specify a value for <strong>env.&nbsp; </strong>The value of <strong>env</strong> should
+be a list of conses, the car of each cons containing the environment variable name (a
+string) and the cdr of each cons containing the environment variable value (a
+string).&nbsp;&nbsp; <strong>env</strong> is checked after all the standard environment
+variables are computed and the value given in <strong>env</strong> will override the value
+computed automatically.</p>
<p>cgi programs send their result to standard output (file descriptor 1 on Unix).&nbsp; If
they encounter problems they often send informative messages to standard error (file
@@ -1468,9 +1484,9 @@ <h2 align="left">In<a name="introduction"></a>troduction</h2>
<p>If an entity has an associated <strong>authorizer</strong> object, then before that
entity's response function is run the authorizer is tested to see if&nbsp; it will accept
-or deny the current request.&nbsp;&nbsp;&nbsp; AllegroServe supplies two interesting
-subclasses of <strong>authorizer</strong> and users are free to add their own subclasses
-to support their own authorization needs.&nbsp;&nbsp; </p>
+or deny the current request.&nbsp;&nbsp;&nbsp; AllegroServe supplies three &nbsp;
+interesting subclasses of <strong>authorizer</strong> and users are free to add their own
+subclasses to support their own authorization needs.&nbsp;&nbsp; </p>
<p>The protocol followed during authorization is this:
@@ -1618,6 +1634,26 @@ <h2 align="left">In<a name="introduction"></a>troduction</h2>
</pre>
+<p><strong><a name="c-function-authorizer"></a>function-authorizer </strong>&nbsp; [class]</p>
+
+<p>This authorizer contains a function provided by the user which is used to test if the
+request is authorized.&nbsp;&nbsp; The function take three arguments, the http-request
+object, the entity and the authorizer object.&nbsp;&nbsp; It must return one of the four
+value that the <strong>authorize</strong> function returns, namely <strong>t, nil :deny</strong>
+or <strong>:done.</strong></p>
+
+<p>A function-authorizer is created as follows</p>
+
+<pre>(make-instance 'function-authorizer
+ :function #'(lambda (req ent auth)
+ t ; always authorize
+ ))</pre>
+
+<p>The function slot can be set using (setf function-authorizer-function) if you wish to
+change it after the authorizer has been created.</p>
+
+<p>&nbsp;</p>
+
<h2><a name="cookies"></a>Cookies</h2>
<p>Cookies are name value pairs that a web server can direct a web browser to save and
View
@@ -62,17 +62,17 @@ <h1 align="center">AllegroServe Tutorial</h1>
<p>Now the web server is up and running.&nbsp;&nbsp; Let's assume that we're running
AllegroServe on a machine named <strong>test.franz.com</strong>.&nbsp; If you now go to a
-web browser and ask for <a href="http://test.franz.com">http://test.franz.com</a>&nbsp;
+web browser and ask for <font color="#0080FF"><u><strong>http://test.franz.com</strong></u></font>&nbsp;
you will contact this AllegroServe server and it will respond that whatever you asked for
-wasn't found on the server (since we haven't published any pages).&nbsp; You can also try <a
-href="http://test">http://test</a> and get the same result (although the response message
-will be slightly different).&nbsp; If you are running the web browser on test.franz.com as
-well you can ask for <a href="http://localhost">http://localhost</a> and get a similar
-&quot;not found&quot; response.&nbsp;&nbsp;&nbsp; This demonstrates that web servers are
-known by many names.&nbsp; If you choose to take advantage of that (creating what are
-known as <strong>Virtual Hosts</strong>) then AllegroServe will support you .&nbsp;
-However if you want to create web pages that are served by whatever name can be used to
-reach the server, then AllegroServe will allow you to do that as well.</p>
+wasn't found on the server (since we haven't published any pages).&nbsp; You can also try <font
+color="#0080FF"><u><strong>http://test</strong></u></font> and get the same result
+(although the response message will be slightly different).&nbsp; If you are running the
+web browser on test.franz.com as well you can ask for <font color="#0080FF"><u><strong>http://localhost</strong></u></font>
+and get a similar &quot;not found&quot; response.&nbsp;&nbsp;&nbsp; This demonstrates that
+web servers are known by many names.&nbsp; If you choose to take advantage of that
+(creating what are known as <strong>Virtual Hosts</strong>) then AllegroServe will support
+you .&nbsp; However if you want to create web pages that are served by whatever name can
+be used to reach the server, then AllegroServe will allow you to do that as well.</p>
<p>Type <strong>:proc</strong> to Lisp and look at which Lisp lightweight processes are
running:</p>
@@ -108,22 +108,21 @@ <h1 align="center">AllegroServe Tutorial</h1>
#&lt;net.aserve::file-entity @ #x2076e0c2&gt;
tutorial(31):</pre>
-<p>If you are running on Windows then the file will have a name like
-c:\tmp\sample.txt&nbsp;&nbsp; When this file name is
-written in a Lisp string it would be &quot;c:\\tmp\\sample.txt&quot;
-due to the special nature of the backslash character.</p>
+<p>If you are running on Windows then the file will have a name like
+c:\tmp\sample.txt&nbsp;&nbsp; When this file name is written in a Lisp string it would be
+&quot;c:\\tmp\\sample.txt&quot; due to the special nature of the backslash character.</p>
-<p>Now if we ask a web browser for <a href="http://test.franz.com/foo">http://test.franz.com:8000/foo</a>
+<p>Now if we ask a web browser for <font color="#0080FF"><u><strong>http://test.franz.com:8000/foo</strong></u></font>
we'll see the contents of the file in the web browser.&nbsp; Since we didn't specify a
content-type in the call to <strong>publish-file</strong> the content-type will be
determined by the &quot;<strong>txt</strong>&quot; file type, which is associated with the
&quot;<strong>text/plain</strong>&quot; content-type.</p>
<p>Because we didn't specify a <strong>:host</strong> argument to <strong>publish-file </strong>AllegroServe
will return this page to any browser regardless of the host name used to name the machine.
-&nbsp; So AllegroServe will respond to requests for <a href="http://test.franz.com/foo">http://test.franz.com:8000/foo</a>
-and <a href="http://test/foo">http://test:8000/foo</a> and <a href="http://localhost/foo">http://localhost:8000/foo</a>.
-&nbsp;&nbsp; </p>
+&nbsp; So AllegroServe will respond to requests for <font color="#0080FF"><u><strong>http://test.franz.com:8000/foo</strong></u></font>
+and <font color="#0080FF"><u><strong>http://test:8000/foo</strong></u></font> and <font
+color="#0080FF"><u><strong>http://localhost:8000/foo</strong></u></font>. &nbsp;&nbsp; </p>
<p>If we do </p>
@@ -132,21 +131,21 @@ <h1 align="center">AllegroServe Tutorial</h1>
#&lt;net.aserve::file-entity @ #x2076e0c2&gt;
tutorial(31):</pre>
-<p>Then AllegroServe will only respond to requests for <a href="http://test.franz.com/foo">http://test.franz.com:8000/foo</a>.
+<p>Then AllegroServe will only respond to requests for <font color="#0080FF"><u><strong>http://test.franz.com:8000/foo</strong></u></font>.
&nbsp; If we do</p>
<pre>tutorial(30): (publish-file :path &quot;/foo&quot; :file &quot;/tmp/sample.txt&quot;
:host (&quot;test&quot; &quot;test.franz.com&quot;))
#&lt;net.aserve::file-entity @ #x2076e0c2&gt;
tutorial(31):</pre>
-<p>Then AllegroServe will only respond to <a href="http://test.franz.com/foo">http://test.franz.com:8000/foo</a>
-and <a href="http://test/foo">http://test:8000/foo</a>.&nbsp;&nbsp;&nbsp; This type of
-restriction is useful if you want to create the illusion that a single machine is really a
-set of machines, each with its own set of web pages.&nbsp;&nbsp; Suppose that the machine <strong>test.franz.com</strong>
-also had the name <strong>sales.franz.com</strong>.&nbsp; You could publish two different
-ways to respond to the &quot;<strong>/foo</strong>&quot; url, depending on the host name
-specified in the request</p>
+<p>Then AllegroServe will only respond to <font color="#0080FF"><u><strong>http://test.franz.com:8000/foo
+</strong></u></font>and <font color="#0080FF"><u><strong>http://test:8000/foo</strong></u></font>.&nbsp;&nbsp;&nbsp;
+This type of restriction is useful if you want to create the illusion that a single
+machine is really a set of machines, each with its own set of web pages.&nbsp;&nbsp;
+Suppose that the machine <strong>test.franz.com</strong> also had the name <strong>sales.franz.com</strong>.&nbsp;
+You could publish two different ways to respond to the &quot;<strong>/foo</strong>&quot;
+url, depending on the host name specified in the request</p>
<pre>tutorial(30): (publish-file :path &quot;/foo&quot; :file &quot;/tmp/<strong>test</strong>-sample.txt&quot;
:host &quot;<strong>test</strong>.franz.com&quot;)
@@ -155,9 +154,9 @@ <h1 align="center">AllegroServe Tutorial</h1>
:host &quot;<strong>sales</strong>.franz.com&quot;)
#&lt;net.aserve::file-entity @ #x2076e324&gt;</pre>
-<p>Now you will get different results if you ask for&nbsp; <a
-href="http://test.franz.com/foo">http://test.franz.com:8000/foo</a> and <a
-href="http://sales.franz.com/foo">http://sales.franz.com:8000/foo</a>. </p>
+<p>Now you will get different results if you ask for&nbsp;<font color="#0080FF"><u><strong>
+http://test.franz.com:8000/foo</strong></u></font> and <font color="#0080FF"><u><strong>http://sales.franz.com:8000/foo</strong></u></font>.
+</p>
<h1>Publishing a computed page</h1>
@@ -301,7 +300,7 @@ <h1 align="center">AllegroServe Tutorial</h1>
<h2>form data in a query string</h2>
-<p>In a url like <a href="http://www.machine.com/foo/bar?name=joe&amp;age=34">http://www.machine.com/foo/bar?name=gen&amp;age=28</a>
+<p>In a url like <font color="#0080FF"><u><strong>http://www.machine.com/foo/bar?name=gen&amp;age=28</strong></u></font>
the characters after the question mark are the <strong>query-string</strong>. &nbsp;&nbsp;
The query string is <strong>not</strong> used by AllegroServe to determine the entity to
handle the request.&nbsp; When the entity begins processing the request it can ask for the
@@ -542,9 +541,8 @@ <h1 align="center">AllegroServe Tutorial</h1>
</pre>
<p>To see how this example works differently depending on whether the access is through
-the loopback network or the regular network, try accessing it via <a
-href="http://localhost:8000/local-secret">http://localhost:8000/local-secret</a> and <a
-href="http://test.franz.com:8000/local-secret">http://test.franz.com:8000/local-secret</a>
+the loopback network or the regular network, try accessing it via <font color="#0080FF"><u><strong>http://localhost:8000/local-secret</strong></u></font>
+and <font color="#0080FF"><u><strong>http://test.franz.com:8000/local-secret</strong></u></font>
&nbsp; (where we are assuming that you are running on <strong>test-franz.com</strong>). </p>
<h1>Multiple servers</h1>
Oops, something went wrong.

0 comments on commit cf7924f

Please sign in to comment.