/usr/share/doc/libaws-doc/html/_sources/using_aws.txt is in libaws-doc 3.3.2-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 | .. _Using_AWS:
*********
Using AWS
*********
.. _Setting_up_environment:
Setting up environment
======================
.. _Using_environment_variables:
Using environment variables
---------------------------
After installing `AWS` you must set the build environment to
point the compiler to the right libraries. First let's say that
`AWS` has been installed in :file:`awsroot` directory.
Following are the instructions to set the environment yourself. Note
that the preferred solution is to use project files. In this case there
is no manual configuration.
*spec files*
The spec files are installed in :file:`<awsroot>/include/aws`. Add this
path into `ADA_INCLUDE_PATH` or put it on the command line
`-aI<awsroot>/include/aws`.
*libraries*
The GNAT library files (:file:`.ali`) and the `AWS` libraries
(:file:`libaws.a`) are installed into :file:`<awsroot>/lib/aws`. Add
this path into `ADA_OBJECTS_PATH` or put it on the command line
`-aO<awsroot>/lib/aws/static`. Furthermore for `gnatlink` to find the
libraries you must add the following library path option on the
`gnatmake` command line `-largs -L<awsroot>/lib/aws -laws`.
Note that to build SSL applications you need to add `-lssl -lcrypto` on
gnatmake's `-largs` section.
*external libraries*
You must do the same thing (setting `ADA_INCLUDE_PATH` and
`ADA_OBJECTS_PATH`) for all external libraries that you will
be using.
.. _Using_GNAT_Project_Files:
Using GNAT Project Files
------------------------
.. highlight:: ada
The best solution is to use the installed GNAT Project File
:file:`aws.gpr`. This is supported only for `GNAT 5.01` or
above. You must have installed `XML/Ada` with project file
support too.
If this is the case just set the `ADA_PROJECT_PATH` variable to
point to the `AWS` and `XML/Ada` install directories. From
there you just have to with the `AWS` project file in your GNAT
Project file, nothing else to set::
with "aws";
project Simple is
for Main use ("prog.adb");
for Source_Dirs use ("src");
for Object_Dir use "obj";
end Simple;
See the *GNAT User's Guide* for more information about GNAT Project Files.
.. _Basic_notions:
Basic notions
=============
`AWS` is not a Web Server like *IIS* or *Apache*, it is a component
to embedded HTTP protocol in an application. It means that it is possible
to build an application which can also answer to a standard browser like
*Internet Explorer* or *Netscape Navigator*. Since `AWS` provides
support client and server HTTP protocol, applications can communicate
through the HTTP channel. This give a way to build distributed
applications, see :ref:`AWS.Client`.
An application using `AWS` can open many `HTTP` channels. Each
channel will use a specific port. For example, it is possible to
embedded many `HTTP` and/or many `HTTPS` channels in the
same application.
.. _Building_an_AWS_server:
Building an AWS server
----------------------
To build a server you must:
* declare the HTTP Web Server::
WS : AWS.Server.HTTP;
.. index:: HTTP declaration
* Start the server
You need to start the server before using it. This is done by calling
`AWS.Server.Start` (see :ref:`AWS.Server`)::
procedure Start
(Web_Server : in out HTTP;
Name : in String;
Callback : in Response.Callback;
Max_Connection : in Positive := Def_Max_Connect;
Admin_URI : in String := Def_Admin_URI;
Port : in Positive := Def_Port;
Security : in Boolean := False;
Session : in Boolean := False;
Case_Sensitive_Parameters : in Boolean := True;
Upload_Directory : in String := Def_Upload_Dir);
-- Start the Web server. It initialize the Max_Connection connections
-- lines. Name is just a string used to identify the server. This is used
-- for example in the administrative page. Admin_URI must be set to enable
-- the administrative status page. Callback is the procedure to call for
-- each resource requested. Port is the Web server port. If Security is
-- set to True the server will use an HTTPS/SSL connection. If Session is
-- set to True the server will be able to get a status for each client
-- connected. A session ID is used for that, on the client side it is a
-- cookie. Case_Sensitive_Parameters if set to False it means that the CGI
-- parameters name will be handled without case sensitivity. Upload
-- directory point to a directory where uploaded files will be stored.
.. index:: starting server
The procedure `Start` takes many parameters:
**Web_Server**
.. index:: Web_Server
this is the Web server to start.
**Name**
This is a string to identify the server. This name will be used for
example in the administrative status page.
**Callback**
.. index:: Callback
This is the procedure to call for each requested resources. In this
procedure you must handle all the possible URI that you want to support.
(see below).
**Max_Connection**
.. index:: Max_Connection
This is the maximum number of simultaneous connections. It means that
Max_Connection client's browsers can gets answer at the same
time. This parameter must be changed to match your needs. A medium Web
server will certainly need something like 20 or 30 simultaneous
connections.
**Admin_URI**
.. index:: Admin_URI
This is a special URI recognized internally by the server. If this URI
is requested the server will return the administrative page. This page
is built using a specific template page (default is
'|STATUS_PAGE|'), see :ref:`Status_page`.
The administrative page returns many information about the server. It is
possible to configure the server via two configuration files
see :ref:`Configuration_options`.
**Port**
.. index:: Port
This is the port to use for the Web server. You can use any free port on
your computer. Note that on some OS specific range could be reserved
or needs specials privileges (port 80 on Linux for example).
**Security**
.. index:: Security
If Security is set to True the server will use an HTTPS/SSL
connection. This part uses the `OpenSSL` or `GNUTLS` library.
**Session**
.. index:: Session
If Session is set to true the server will keep a session ID for each
client. The client will be able to save and get variables associated
with this session ID.
**Case_Sensitive_Parameters**
.. index:: Case_Sensitive_Parameters
If set to True the CGI name parameters will be handled without using the
case.
Note that there is other `Start` routines which support other features.
For example there is a `Start` routine which use a dispatcher routine
instead of the simple callback procedure, see :ref:`AWS.Server`. And
there is also the version using a `Config.Object` which is the most
generic one.
* provides a callback procedure
The callback procedure has the following prototype::
function Service (Request : in AWS.Status.Data) return AWS.Response.Data;
This procedure receive the request status. It is possible to retrieve
information about the request through the `AWS.Status` API
(see :ref:`AWS.Status`.).
For example, to know what URI has been asked::
URI : constant String := AWS.Status.URI (Request);
if URI = "/whatever" then
...
end if;
Then this function should return an answer using one of the constructors
in `AWS.Response` (see :ref:`AWS.Response`.). For example, to return an
`HTML` message::
AWS.Response.Build (Content_Type => "text/html",
Message_Body => "<p>just a demo");
It is also possible to return a file. For example, here is the way to
return a PNG image::
AWS.Response.File (Content_Type => "image/png",
Filename => "adains.png");
Note that the main procedure should exit only when the server is terminated.
For this you can use the `AWS.Server.Wait` service.
A better solution is to use a template engine like Templates_Parser to
build the `HTML` Web Server answer. Templates_Parser module is
distributed with this version of AWS.
.. _Callback_procedure:
Callback procedure
------------------
.. index:: Callback
.. index:: Callback procedure
The callback procedure is the user's code that will be called by the AWS
component to get the right answer for the requested resource. In fact
AWS just open the HTTP message, parsing the HTTP header and it builds
an object of type `AWS.Status.Data`. At this point it calls the
user's callback procedure, passing the object. The callback procedure
must returns the right response for the requested resources. Now AWS
will just build up the HTTP response message and send it back to
user's browser.
**But what is the resource ?**
.. index:: resources
Indeed in a standard Web development a resource is either a static
object - an `HTML` page, an `XML` or `XSL` document -
or a `CGI` script. With `AWS` a resource is *just a string* to identify the
resource, it does not represent the name of a static object or `CGI` script.
So this string is just an internal representation for the
resource. The callback procedure must be implemented to handle each
internal resource and return the right response.
.. index:: Hello world
Let's have a small example. For example we want to build a Web server
that will answer 'Hello World' if we ask for the internal resource
**/hello**, and must answer 'Hum...' otherwise::
with AWS.Response;
with AWS.Server;
with AWS.Status;
procedure Hello_World is
WS : AWS.Server.HTTP;
function HW_CB (Request : in AWS.Status.Data)
return AWS.Response.Data
is
URI : constant String := AWS.Status.URI (Request);
begin
if URI = "/hello" then
return AWS.Response.Build ("text/html", "<p>Hello world !");
else
return AWS.Response.Build ("text/html", "<p>Hum...");
end if;
end HW_CB;
begin
AWS.Server.Start
(WS, "Hello World", Callback => HW_CB'Unrestricted_Access);
delay 30.0;
end Hello_World;
Now of course the resource internal name can represent a file on
disk. It is not mandatory but it is possible. For example it is
perfectly possible to build with `AWS` a simple page server.
.. index:: Page server
.. index:: Simple server
As an example, let's build a simple page server. This server will
returns files in the current directory. Resources internal name
represent an `HTML` page or a `GIF` or `PNG` image for
example. This server will return a 404 message (Web Page Not Found) if
the file does not exist. Here is the callback procedure that implements
such simple page server::
function Get (Request : in AWS.Status.Data) return AWS.Response.Data is
URI : constant String := AWS.Status.URI (Request);
Filename : constant String := URI (2 .. URI'Last);
begin
if Utils.Is_Regular_File (Filename) then
return AWS.Response.File
(Content_Type => AWS.MIME.Content_Type (Filename),
Filename => Filename);
else
return AWS.Response.Acknowledge
(Messages.S404,
"<p>Page '" & URI & "' Not found.");
end if;
end Get;
.. _Form_parameters:
Form parameters
---------------
.. index:: Form parameters
.. index:: Parameters
.. highlight:: xml
Form parameters are stored into a table of key/value pair. The key is the form
input tag name and the value is the content of the input field as filled by
the user::
Enter your name
<FORM METHOD=GET ACTION=/get-form>"
<INPUT TYPE=TEXT NAME=name VALUE="<default>" size=15>
<INPUT TYPE=SUBMIT NAME=go VALUE="Ok">
</FORM>
Note that as explained above :ref:`Callback_procedure`, the resource
described in `ACTION` is just an internal string representation
for the resource.
In this example there is two form parameters:
*name*
The value is the content of this text field as filled by the client.
*go*
The value is "Ok".
.. highlight:: ada
There is many functions (in `AWS.Parameters`) to retrieve the tag name
or value and the number of parameters. Here are some examples::
function Service (Request : in AWS.Status.Data) return AWS.Response.Data is
P : constant AWS.Parameters.List := AWS.Status.Parameters (Request);
...
*AWS.Parameters.Get (P, "name")*
.. index:: Parameters Get
Returns the value for parameter named **name**
*AWS.Parameters.Get_Name (P, 1)*
.. index:: Parameters Get_Name
Returns the string "name".
*AWS.Parameters.Get (P, 1)*
Returns the value for parameter named **name**
*AWS.Parameters.Get (P, "go")*
Returns the string "Ok".
*AWS.Parameters.Get_Name (P, 2)*
Returns the string "go".
*AWS.Parameters.Get (P, 2)*
Returns the string "Ok".
`Request` is the `AWS` current connection status passed to the
callback procedure. And `P` is the parameters list retrieved from the
connection status data. For a discussion about the callback procedure
see :ref:`Building_an_AWS_server`.
.. _Distribution_of_an_AWS_server:
Distribution of an AWS server
-----------------------------
.. index:: Distributing
The directory containing the server program must contain the following
files if you plan to use a status page see :ref:`Status_page`.
|STATUS_PAGE|
The template `HTML` file for the `AWS` status page.
|LOGO_IMAGE|
The `AWS` logo displayed on the status page.
|UP_IMAGE|
The `AWS` hotplug table up arrow.
|DOWN_IMAGE|
The `AWS` hotplug table down arrow.
Note that these filenames are the current `AWS` default. But it is
possible to change those defaults using the configuration files
see :ref:`Configuration_options`.
.. _Building_answers:
Building answers
================
We have already seen, in simple examples, how to build basic answers using
`AWS.Response` API. In this section we present all ways to build
answers from basic support to the more advanced support like the
compressed memory stream response.
.. _Redirection:
Redirection
-----------
A redirection is a way to redirect the client's browser to another
URL. Client's won't notice that a redirection has occurs. As soon as
the browser has received the response from the server it will retrieve
the page as pointed by the redirection::
return Response.URL (Location => "/use-this-one");
.. _New_location_for_a_page:
New location for a page
-----------------------
User will receive a Web page saying that this page has moved and
eventually pointing to the new location::
return Response.Moved
(Location => "/use-this-one";
Message => "This page has moved, please update your reference");
.. _Authentication_required:
Authentication required
-----------------------
For protected pages you need to ask user to enter a password.
See :ref:`Authentication`.
.. _Sending_back_an_error_message:
Sending back an error message
-----------------------------
`Acknowledge` can be used to send back error messages. There is
many kind of status code, see `Message.Status_Code`
definition. Together with the status code it is possible to pass
textual error message in `Message_Body` parameter::
return Response.Acknowledge
(Status_Code => Messages.S503,
Message_Body => "Can't connect to the database, please retry later.",
Content_Type => MIME.Text_Plain);
.. _Response_from_a_string:
Response from a string
----------------------
This is the simplest way to build a response object. There is two
constructors in `AWS.Response`, one based on a standard string
and one for Unbounded_String::
return Response.Build (MIME.Text_HTML, "My answer");
The Build routine takes also a status code parameter to handle
errors. By default this code is `Messages.S200` which is the
standard HTTP status (no error encountered). The other parameter can
be used to control caches. See :ref:`AWS.Response`.
.. _Response_from_a_Stream_Element_Array:
Response from a Stream_Element_Array
------------------------------------
This is exactly as above but the Build routine takes a
`Stream_Element_Array` instead of a string.
.. _Response_from_a_file:
Response from a file
--------------------
To build a `File` response there is a single constructor named
`File`. This routine is very similar to the one above except that
we specify a filename as the response::
return Response.File (MIME.Text_HTML, "index.html");
Again there parameters to control the status code and cache. No check
on the filename is done at this point, so if :file:`index.html` does
not exit no exception is raised. The server is responsible to check
for the file and to properly send back the 404 message if necessary.
Note that this routine takes an optional parameter named `Once`
that is to be used for temporary files created on the server side for
the client. With `Once` set to `True` the file will be
deleted by the server after sending it (this includes the case where
the download is suspended).
.. _Response_from_a_stream:
Response from a stream
----------------------
Sometimes it is not possible (or convenient) to build the response in
memory as a string object for example. Streams can be used to
workaround this. The constructor for such response is again very
similar to the ones above except that instead of the data we pass an
handle to a `Resources.Streams.Stream_Type` object.
The first step is to build the stream object. This is done by deriving
a new type from `Resources.Streams.Stream_Type` and implementing
three abstract procedures.
*Read*
Must return the next chunk of data from the stream. Note that
initialization if needed are to be done there during the first call to
read.
*End_Of_File*
Must return True when there is no more data on the stream.
*Close*
Must close the stream and for example release all memory used by the
implementation.
The second step is to build the response object::
type SQL_Stream is new Resources.Streams.Stream_Type;
Stream_Object : SQL_Stream;
procedure Read (...) is ...
function End_Of_File (...) return Boolean is ...
procedure Close (...) is
...
return Response.Stream (MIME.Text_HTML, Stream_Object);
Note that in some cases it is needed to create a file containing the
data for the client (for example a tar.gz or a zip archive). But there
is no way to properly remove this file from the file system as we
really don't know when the upload is terminated when using the
`AWS.Response.File` constructor. To solve this problem it is
possible to use a stream as the procedure `Close` is called by
the server when all data have been read. In this procedure it is
trivial to do the necessary clean-up.
.. _Response_from_a_on-disk_stream:
Response from a on-disk stream
------------------------------
An ready-to-use implementation of the stream API described above where
the stream content is read from an on-disk file.
.. _Response_from_a_on-disk_once_stream:
Response from a on-disk once stream
-----------------------------------
An ready-to-use implementation of the stream API described above where
the stream content is read from an on-disk file. When the transfer is
completed the file is removed from the file system.
.. _Response_from_a_memory_stream:
Response from a memory stream
-----------------------------
This is an implementation of the standard stream support described
above. In this case the stream is in memory and built by adding data
to it.
To create a memory stream just declare an object of type
`AWS.Resources.Streams.Memory.Stream_Type`. When created, this
memory stream is empty, using the `Streams.Memory.Append`
routines it is possible to add chunk of data to it. It is of course
possible to call `Append` as many times as needed. When done just
return this object to the server::
Data : AWS.Resources.Streams.Memory.Stream_Type;
Append (Data, Translator.To_Stream_Element_Array ("First chunk"));
Append (Data, Translator.To_Stream_Element_Array ("Second chunk..."));
...
return Response.Stream (MIME.Text_HTML, Data);
Note that you do not have to take care of releasing the allocated
memory, the default `Close` routine will do just that.
.. _Response_from_a_compressed_memory_stream:
Response from a compressed memory stream
----------------------------------------
This is a slight variant of the standard memory stream described
above. In this case the stream object must be declared as a
`AWS.Resources.Streams.Memory.ZLib.Stream_Type`.
The ZLib stream object must be initialized to enable the
compression and select the right parameters. This is done using the
`AWS.Resources.Streams.Memory.ZLib.Deflate_Initialize` routine which
takes many parameters to select the right options for the compression
algorithm, all of them have good default values. When initialized the
compressed stream object is used exactly as a standard stream::
Data : AWS.Resources.Streams.Memory.ZLib.Stream_Type;
Deflate_Initialize (Data);
Append (Data, Translator.To_Stream_Element_Array ("First chunk"));
Append (Data, Translator.To_Stream_Element_Array ("Second chunk..."));
...
return Response.Stream (MIME.Text_HTML, Data);
Note that there is the reverse implementation to decompress a
stream. See :ref:`AWS.Resources.Streams.Memory.ZLib`. It's usage
is identical.
.. _Split_page:
Split page
----------
`AWS` has a specific high level service to split a large response
into a set of pages. For more information see :ref:`Split_pages`.
.. _Response_a_from_pipe_stream:
Response a from pipe stream
---------------------------
The response sent to the server is read from the output of an external
application. This kind of stream can be used to avoid writing a temporary
file into the hard disk. For example it is possible to return an archive
created with the `tar` tool without writing the intermediate tar
achive on the disk.
.. _Configuration_options:
Configuration options
=====================
.. index:: Configuration options
To configure an `AWS` server it is possible to use a
configuration object. This object can be set using the `AWS.Config.Set`
API or initialized using a configuration file.
Configuration files are a way to configure the server without
recompiling it. Each application can be configured using two
configurations files:
*aws.ini*
.. index:: aws.ini
.. index:: ini file
This file is parsed first and corresponds to the configuration for all
AWS server runs in the same directory.
*<program_name>.ini*
.. index:: program_name.ini
This file is parsed after :file:`aws.ini`. It is possible with this
initialization file to have specific settings for some servers.
:file:`program_name.ini` is looked first in the application's directory
and then in the current working directory. This is only supported on
platforms where `Ada.Command_Line` is implemented. So, on **VxWorks**
only :file:`aws.ini` is parsed.
Furthermore, it is possible to read a specific configuration file
using the `AWS.Config.Ini.Read` routine. See :ref:`AWS.Config.Ini`.
Current supported options are:
*Accept_Queue_Size (positive)*
.. index:: Accept_Queue_Size
This is the size of the queue for the incoming requests. Higher this
value will be and less "*connection refused*" will be reported to the
client. The default value is |QUEUE_SIZE|.
*Admin_Password (string)*
.. index:: Admin_Password
.. highlight:: sh
This is the password used to call the administrative page. The
password can be generated with :file:`aws_password` (the module name
must be `admin`)::
$ aws_password admin <password>
*Admin_URI (string)*
.. index:: Admin_URI
This is the URI to call the administrative page. This can be used when
calling `AWS.Server.Start`. The default is |ADMIN_URI|.
*Case_Sensitive_Parameters (boolean)*
.. index:: Case_Sensitive_Parameters
If set to `True` the `HTTP` parameters are case
sensitive. The default value |CASE_SENSITIVE_PARAMETERS|.
*Certificate (string)*
.. index:: Certificate (string)
Set the certificate file to be used with the secure servers. The
default is |DEFAULT_CERTIFICATE|. A single certificate or a
certificate chain is supported. The certificates must be in `PEM` format
and the chain must be sorted starting with the subject's certificate, followed
by intermediate CA certificates if applicable and ending at the highest
level (root) CA certificate. If the file contains only a single
certificate, it can be followed by a private key. In this case the Key
parameter (see below) must empty.
*Check_URL_Validity (boolean)*
.. index:: Check_URL_Validity
Server have to check URI for validity. For example it checks that an
URL does not reference a resource above the Web root. The default
is |CHECK_URL_VALIDITY|.
*Cipher_Priorities*
.. index:: Cipher_Priorities (string)
Values are dependent on the actual secure layer (OpenSSL or
GNUTLS). It is used to specify the session’s handshake algorithms
and options.
*Cleaner_Wait_For_Client_Timeout (duration)*
.. index:: Cleaner_Wait_For_Client_Timeout
Number of seconds to timeout on waiting for a client request. This is a
timeout for regular cleaning task. The default is
|CT_WAIT_FOR_CLIENT| seconds.
*Cleaner_Client_Header_Timeout (duration)*
.. index:: Cleaner_Client_Header_Timeout
Number of seconds to timeout on waiting for client header. This is a
timeout for regular cleaning task. The default is |CT_CLIENT_HEADER| seconds.
*Cleaner_Client_Data_Timeout (duration)*
.. index:: Cleaner_Client_Data_Timeout
Number of seconds to timeout on waiting for client message body. This
is a timeout for regular cleaning task. The default is
|CT_CLIENT_DATA| seconds.
*Cleaner_Server_Response_Timeout (duration)*
.. index:: Cleaner_Server_Response_Timeout
Number of seconds to timeout on waiting for client to accept
answer. This is a timeout for regular cleaning task. The default is
|CT_SERVER_RESPONSE| seconds.
*Config_Directory (string)*
.. index:: Config_Directory
The directory in which AWS keeps some configuration parameters.
The default is |CONFIG_DIRECTORY|.
*CRL_File (string)*
.. index:: CRL_File, CRL
This configuration option must point to a filename containing a CRL
(Certificate Revocation List). This will make it possible to control
client connecting to the server. The default values is |CRL_FILE|.
*Directory_Browser_Page (string)*
.. index:: Directory_Browser_Page
Specify the filename for the directory browser template page. The
default value is |DIRECTORY_BROWSER_PAGE|.
*Down_Image (string)*
.. index:: Down_Image
The name of the down arrow image to use in the status page. The default is
|DOWN_IMAGE|.
*Error_Log_Filename_Prefix (string)*
.. index:: Log_Filename_Prefix
This is to set the filename prefix for the log file. By default the
log filename prefix is the program name (without extension) followed
by "_error".
*Error_Log_Split_Mode [None/Each_Run/Daily/Monthly]*
.. index:: Log_Split_Mode
It indicates how to split the error logs. Each_Run means that a new log file
is used each time the process is started. Daily and Monthly will use a
new log file each day or month. The default is |ERROR_LOG_SPLIT_MODE|.
*Exchange_Certificate (boolean)*
.. index:: Exchange_Certificate
If set to True it means that the client will be asked to send its
certificate to the server. The default value is |EXCHANGE_CERTIFICATE|.
*Certificate_Required (boolean)*
.. index:: Certificate_Required
If set to True the server will reject all SSL connections if the
client did not provide a certificate (be it valid or not). The
`Exchange_Certificate` option must be set in this case. The
default value is |CERTIFICATE_REQUIRED|.
*Force_Wait_For_Client_Timeout (duration)*
.. index:: Force_Wait_For_Client_Timeout
Number of seconds to timeout on waiting for a client request. This is a
timeout for urgent request when resources are missing. The default is
|FT_WAIT_FOR_CLIENT| seconds.
*Force_Client_Header_Timeout (duration)*
.. index:: Force_Client_Header_Timeout
Number of seconds to timeout on waiting for client header. This is a
timeout for urgent request when resources are missing. The default is
|FT_CLIENT_HEADER| seconds.
*Force_Client_Data_Timeout (duration)*
.. index:: Force_Client_Data_Timeout
Number of seconds to timeout on waiting for client message body. This
is a timeout for urgent request when resources are missing. The default is
|FT_CLIENT_DATA| seconds.
*Force_Server_Response_Timeout (duration)*
.. index:: Force_Server_Response_Timeout
Number of seconds to timeout on waiting for client to accept answer. This
is a timeout for urgent request when resources are missing. The default is
|FT_SERVER_RESPONSE| seconds.
*Free_Slots_Keep_Alive_Limit (positive)*
.. index:: Free_Slots_Keep_Alive_Limit
This is the minimum number of remaining free slots to enable keep-alive HTTP
connections. For heavy-loaded HTTP servers, the Max_Connection parameter
should be big enough, and Free_Slots_Keep_Alive_Limit should be about 1-10%
of the Max_Connection parameter depending on the duration of the
average server response. Longer is the average time to send back a
response bigger Free_Slots_Keep_Alive_Limit should be.
The default is |KEEP_ALIVE_LIMIT|.
*Hotplug_Port (positive)*
.. index:: Hotplug_Port
This is the hotplug communication port needed to register and
un-register an hotplug module. The default value is |HOTPLUG_PORT|.
*Key (string)*
.. index:: Key
Set the RSA key file to be used with the secure servers. The
default file is |DEFAULT_KEY|.
*Line_Stack_Size (positive)*
.. index:: Line_Stack_Size
The HTTP lines stack size. The stack size must be adjusted for each
applications depending on the use of the stack done by the callback
procedures. The default is |LINE_STACK_SIZE|.
*Log_Extended_Fields (string list)*
.. index:: Log_Extended_Fields
Comma separated list of the extended log field names. If this parameter
is empty, the HTTP log would be in the apache compartible format, otherwise
log file would be in Extended format. For more information see
:ref:`Server_Log`.
*Log_File_Directory (string)*
.. index:: Log_File_Directory
This is to set the directory where log file must be written. This
parameter will be used automatically by `AWS.Log` if logging
facility is enabled. By default log files are written in the current
directory. The default is |LOG_FILE_DIR|.
*Log_Filename_Prefix (string)*
.. index:: Log_Filename_Prefix
This is to set the filename prefix for the log file. By default the
log filename prefix is the program name (without extension).
*Log_Split_Mode [None/Each_Run/Daily/Monthly]*
.. index:: Log_Split_Mode
It indicates how to split the logs. Each_Run means that a new log file
is used each time the process is started. Daily and Monthly will use a
new log file each day or month. The default is |LOG_SPLIT_MODE|.
*Logo_Image (string).*
.. index:: Logo_Image
The name of the logo image to use in the status page. The default is
|LOGO_IMAGE|.
*Max_Concurrent_Download (positive)*
.. index:: Max_Concurrent_Download
Control the maximum number of parallel downloads accepted by the download
manager. The default value is |MAX_CONCURRENT_DOWNLOAD|.
*Max_Connection (positive)*
.. index:: Max_Connection
This is the maximum number of simultaneous connections for the
server. This can be used when calling the `AWS.Server.Start`. The
default is |MAX_CONNECT|.
Note that the total number of threads used by a server is::
N = <main server thread> + <max connections> [+ <session>]
Note: [...] means optional value
Add 1 only if the session feature is activated. This is
due to the session cleaner task.
*Max_POST_Parameters (positive)*
.. index:: Max_POST_Parameters
The maximum number of POST parameters supported by AWS. The default
value is |MAX_POST_PARAMETERS|.
.. _max-websocket:
*Max_WebSocket (positive)*
.. index:: Max_WebSocket
The maximum number of WebSocket that can be opened simultaneously
in AWS. Above this value AWS will try to close timed-out WebSockets
(see :ref:`WebSocket_Timeout <websocket-timeout>`). The default
value is |MAX_WEBSOCKET|.
*Max_WebSocket_Handler (positive)*
.. index:: Max_WebSocket_Handler
The maximum number of message to handle simultaenously. The default
value is |MAX_WEBSOCKET_HANDLER|.
*MIME_Types (string)*
.. index:: MIME_Types
The name of the file containing the MIME types associations. The default
file name is |MIME_TYPES|.
*Receive_Timeout (duration)*
.. index:: Receive_Timeout
Number of seconds to timeout when receiving chunk of data. The
default is |RECEIVE_TIMEOUT| seconds.
*Reuse_Address (boolean)*
.. index:: Reuse_Address
Set the socket reuse address policy. If set to True the server will be
able to bind to a socket that has just been released without the need of
waiting. Enabling this feature may introduce security risks on some
platforms. The default is |REUSE_ADDRESS|.
*Security_Mode (string)*
.. index:: Security_Mode
Set the security mode to use for the secure connections. The default
mode is |SECURITY_MODE|. See :ref:`AWS.Net.SSL`.
*Send_Buffer_Size (positive)*
.. index:: Send_Buffer_Size
This is the socket internal buffer used for sending data to the
clients. The default is |SEND_BUFFER_SIZE|.
*Send_Timeout (duration)*
.. index:: Send_Timeout
Number of seconds to timeout when sending chunk of data. The default is
|SEND_TIMEOUT| seconds.
*Server_Host (string)*
.. index:: Server_Host
The name of the host machine. This can be used if a computer has more
than one IP address, it is possible to have two servers at the same
port on the same machine, both being binded on different IP addresses.
*Server_Name (string)*
.. index:: Server_Name
The name of the server. This can be used when calling
`AWS.Server.Start`. The default is |SERVER_NAME|.
*Server_Priority (natural)*
.. index:: Server_Priority (natural)
Priority of the task handling the HTTP protocol.
The default is Default_Priority.
*Server_Port (integer)*
.. index:: Server_Port
The port where server will wait for incoming connections requests. This
can be used when calling `AWS.Server.Start`. The default is
|SERVER_PORT|.
*Service_Priority (natural)*
.. index:: Service_Priority (natural)
Priority of the tasks used by optional services like SMTP Server,
Server Push, Jabber and the Transient Page cleaner.
The default is **Default_Priority**.
*Session (boolean)*
.. index:: Session
Whether the session support must be activated or not. The default is
|SESSION|.
*Session_Name (string)*
.. index:: Session_Name
The name of the cookie session. This can be used to support sessions
for multiple servers embedded into the same executable. The default is
|SESSION_NAME|.
*Session_Id_Length (positive)*
.. index:: Session_Id_Length (positive)
The length of the session id in characters. The default
is |SESSION_ID_LENGTH| characters.
*Session_Lifetime (duration)*
.. index:: Session_Lifetime (duration)
Number of seconds to keep session information. After this period a
session is obsoleted and will be removed at next cleanup. The default
is |SESSION_LIFETIME| seconds.
*Session_Cleanup_Interval (duration)*
.. index:: Session_Cleanup_Interval (duration)
Number of seconds between each run of the session cleanup task. This
task will remove all session data that have been obsoleted. The
default is |SESSION_CLEANUP_INTERVAL| seconds.
*Session_Cleaner_Priority (natural)*
.. index:: Session_Cleaner_Priority (natural)
Priority of the task cleaning the session data.
The default is **Default_Priority**.
*Status_Page (string)*
.. index:: Status_Page
The name of the status page to used. The default is |STATUS_PAGE|.
*TLS_Ticket_Support (boolean)*
.. index:: TLS_Ticket_Support
Specify whether the TLS ticket support is activated or not. The
default value is |TLS_TICKET_SUPPORT|.
*Transient_Cleanup_Interval (positive)*
.. index:: Transient_Cleanup_Interval
Specify the number of seconds between each run of the cleaner task to remove
transient pages. The default value is |TRANSIENT_CLEANUP_INTERVAL| seconds.
*Transient_Lifetime (duration)*
.. index:: Transient_Lifetime
Specify the number of seconds to keep a transient page. After this
period the transient page is obsoleted and will be removed during next
cleanup. The default value is |TRANSIENT_LIFETIME| seconds.
*Trusted_CA (string)*
.. index:: Trusted_CA
This must point to the file containing the list of trusted
Certificate Authorities. The CA in this file will be used to verify
the client certificate validity. The default values is |TRUSTED_CA|.
*Up_Image (string)*
.. index:: Up_Image
The name of the up arrow image to use in the status page. The default is
|UP_IMAGE|.
*Upload_Directory (string)*
.. index:: Upload_Directory
This is to set the directory where upload files must be stored. By
default uploaded files are written in the current directory. The
default is |UPLOAD_DIR|.
*WebSocket_Message_Queue_Size (positive)*
.. index:: WebSocket_Message_Queue_Size
This is the size of the queue containing incoming messages waiting
to be handled by one of the task, see Max_WebSocket_Handler above. The
default value is |WEBSOCKET_MESSAGE_QUEUE_SIZE|.
*WebSocket_Origin (string)*
.. index:: WebSocket_Origin
This is a regular expression which can be used to handle WebSockets
originating from a specific domain. By default AWS handles WebSockets
from any origins.
*WebSocket_Priority (natural)*
.. index:: WebSocket_Priority (natural)
Priority of the task handling the WebSockets.
The default is **Default_Priority**.
.. _websocket-timeout:
*WebSocket_Timeout (duration)*
.. index:: WebSocket_Timeout
A number of seconds after which a WebSocket without activity is
considered timed-out and can be elected to be closed if the maximum
number of sockets opened has been reached.
(see :ref:`Max_WebSocket <max-websocket>`). The default
is |WEBSOCKET_TIMEOUT|.
*WWW_Root (string)*
.. index:: WWW_Root
This option sets the Web Server root directory. All Web resources are
referenced from this root directory. The default value is |WWW_ROOT|.
Each option value can be retrieved using the `AWS.Config` unit or
set using `AWS.Config.Set`.
.. highlight:: ada
For example to build a server where the *port* and the maximum number of
*connection* can be changed via a configuration file (either
:file:`aws.ini` or :file:`<program_name>.ini`)::
WS : AWS.Server.HTTP;
Conf : constant AWS.Config.Object := AWS.Config.Get_Current;
Server.Start (WS, Service'Access, Conf);
.. _Session_handling:
Session handling
================
.. index:: Session
.. highlight:: ada
`AWS` provides a way to keep session data while users are
browsing. It works by creating transparently a session ID where it
is possible to insert, delete and retrieve session data using a standard
Ada API (see :ref:`AWS.Session`.). Session data are key/value pair each of
them being strings. These sessions data are kept on the server, for
client side state management see :ref:`HTTP_state_management`.
* First you declare and start an HTTP channel with session enabled::
WS : AWS.Server.HTTP;
Server.Start (WS,
Port => 1234,
Callback => Service'Access,
Session => True);
Here we have built an HTTP channel with a maximum of 3 simultaneous
connections using the port 1234. A session ID will be created and sent
inside a cookie to the client's browser at the first request. This
session ID will be sent back to the server each time the client will ask
for a resource to the server.
* Next, in the Service callback procedure that you have provided you
must retrieve the Session ID. As we have seen, the callback procedure
has the following prototype::
function Service (Request : in AWS.Status.Data) return AWS.Response.Data;
The Session ID is kept in the Request object and can be retrieved using::
Session_ID : constant AWS.Session.ID := AWS.Status.Session (Request);
* From there it is quite easy to get or set some session data using
the provided API. For example::
declare
C : Integer;
begin
C := AWS.Session.Get (Session_ID, "counter");
C := C + 1;
AWS.Session.Set (Session_ID, "counter", C);
end;
This example first get the value (as an Integer) for session data whose
key is "`counter`", increment this counter and then set it back to
the new value.
It is also possible to save and restore all session data. It means that the
server can be shutdown and launched some time after and all client data are
restored as they were at shutdown time. Client will just see nothing. With this
feature it is possible to shutdown a server to update its look or because a
bug has been fixed for example. It is then possible to restart it
keeping the complete Web server context.
.. _HTTP_state_management:
HTTP state management
=====================
.. index:: HTTP state
.. index:: Cookies
.. highlight:: ada
`AWS` provides a full implementation of RFC 2109 via the `AWS.Cookie`
package. Using this package you set, get and expire client-side HTTP cookies.
First we set a cookie::
declare
Content : AWS.Response.Data;
begin
AWS.Cookie.Set (Content,
Key => "hello",
Value => "world",
Max_Age => 86400.0);
end;
Here we set the cookie `hello` with the value `world`, and we tell
the client to expire the cookie 86400 seconds into the future.
Getting the cookie value back is equally simple::
declare
Request : AWS.Status.Data
-- Assume that this object contain an actual HTTP request.
begin
Put_Line (AWS.Cookie.Get (Request, "hello"));
-- Output 'world'
end;
Had the cookie `hello` not existed, an empty `String` would've been
returned.
In some cases it might be of value to know if a given cookie exists, and for
that we have the `Exists` function available::
declare
Request : AWS.Status.Data
-- Assume that this object contain an actual HTTP request
begin
if AWS.Cookie.Exists ("hello") then
Put_Line ("The 'hello' cookie exists!");
end if;
end;
Note that `Exists` doesn't care if the cookie contains an actual value or
not. If a cookie with no value exists, `Exists` will return `True`.
And finally we might wish to tell the client to expire a cookie::
declare
Content : AWS.Response.Data;
begin
AWS.Cookie.Expire (Content,
Key => "hello");
end;
The Cookie package provide `Get` functions and `Set` procedures for
`String`, `Integer`, `Float` and `Boolean` types, but since
cookies are inherently strings, it's important to understand what happens when
the cookie `String` value can't be converted properly to either
`Integer`, `Float` or `Boolean`.
So if either conversion fails or the cookie simply doesn't exist, the following
happens:
* For `Integer`, the value 0 is returned
* For `Float`, the value 0.0 is returned.
* For `Boolean`, the value `False` is returned. Note that only
the string 'True' is `True`. Everything else is `False`.
For more information see :ref:`AWS.Cookie`.
.. _Authentication:
Authentication
==============
.. index:: authentication
.. index:: basic
.. index:: digest
`AWS` supports **Basic** and **Digest** authentication. The
authentication request can be sent at any time from the callback
procedure. For this the `AWS.Response.Authenticate` message must
be returned.
.. highlight:: ada
The authentication process is as follow:
* Send authentication request
From the callback routine return an authentication request when
needed::
function Service (Request : in Status.Data) return Response.Data is
URI : constant String := Status.URI (Request);
User : constant String := Status.Authorization_Name (Request);
begin
-- URI starting with "/prot/" are protected
if URI (URI'First .. URI'First + 5) = "/prot/"
and then User = ""
then
return Response.Authenticate ("AWS", Response.Basic);
The first parameter is the **Realm**, it is just a string that will be
displayed (on the authentication dialog box) by the browser to
indicate for which resource the authentication is needed.
* Check authentication
When an authentication as been done the callback's request data
contain the user and password. Checks the values against an ACL for
each protected resources::
function Protected_Service
(Request : in AWS.Status.Data) return AWS.Response.Data
is
User : constant String := Status.Authorization_Name (Request);
Pwd : constant String := Status.Authorization_Password (Request);
begin
if User = "xyz" and then Pwd = "azerty" then
return ...;
Note that the **Basic** authentication is not secure at all. The password
is sent unencoded by the browser to the server. If security is an
issue it is better to use the **Digest** authentication and/or an
**SSL** server.
.. _File_upload:
File upload
===========
.. index:: File upload
.. index:: upload, server
.. highlight:: xml
File upload is the way to send a file from the client to the server. To
enable file upload on the client side the Web page must contain a **FORM**
with an **INPUT** tag of type **FILE**. The **FORM** must also contain
the **enctype** attribute set to *multipart/form-data*::
<FORM enctype="multipart/form-data" ACTION=/whatever METHOD=POST>
File to process: <INPUT NAME=filename TYPE=FILE>
<INPUT TYPE=SUBMIT NAME=go VALUE="Send File">
</FORM>
On the server side, `AWS` will retrieve the file and put it into the
upload directory. `AWS` add a prefix to the file to ensure that the
filename will be unique on the server side. The upload directory can be
changed using the configuration options. See :ref:`Configuration_options`.
The uploaded files are removed after the user's callback. This is done
for security reasons, if files were not removed it would be possible
to fill the server hard disk by uploading large files to the
server. This means that uploaded files must be specifically handled by
the users by either copying or renaming them.
`AWS` will also setup the form parameters as usual. In the above example
there is two parameters (see :ref:`Form_parameters`).
*filename*
This variable contains two values, one with the client side name and
one with the server side name.
*First value : Parameters.Get (P, "filename")*
The value is the full pathname of the file on the server. (i.e. the
upload directory catenated with the prefix and filename).
*Second value : Parameters.Get (P, "filename", 2)*
The value is the simple filename (no path information) of the file on
the client side.
*go*
The value is "Send File"
.. _Communication:
Communication
=============
.. index:: Communication
.. index:: Sending message
This API is used to do communication between programs using the HTTP
GET protocol. It is a very simple API not to be compared with `GLADE`
or `SOAP`. This communication facility is to be used for simple
request or when a light communication support is needed. For more
complex communications or to achieve inter-operability with other
modules it is certainly a good idea to have a look at the
`AWS/SOAP` support, see :ref:`SOAP`.
In a communication there is a Client and a Server. Here is what is to be
done on both sides to have programs talking together.
.. _Communication_-_client_side:
Communication - client side
---------------------------
.. index:: Communication, Client
.. highlight:: ada
On the client side it is quite simple. You just have to send a message
using `AWS.Communication.Client.Send_Message`::
function Send_Message
(Server : in String;
Port : in Positive;
Name : in String;
Parameters : in Parameter_Set := Null_Parameter_Set)
return Response.Data;
The message is sent to the specified server using the given port. A
message is composed of a name which is a string and a set of
parameters. There is a parameter set constructor in
`AWS.Communication`. This function return a response as for any
callback procedure.
.. _Communication_-_server_side:
Communication - server side
---------------------------
.. index:: Communication, Server
On the server side things are a bit more complex but not that
difficult. You must instantiate the `AWS.Communication.Server`
generic package by providing a callback procedure. This callback
procedure will must handle all kind of message that a client will send.
During instantiation you must also pass a context for the communication
server. This context will be passed back to the callback procedure::
generic
type T (<>) is limited private;
type T_Access is access T;
with function Callback
(Server : in String;
Name : in String;
Context : in T_Access;
Parameters : in Parameter_Set := Null_Parameter_Set)
return Response.Data;
package AWS.Communication.Server is
...
A complete example can be found in the demos directory. Look for
:file:`com_1.adb` and :file:`com_2.adb`.
Note that this communication API is used by the Hotplug module facility,
see :ref:`Hotplug_module`.
.. _Hotplug_module:
Hotplug module
==============
.. index:: hotplug
An **Hotplug module** is a module that can by dynamically binded to a
running server. It is a Web server and the development process is very
similar to what we have seen until now :ref:`Building_an_AWS_server`.
The Hotplug module will register itself into a Web server by
sending a message using the communication API. The Hotplug module send
to the server a regular expression and an URL. The main server will
redirect all URL matching the regular expression to the Hotplug module.
Note that the main server will redirect the URL to the first matching
regular expression.
.. _Hotplug_module_-_server_activation:
Hotplug module - server activation
----------------------------------
.. highlight:: sh
The first step is to properly create the main server hotplug module
registration file. This file must list all hotplug modules that can
register into the main server. Each line have the following format::
hotplug_module_name:password:server:port
*hotplug_module_name*
The name of the hotplug module. You can choose any name you want. This
name will be use during the registration process and to generate the
password.
*password*
The MD5 password, see below.
*server*
The name of the server where the redirection will be made. This is for
security reasons, main server will not permit to redirect requests to
any other server.
*port*
The port to use for the redirection on `server`.
You must create a password for each hotplug modules. The generated
password depends on the hotplug module name. A tool named
`aws_password` is provided with `AWS` to generate such
password. Usage is simple::
$ aws_password <hotplug_module_name> <password>
.. highlight:: ada
Then, after starting the main server you must activate the Hotplug feature::
AWS.Server.Hotplug.Activate (WS'Unchecked_Access, 2222, "hotplug_conf.ini");
:file:`hotplug_conf.ini` is the hotplug module registration file
described above.
.. _Hotplug_module_-_creation:
Hotplug module - creation
-------------------------
Here is how to create an Hotplug module:
* First you create a standard Web server, see :ref:`Building_an_AWS_server`::
WS : AWS.Server.HTTP (3, 1235, False, Hotplug_CB.Hotplug'Access, False);
Here we have a server listening to the port 1235. This server can be
used alone if needed as any Server developed with AWS.
* Then you register the Hotplug module to the main server,
see :ref:`AWS.Client.Hotplug`::
Response := AWS.Client.Hotplug.Register
(Name => "Hotplug_Module_Demo",
Password => "my_password",
Server => "http://dieppe:2222",
Regexp => ".*AWS.*",
URL => "http://omsk:1235/");
The hotplug module `Hotplug_Module_Demo` must have been declared
on the main server, the password and redirection must have been
properly recorded too for security reasons, see
:ref:`Hotplug_module_-_server_activation`.
This command register `Hotplug_Module_Demo` into the server running
on the machine `dieppe` and ask it to redirect all `URL`
containing `AWS` to the server running on machine `omsk` on
port `1235`.
* When the Hotplug module is stopped, you must unregister it::
Response := AWS.Client.Hotplug.Unregister
(Name => "Hotplug_Module_Demo",
Password => "my_password",
Server => "http://dieppe:2222",
Regexp => ".*AWS.*");
Here we ask to unregister `Hotplug_Module_Demo` from server
`dieppe`. As for the registration process a proper password must
be specified, see :ref:`Hotplug_module_-_server_activation`.
A complete example can be found in the demos directory. Look for
:file:`main.adb` and :file:`hotplug.adb`.
.. _Server_Push:
Server Push
===========
.. index:: Server Push
.. index:: Push
This protocol is obsolescent, it is hightly recommended to use the
WebSockets now. See :ref:`WebSockets`.
Server Push is a feature that let the Web Server send continuously
data to client's Web Browser or client applications. The client does
not have to reload at periodic time (which is what is called client
pull) to have the data updated, each time the server send a piece of
data it gets displayed on the client.
To build a push server you need to build an instance of the
`AWS.Server.Push` package. This package takes a set of formal
parameters. Here are the step-by-step instructions to build a Push
Server:
* The data to be sent
First you must create a type that will contains the data to be sent to
client's browser except if it is a standard Ada type. See
`Client_Output_Type` formal parameter.
* The data that will be streamed
This is the representation of the data that will be sent to client's
browser. This will be either a `String` for Web pages or
`Stream_Element_Array` for binary data like pictures. See
`Stream_Output_Type` formal parameter.
* The context
It is often nice to be able to configure each client with different
parameters if needed. This can be achieved with the Context data type
that will be passed as parameter of the conversion function described
below. See `Client_Environment` formal parameter.
* Provides a function to convert from the data type to be sent to
the data that will be streamed.
This is a function that will transform the data described on point 1
above to the form described on point 2 above. See
`To_Stream_Output` formal parameter.
* Build the Push Server
To do so you just need to instantiate `AWS.Server.Push` with the
above declarations.
* Registering new clients
In the standard `AWS` procedure callback it is possible to register a
client if requested. This is done by calling
`AWS.Server.Push.Register`. It is possible to unregister a
client using `AWS.Server.Push.Unregister`. Each client must be
identified with a unique client ID. After registering a new client
from the callback procedure you must return the
`AWS.Response.Socket_Taken` message. This is very important, it
tells the server to not close this socket.
* Sending the data
At this point it is possible to send data to clients. To do so
two routines are available.
*AWS.Server.Push.Send_To*
.. index:: Send_To
To send a piece of data to a specific client identified by its
client ID.
*AWS.Server.Push.Send*
.. index:: Send
To send a piece of data to all clients registered on this server.
Very large Internet applications should use this feature carefully. A
push server keeps a socket reserved for each registered clients and
the number of available sockets per process is limited by the OS.
.. _Working_with_Server_sockets:
Working with Server sockets
===========================
.. index:: Working with Server sockets
With `AWS` is is possible to take out a socket from the server and give
it back later. This feature must be used carefully but it gives a lot
of flexibility. As the socket is taken away, the connection line (or slot)
is released, `AWS` can then use it to handle other requests.
This can be used to better support heavy loaded servers when some
requests need a long time to complete. Long time here means longer
than most of the other requests which should be mostly interractives
for a Web server. Of course in such a case a keep-alive connection is
kept open.
The usage in such a case is to take out the socket and put it in a
waiting line. This releases the connection for the server. When the
data to prepare the answer is ready you give back the socket to the
server.
* Take a socket from the server
This first step is done form the callback function. A user instead of
replying immediatly decides to take away the socket from the
server. The first step is to record the connection socket socket by
calling `AWS.Status.Socket`. The second step is to tell the
server to not release this socket by returning `AWS.Response.Socket_Taken`
from the callback function. At this point the server will continue to
serve other clients.
Note that this feature is used by the server push implementation,
see :ref:`Server_Push`.
* Give back the socket to the server
Calling `AWS.Sever.Give_Back_Socket` will register the socket for
reuse. This socket will be placed into a spool, next time the server
will check for incoming requests it will be picked up.
.. _Server_Log:
Server Log
==========
.. index:: logs
.. index:: Log.Start
.. index:: Log.Stop
.. index:: Log.Start_Error
.. index:: Log.Stop_Error
.. index:: Log.Flush
It is possible to have the server activity logged into the file
:file:`<progname>-Y-M-D.log`. To activate the logging you must call the
`AWS.Server.Log.Start`, and it is possible to stop logging by calling
`AWS.Server.Log.Stop`. Note that `AWS.Server.Log.Start` have
a parameter named `Auto_Flush` to control output buffering. This
parameter is False by default. If set to True, the log file will be
automatically flushed after each data. If the server logging is not
buffered, i.e. Auto_Flush is False, the log can still be flushed by
calling the `AWS.Server.Log.Flush` routine. See :ref:`AWS.Log` for
more information especially about the way rotating logs can be
setup. Using this feature it is possible to have automatic split of
the log file each day, each month or at every run. See `AWS.Log`
spec. This is very useful to avoid having very big log files.
.. highlight:: sh
The log format depend on Log_Extended_Fields configuration parameter.
If this parameter is empty, the HTTP log would have fixed apache compartible format::
<client IP> - <auth name> - [<date and time>] "<request>" <status code> <size>
For example::
100.99.12.1 - - [22/Nov/2000:11:44:14] "GET /whatever HTTP/1.1" 200 1789
If the extended fields list is not empty, the log file format would have
user defined fields set::
#Version: 1.0
#Date: 2006-01-09 00:00:01
#Fields: date time c-ip cs-method cs-uri cs-version sc-status sc-bytes
2006-01-09 00:34:23 100.99.12.1 GET /foo/bar.html HTTP/1.1 200 30
Fields in the comma separated Log_Extended_Fields list could be:
*date*
Date at which transaction completed
*time*
Time at which transaction completed
*time-taken*
Time taken for transaction to complete in seconds
*c-ip*
Client side connected IP address
*c-port*
Client side connected port
*s-ip*
Server side connected IP address
*s-port*
Server side connected port
*cs-method*
HTTP request method
*cs-username*
Client authentication username
*cs-version*
Client supported HTTP version
*cs-uri*
Request URI
*cs-uri-stem*
Stem portion alone of URI (omitting query)
*cs-uri-query*
Query portion alone of URI
*sc-status*
Responce status code
*sc-bytes*
Length of response message body
*cs(<header>)*
Any header field name sent from client to server
*sc(<header>)*
Any header field name sent from server to client
*x-<appfield>*
Any application defined field name
`AWS` also support error log files. If activated every internal error
detected by `AWS` will gets logged into this special file.
Log file for errors would be in simple apache compartible format.
See `AWS.Server.Log.Start_Error` and `AWS.Server.Log.Stop_Error`.
For the full set of routines supporting the log facility see
:ref:`AWS.Server.Log` .
.. _Secure_server:
Secure server
=============
.. index:: Secure server
.. index:: HTTPS
It is not much difficult to use a secure server (`HTTPS`) than a
standard one. Here we describe only what is specific to an HTTPS
server.
Before going further you must check that `AWS` has been
configured with `SSL` support. See :ref:`Building`. You must also
have installed the `OpenSSL` or `GNUTLS` libraries on your system. If
this is done, you can continue reading this section.
.. _Initialization:
Initialization
--------------
.. index:: certificate
A server is configured as using the HTTPS protocol at the time it is
started. The only thing to do is to set the Start's Security parameter
to True. This will start a server and activate the `SSL` layer by
default. A secure server must use a valid certificate, the default one
is |DEFAULT_CERTIFICATE|. This certificate has been
created by the `OpenSSL` or `GNUTLS` tool and is valid until
year 2008. Yet, this certificate has not been signed. To build a
secure server user's can rely on, you must have a valid certificate
signed by one of the **Certificate Authorities**.
The certificate to be used must be specified before starting the
secure server with `AWS.Server.Set_Security`:
.. highlight:: ada
With a key and certificate files::
AWS.Server.Set_Security
(WS,
Key_Filename => "server.key",
Certificate_Filename => "server.crt");
Or with a self-contained certificate::
AWS.Server.Set_Security (WS, Certificate_Filename => "aws.pem");
Or using the `certificate` configuration parameter, see
:ref:`Configuration_options`.
.. _Verify_callback:
Verify callback
---------------
.. index:: Verify callback
First note that it is not necessary to use such callback to verify the
certificate validity, see :ref:`Using_a_Certificate_Authority`.
This callback will receive the client certificate as sent during SSL
handshake between the server and the client. The certificate
information can be checked for logging purpose or to impose some
restriction. Generally this callback should return the value from
`AWS.Net.SSL.Certificate.Verified`, see :ref:`AWS.Net.SSL.Certificate`.
The Verified status of the certificate is the one that has been issued
by the SSL implementation during certificate verification and can
generally be trusted.
.. _Self-signed_certificate:
Self-signed certificate
-----------------------
.. index:: Self-signed certificate
.. _Creating_a_server_certificate:
Creating a server certificate
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. index:: server certificate
.. highlight:: sh
The goal here is not to replace the `OpenSSL` documentation but
just to present one way to create a self signed certificate for an
`HTTPS` test server. Note that `GNUTLS` offers similar tools to
generate certificates.
*Generate a RSA key*::
$ openssl genrsa -rand <filename> -out aws-server.key
Filename must point to any file, this is used to initialized the
random seed.
*Generate the certificate*::
$ openssl req -new -x509 -days 730 -key aws-server.key -out aws-server.cert
*Create a single self contained file (optional)*::
$ cat aws-server.key aws-server.cert > aws.pem
A this point you can use :file:`aws.pem` with your server or the separate
:file:`server.key` and :file:`server.crt` files.
It is also possible to sign the server's key. In this case the key
won't be in plain text but will require to setup a password on the
server code for the key to be decoded. See routine Set_Password_Callback
in AWS.Net.SSL.Certificate.
*Generate a crypted RSA key*::
$ openssl genrsa -aes128 -passout pass:<PASSWORD> -out aws-server.key
.. _Creating_a_client_certificate:
Creating a client certificate
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. index:: client certificate
A certificate can also be used on a Web browser and passed to the
server to have a strong client authentication. A client certificate
must be `PKCS12`. The steps to generate such certificate are:
*Generate a RSA key*::
$ openssl genrsa -des3 -out aws-client.key
Filename must point to any file, this is used to initialized the
random seed.
*Generate the certificate*::
$ openssl req -new -x509 -days 730 -key aws-client.key -out aws-client.cert
*Create the corresponding PKCS12 certificate*::
$ openssl pkcs12 -export -clcerts -in aws-client.cert -inkey aws-client.key -out client.p12
.. _Using_a_Certificate_Authority:
Using a Certificate Authority
-----------------------------
.. index:: CA certificate
In this section we will use a Certificate Authority to signed the
server certificates and the client certificates. Using this method is
required if the server must ensure that only clients with a valid
certificate will be able to connect to the server. The server will
verify that the client certificate received has been signed by a known
Certificate Authority.
Note that these checks are happening during the SSL handshake, so
before the user's callback.
For this to work the following configuration options must be used:
*Exchange_Certificate*
To request that the client certificate be sent.
*Trusted_CA*
The file containing the certificate of the Certificate Authority we
trust. The CA which has signed the client's certificate.
*Certificate_Required*
If no certificate has been received from the client the server will
reject the connection. If this is not set, we can still validate the
client's certificate in the verify callback, see :ref:`Verify_callback`
and for example log the connecting users.
.. _Initializing_the_Certificate_Authority:
Initializing the Certificate Authority
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. index:: CA, Certificate Authority
First the Certificate Authority must be initialized on the
computer. This is heavily dependent on the actual Operating System
used, describing this part is out of scope of this document.
On GNU/Debian the default setup (see default_ca in
:file:`/etc/ssl/openssl.cnf`) can be used to create a **demo**
Certificate Authority locally to test this feature::
$ mkdir demoCA
$ mkdir demoCA/newcerts
$ touch demoCA/index.txt
$ echo ABCC > demoCA/serial
$ echo 01 > demoCA/crlnumber
.. _Creating_the_Certificate_Authority:
Creating the Certificate Authority
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. index:: CA, Certificate Authority
*Generate a RSA key*::
$ openssl genrsa -out private-ca.key 1024
*Generate the certificate signing request*::
$ openssl req -new -key private-ca.key -out private-ca.csr
During this step you'll be asked for information about the CA
(Country, State or Province, Organization Name...).
*Create the CA certificate*::
$ openssl x509 -req -days 365 -in private-ca.csr -signkey private-ca.key -out private-ca.crt
This certificate will be used by AWS as the trusted CA, see
:ref:`Configuration_options`.
.. _Creating_a_CA_signed_server_certificate:
Creating a CA signed server certificate
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. index:: server certificate
*Generate a RSA key*::
$ openssl genrsa -out aws-server.key 1024
*Generate the certificate signing request*::
$ openssl req -new -key aws-server.key -out aws-server.csr
During this step you'll be asked for information about the server
(Country, State or Province, Common Name...). Note that the
Organization Name here must match the one from the CA and the Common
Name should be the server fully qualified domain name.
*Create the server certificate, signed it with our CA*::
$ openssl ca -in aws-server.csr -cert private-ca.crt -keyfile private-ca.key -out aws-server.crt
*Create a single self contained file (optional)*::
$ cat aws-server.key aws-server.cert > aws.pem
.. _Creating_a_CA_signed_client_certificate:
Creating a CA signed client certificate
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. index:: client certificate
*Generate a RSA key*::
$ openssl genrsa -des3 -out aws-client.key 1024
*Generate the certificate signing request*::
$ openssl req -new -key aws-client.key -out aws-client.csr
During this step you'll be asked for information about the client
(Country, State or Province, Common Name...). Note that the
Organization Name here must match the one from the CA and the Common
Name should be the client's one.
*Create the client certificate, signed it with our CA*::
$ openssl ca -in aws-client.csr -cert private-ca.crt -keyfile private-ca.key -out aws-client.crt
*Create the corresponding PKCS12 certificate*::
$ openssl pkcs12 -export -clcerts -in aws-client.crt -inkey aws-client.key -out aws-client.p12
.. _Creating_a_Certificate_Revocation_List_(CRL):
Creating a Certificate Revocation List (CRL)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. index:: CRL
.. index:: Revocation
A Certificate Revocation List is used to revoke some client's
certificates. Those clients won't be able to connect to the secure
server anymore. Using the CA created above the following commands can
be used to create a CRL.
*Revoke the certificate*::
$ openssl ca -cert private-ca.crt -keyfile private-ca.key -revoke aws-client.crt
*Generate the CRL*::
$ openssl ca -cert private-ca.crt -keyfile private-ca.key -gencrl -out crl.pem -crldays 30
The file :file:`crl.pem` is the one to install on the server using the
CRL_File configuration option, see :ref:`Configuration_options`. This
file contains the list of all revoked certificates for the
corresponding CA.
.. _Security_level:
Security level
--------------
.. index:: Security level
This table summarize the security level achieved with different
settings of the security oriented configuration parameters.
+------------------------------------+-----+-------------+-------------+------------+
| Security | SSL | Exchange | Certificate | Trusted CA |
| | | Certificate | required | |
+====================================+=====+=============+=============+============+
| Data between the client and the | Yes | No | No | No |
| server are encrypted. | | | | |
+------------------------------------+-----+-------------+-------------+------------+
| Client can be identified, it is | Yes | Yes | No | No |
| still possible to access the server| | | | |
| without having a certificate. | | | | |
+------------------------------------+-----+-------------+-------------+------------+
| Client are identified, a | Yes | Yes | Yes | No |
| certificate is required. The | | | | |
| verification of the validity is up | | | | |
| to the application using the | | | | |
| verify callback. | | | | |
+------------------------------------+-----+-------------+-------------+------------+
| Client are identified and verified,| Yes | Yes | Yes | Yes |
| the certificate must have been | | | | |
| signed by a Certificate Authority. | | | | |
| It is not possible to access the | | | | |
| server without a valid certificate.| | | | |
+------------------------------------+-----+-------------+-------------+------------+
.. _Protocol:
Protocol
--------
.. index:: SSL
.. index:: TLS
There are different security options, either `SSLv2`, `SSLv3` or
`TLSv1`. `SSLv2` and `SSLv3` are supported by most if
not all Web browsers. These are the default protocol used by
`AWS`.
`TLSv1` is not supported at this point.
.. _Unexpected_exception_handler:
Unexpected exception handler
============================
.. index:: exception handler
When `AWS` detects an internal problem, it calls a specific
handler. This handler can be used to log the error, send an alert
message or build the answer to be sent back to the client's browser.
.. highlight:: ada
Here is the spec for this handler::
type Unexpected_Exception_Handler is access
procedure (E : in Ada.Exceptions.Exception_Occurrence;
Log : in out AWS.Log.Object;
Error : in Data;
Answer : in out Response.Data);
The handler can be called in two modes:
*Non fatal error (Error.Fatal is False)*
In this case `AWS` will continue working without problem. A
bug has been detected but it was not fatal to the thread (slot in
`AWS`'s terminology) handling. In this case it is possible to
send back an application level message to the client's browser. For
that you just have to fill the unexpected handler's `Answer` parameter
with the right response message. The `Error` parameter receive
information about the problem, see :ref:`AWS.Exceptions`.
*Fatal error (Error.Fatal is True)*
In this case `AWS` will continue working but a thread (slot number
`Error.Slot` in `AWS`'s terminology) will be killed. It means
that `AWS` will have lost one the simultaneous connection
handler. The server will continue working unless it was the last slot handler
available. Note that a Fatal error means an `AWS` internal bug
and it should be reported if possible. In this mode there is no way to
send back an answer to the client's browser and `Error` value must
be ignored.
The default handler for unexpected exceptions send a message to
standard error for fatal errors. For non fatal errors it log a message
(if the error log is activated for the server) and send back a message
back to the client. The message is either a built-in one or, if present
in the server's directory, the content of the :file:`500.tmplt` file.
This templates can used the following tags:
*AUTH_MODE*
The authorization mode (Either NONE, BASIC or DIGEST).
*EXCEPTION*
Exception information with traceback if activated.
*HTTP_VERSION*
Either HTTP/1.0 or HTTP/1.1
*METHOD*
The request method (Either GET, HEAD, POST or PUT)
*PAYLOAD*
The full `XML` payload for `SOAP` request.
*PEERNAME*
The IP address of the client
*SOAP_ACTION*
Either True or False. Set to True for a `SOAP` request.
*URI*
The complete URI
For more information see :ref:`AWS.Server` and :ref:`AWS.Exceptions`.
.. _Socket_log:
Socket log
==========
.. index:: Socket log
To ease `AWS` applications debugging it is possible to log all data
sent/received to/from the sockets. For this you need to call the
`AWS.Net.Log.Start` routine by passing a write procedure
callback. You have to create such procedure or use one read-to-use
provided in `AWS.Net.Log.Callbacks` package.
For more information see :ref:`AWS.Net.Log` and :ref:`AWS.Net.Log.Callbacks`.
.. _Client_side:
Client side
===========
.. index:: Client protocol
.. index:: client HTTP
`AWS` is not only a server it also implement the HTTP and HTTPS
protocol from the client side. For example with `AWS` it is
possible to get a Web page content using the `AWS.Client` API,
see :ref:`AWS.Client`.
It also support client **Keep-Alive** connections. It is then possible to
request many URI from the same server using the same connection
(i.e. the same sockets).
`AWS` client API also support proxy, proxy authentication and Web server
authentication. Only basic (and not digest) authentication is
supported at this time.
Let's say that you want to retrieve the `contrib.html` Web page from
Pascal Obry's homepage which is `http://perso.wanadoo.fr/pascal.obry <http://perso.wanadoo.fr/pascal.obry>`_. The
code to do so is::
Data := Client.Get
(URL => "http://perso.wanadoo.fr/pascal.obry/contrib.html");
From there you can ask for the result's content type::
if Response.Content_Type (Data) = "text/html" then
...
end if;
Or using the MIME types defined in `AWS.MIME` unit::
if Response.Content_Type (Data) = MIME.Text_HTML then
...
end if;
And display the content if it is some kind of text data::
Text_IO.Put_Line (Response.Message_Body (Data));
If the content is some kind of binary data (executable, PNG image, Zip
archive...), then it is possible to write the result to a file for
example. Look at the `agent` program in the `demos`
directory.
If the Web page is protected and you must pass the request through an
authenticating proxy, the call will becomes::
Data := Client.Get
(URL => "http://www.mydomain.net/protected/index.html"
User => "me",
Pwd => "mypwd",
Proxy => "192.168.67.1",
Proxy_User => "puser",
Proxy_Pwd => "ppwd");
.. index:: upload, client
The client upload protocol is implemented. Using `AWS.Client.Upload` it
is possible to send a file to a server which support the file upload protocol.
|