WebStack

README.txt

702:043eb148909c
2007-10-13 paulb [project @ 2007-10-13 22:36:40 by paulb] Added inactive rules to install the PyServlet .jar file into /usr/share/java.
     1 Introduction
     2 ------------
     3 
     4 WebStack is a package which provides a common API for Python Web
     5 applications, regardless of the underlying server or framework environment.
     6 It should be possible with WebStack to design and implement an application,
     7 to choose a deployment environment, and then to be able to deploy the
     8 application in a different environment later on without having to go back
     9 and rewrite substantial parts of the application.
    10 
    11 Quick Start
    12 -----------
    13 
    14 Try running the demo:
    15 
    16 python tools/demo.py
    17 
    18 An introductory guide to creating applications can be found in the docs
    19 directory - see docs/index.html for the start page.
    20 
    21 Contact, Copyright and Licence Information
    22 ------------------------------------------
    23 
    24 The current Web page for WebStack at the time of release is:
    25 
    26 http://www.boddie.org.uk/python/WebStack.html
    27 
    28 Copyright and licence information can be found in the docs directory - see
    29 docs/COPYING.txt, docs/LICENCE.txt and docs/LICENCE-PyServlet.txt for more
    30 information.
    31 
    32 Framework Support
    33 -----------------
    34 
    35 See the docs/supported-frameworks.html document for more information.
    36 
    37 New in WebStack 1.2.6 (Changes since WebStack 1.2.5)
    38 ----------------------------------------------------
    39 
    40   * Added a jython-webstack package for Ubuntu Feisty (7.04).
    41   * Improved support for Jython on Ubuntu Feisty (7.04), adding python.path
    42     and python.cachedir settings which respectively avoid issues with missing
    43     libraries (due to the separation of libraries in the Ubuntu package) and
    44     with failed imports (due to a read-only class cache directory).
    45   * Improved the webstack_java_build.py script and added a deployment
    46     descriptor for JSP to accompany the new Java Servlet-specific JSPTest
    47     example.
    48   * Added a special Java Servlet-specific get_servlet method to support the
    49     JSPTest example. It is envisaged that a more general method could be made
    50     available for all frameworks in order to support access to underlying
    51     request dispatchers and other framework facilities.
    52   * Added more Jython-related documentation as suggested by Kevin Glynn.
    53   * Added missing request headers for CGI/WSGI environment variables.
    54   * Fixed Webware support to work with Webware 0.9.4.
    55   * Fixed/improved Zope path value retrieval.
    56 
    57 New in WebStack 1.2.5 (Changes since WebStack 1.2.4)
    58 ----------------------------------------------------
    59 
    60   * Fixed mod_python status codes using a solution proposed by John Krukoff.
    61   * Fixed a Twisted deprecation warning when accessing port numbers, thanks to
    62     John Krukoff.
    63   * Added Ubuntu Feisty (7.04) package support.
    64   * Tidied up the documentation HTML.
    65 
    66 New in WebStack 1.2.4 (Changes since WebStack 1.2.3)
    67 ----------------------------------------------------
    68 
    69   * Made a SessionDirectoryRepository which uses directories for data produced
    70     by the shelve module, rather than attempting to manipulate files produced
    71     by the shelve module, since the details of such files may differ between
    72     environments: a situation noticed by John Krukoff in an environment
    73     without the bsddb module installed.
    74 
    75 New in WebStack 1.2.3 (Changes since WebStack 1.2.2)
    76 ----------------------------------------------------
    77 
    78   * Fixed inadvertent OpenSSL dependency, noticed by John Krukoff.
    79 
    80 New in WebStack 1.2.2 (Changes since WebStack 1.2.1)
    81 ----------------------------------------------------
    82 
    83   * Added an EncodingSelector class for the setting of default encodings on
    84     transactions.
    85   * Added some documentation about path processing strategies.
    86   * Added a secure variant of the BaseHTTPServer provided in the adapter for
    87     BaseHTTPRequestHandler.
    88 
    89 New in WebStack 1.2.1 (Changes since WebStack 1.2)
    90 --------------------------------------------------
    91 
    92   * Fixed mod_python get_content_type method.
    93   * Fixed LoginResource form field processing; changed the field type to
    94     password.
    95   * Exposed LoginResource and LoginRedirectResource page contents as
    96     attributes.
    97   * Added documentation about extending LoginRedirectResource and using
    98     PathSelector to remember an application's root path.
    99   * Changed handle_errors to 1 throughout the examples.
   100 
   101 New in WebStack 1.2 (Changes since WebStack 1.1.2)
   102 --------------------------------------------------
   103 
   104   * Added support for Django.
   105   * Fixed documentation about the representation of file upload fields.
   106   * Changed mod_python, Java Servlet and Webware (> 0.8.1) deployment to use a
   107     deploy function instead of more complicated configuration mechanisms.
   108   * Improved mod_python deployment documentation and tools so that cleaner
   109     application paths/URLs can now be used.
   110   * Moved user and path_info default definitions into WebStack.Generic as
   111     class attributes.
   112   * Fixed encoding usage issues with path fields when using get_fields in a
   113     Zope environment.
   114   * Added a FileResource class to WebStack.Resources.Static.
   115   * Made DirectoryRepository convert filenames to Unicode in all cases.
   116   * Renamed the Apache and Java Servlet tools, making them scripts which are
   117     installed by setup.py.
   118   * Fixed CGI content charsets and languages support.
   119   * Fixed CGI cookie output.
   120   * Added URL overriding in the LoginRedirectResource.
   121   * Exposed a get_target function from WebStack.Resources.Login in order to
   122     better support alternative login resources.
   123   * Added improved error reporting for BaseHTTPRequestHandler, CGI, Django and
   124     WSGI.
   125   * Added a traverse_path method to the Transaction class.
   126   * Made a path_encoding alias for urlencoding in the initialisation of
   127     WebStack.Resources.ResourceMap objects.
   128   * Added a Selectors module to WebStack.Resources in order to support common
   129     resource selection patterns.
   130 
   131 New in WebStack 1.1.2 (Changes since WebStack 1.1.1)
   132 ----------------------------------------------------
   133 
   134   * Fixed missing import in WebStack.Repositories.Directory.
   135 
   136 New in WebStack 1.1.1 (Changes since WebStack 1.1)
   137 --------------------------------------------------
   138 
   139   * Fixed update_path to handle the root path properly.
   140 
   141 New in WebStack 1.1 (Changes since WebStack 1.0)
   142 ------------------------------------------------
   143 
   144   * Added a Repositories package to provide session-like support for
   145     different kinds of storage.
   146   * Added an explicit filesystem encoding to the Calendar example and adopted
   147     the DirectoryRepository from the Repositories package.
   148   * Added get_path_without_info, update_path and redirect methods to the
   149     Transaction class.
   150   * Added get_attributes (attribute support) to the Transaction class.
   151   * Added a values method to Helpers.Session.Wrapper.
   152   * Fixed get_processed_virtual_path_info (to match from right to left).
   153   * Improved/fixed exception handling in the adapters so that transactions are
   154     committed as the final act of an adapter experiencing an unhandled
   155     exception. This should result in session stores being closed properly.
   156   * Changed the Helpers.Session.SessionStore to use DirectoryRepository.
   157   * Made the "not found" behaviour of DirectoryResource more configurable.
   158   * Added documentation for MapResource and DirectoryResource.
   159   * Fixed the distribution names in the Ubuntu changelog.
   160 
   161 New in WebStack 1.0 (Changes since WebStack 0.10)
   162 -------------------------------------------------
   163 
   164   * Changed the behaviour of get_path, get_path_without_query, get_path_info,
   165     get_virtual_path_info, get_processed_virtual_path_info and
   166     get_fields_from_path to return Unicode data decoded using the optional
   167     encoding parameter or a common default encoding.
   168   * Fixed file upload values so that FileContent objects are returned for such
   169     fields in get_fields_from_body and get_fields.
   170     (Warning! Except for Twisted!)
   171   * Fixed the JavaServlet support so that streams and file content are
   172     obtained as "almost" plain strings.
   173   * Updated/fixed LoginResource and LoginRedirectResource to use the updated
   174     path API and to handle special characters properly.
   175   * Added convenience methods to Transaction for the decoding and encoding of
   176     path values (to and from Unicode objects) - see the decode_path and
   177     encode_path methods.
   178   * Added the notion of processed virtual path info - the part of the original
   179     path info not represented in the current virtual path info.
   180   * Added "pass through" behaviour to ResourceMap.MapResource (prompted by a
   181     patch from Scott Robinson).
   182   * Fixed ResourceMap.MapResource to handle non-existent resources properly
   183     (where the virtual path info is only one component in length).
   184   * Added Debian package support.
   185   * Added automatic session directory creation for the WebStack sessions
   186     implementation.
   187   * Added support for the repeated retrieval of sessions from the same
   188     WebStack session store, avoiding deadlocks.
   189   * Fixed the calendar example, making it perform a proper function.
   190   * Made the BaseHTTPRequestHandler and Twisted SimpleWithLogin applications
   191     include the Login application, since Konqueror (at least) does not share
   192     cookies across different port numbers on the same host.
   193   * Added the SimpleWithLogin and Login applications to the demonstration.
   194   * Improved the documentation, adding information on request headers, and
   195     describing file upload and session support limitations.
   196   * Improved the AOLserver-related notes for CGI and Webware, adding a patch
   197     for Webware in order to work around AOLserver issues.
   198 
   199 New in WebStack 0.10 (Changes since WebStack 0.9)
   200 -------------------------------------------------
   201 
   202   * Changes to make the tools/demo.py script work on Windows (and other)
   203     platforms (suggested by Jim Madsen).
   204   * Fixed end of header newlines for CGI (suggested by Matt Harrison).
   205   * Minor documentation fixes and improvements, adding information on
   206     AOLserver in the CGI and Webware notes.
   207   * Changed the mod_python server name method to use the server object rather
   208     than the connection object.
   209   * Added a parameter to the ResourceMap.MapResource class to permit automatic
   210     redirects into resource hierarchies when no trailing "/" was given in the
   211     URL; changed the updated virtual path info so that empty values may be set
   212     (the guarantee that "/" will always appear no longer applies).
   213   * Fixed virtual path info retrieval when the value is an empty string.
   214 
   215 New in WebStack 0.9 (Changes since WebStack 0.8)
   216 ------------------------------------------------
   217 
   218   * Standardised error handling in the adapters so that tracebacks can be
   219     suppressed and an internal server error condition raised.
   220   * Added overriding of path info in transactions.
   221   * Added a ResourceMap resource for dispatching to different resources
   222     according to path components.
   223   * Standardised deployment for some frameworks (see docs/deploying.html).
   224   * Introductory documentation in XHTML format.
   225   * Added server name and port methods to the transaction.
   226   * Added a simple demonstration application, incorporating many of the
   227     examples and launched under a single script.
   228   * Fixed mod_python native sessions.
   229   * Fixed Zope request stream access.
   230   * WebStack is now licensed under the LGPL - see docs/COPYING.txt for
   231     details.
   232 
   233 New in WebStack 0.8 (Changes since WebStack 0.7)
   234 ------------------------------------------------
   235 
   236   * Added a standard exception, EndOfResponse, which can be used to
   237     immediately stop the processing/production of a response; this is useful
   238     when resources need to issue a redirect without unnecessary content being
   239     generated, for example.
   240   * Fixed path information for Zope.
   241   * Added WSGI support.
   242   * Verified Twisted 1.3.0 support with Python 2.3.3.
   243 
   244 New in WebStack 0.7 (Changes since WebStack 0.6)
   245 ------------------------------------------------
   246 
   247   * Fixed path information semantics.
   248   * Fixed file upload semantics.
   249   * Fixed content type handling for Unicode output and for interpreting
   250     request body fields/parameters (although some improvement remains).
   251   * Added a method to discover the chosen response stream encoding.
   252   * Fixed field/parameter retrieval so that path and body fields are distinct,
   253     regardless of the framework employed.
   254   * Added a method to get a combination of path and body fields (suggested by
   255     Jacob Smullyan).
   256   * Introduced Zope 2 support.
   257   * Improved Jython/Java Servlet API support (although a special PyServlet
   258     class must now be used, and certain libraries must be deployed with
   259     applications).
   260   * Introduced authentication/authorisation support for Jython/Java Servlet
   261     API.
   262   * Session support has been added (except for Webware 0.8.1).
   263   * Alternative cookie support for mod_python has been added.
   264   * Cookie support now supports encoded Unicode sequences for names and
   265     values.
   266 
   267 New in WebStack 0.6 (Changes since WebStack 0.5)
   268 ------------------------------------------------
   269 
   270   * Introduced Jython/Java Servlet API support.
   271   * Minor fixes to example applications and to BaseHTTPRequestHandler.
   272 
   273 New in WebStack 0.5 (Changes since WebStack 0.4)
   274 ------------------------------------------------
   275 
   276   * Changed request body fields/parameters so that they are now represented
   277     using Unicode objects rather than plain strings.
   278   * Introduced better support for Unicode in response streams.
   279 
   280 New in WebStack 0.4 (Changes since WebStack 0.3)
   281 ------------------------------------------------
   282 
   283   * Added application definition of user identity, permitting alternative
   284     authentication mechanisms.
   285   * Improved BaseHTTPRequestHandler and mod_python reliability around fields
   286     from request bodies.
   287   * Provided stream and environment parameterisation in the CGI adapter.
   288   * Added LoginRedirect and Login examples.
   289   * Added get_path_without_query and fixed get_path behaviour.
   290 
   291 New in WebStack 0.3 (Changes since WebStack 0.2)
   292 ------------------------------------------------
   293 
   294   * Added better header support for Webware (suggested by Ian Bicking).
   295   * Introduced CGI and Java Servlet support (the latter is currently
   296     broken/unfinished).
   297   * Introduced support for cookies.
   298 
   299 Future Work
   300 -----------
   301 
   302 (Essential)
   303 
   304 Twisted 1.3.0 does not provide file upload metadata, and Twisted Web 0.5.0
   305 also seems to be missing this functionality. It isn't obvious whether Twisted
   306 Web2 will just copy its predecessors and provide a similarly limited API.
   307 Perhaps the Twisted support needs to resemble the CGI support much more when
   308 handling fields.
   309 
   310 JythonServlet libraries need to be configured using sys.add_package when
   311 these do not feature in the compiled-in list. Adding such configuration to
   312 the handler may be most appropriate (since the web.xml file can be too
   313 arcane), but this needs testing.
   314 
   315 The algorithm employed in the WebStack.Helpers.Auth.get_token function
   316 should be reviewed and improved for better security.
   317 
   318 (Important)
   319 
   320 Field access needs testing, especially for anything using the
   321 cgi.FieldStorage class, and the way file uploads are exposed should be
   322 reviewed (currently the meta-data is not exposed). The acquisition of fields
   323 from specific sources should be tested with different request methods - some
   324 frameworks provide path fields in the body fields dictionary, others (eg.
   325 Zope) change the fields exposed depending on request method.
   326 
   327 Interpretation of path field encodings needs to be verified. Currently,
   328 stray path fields are handled (eg. in WebStack.Helpers.Request) as being
   329 ISO-8859-1, but it might be the case that some such fields might be
   330 submitted as UTF-8. The decode_path method on Transaction does do much of the
   331 work that is likely to be required, however. Still, a good policy for decoding
   332 path fields, reducing the number of times one might specify the encoding in
   333 various method calls, may be important.
   334 
   335 An interesting test of encodings is to introduce things like the following to
   336 the path info and query string sections of the URL: %25F0?%E6=%F8&%25F0=%F8
   337 This should produce the following decoded result: %F0?æ=ø&%F0=ø
   338 (The above needs to be read in ISO-8859-1 or ISO-8859-15.)
   339 
   340 Cookie objects need defining strictly, especially since the standard library
   341 Cookie object behaves differently to mod_python (and possibly Webware)
   342 Cookie objects. Moreover, the set_cookie_value method needs to provide
   343 access to the usual cookie parameters as supported by the frameworks. The
   344 standard library Cookie module has issues with Unicode cookie names (and
   345 possibly values) - this is worked around, but it would be best to resolve
   346 this comprehensively.
   347 
   348 UTF-16 (and possibly other encodings) causes problems with HTML form data
   349 sent in POST requests using the application/x-www-form-urlencoded content
   350 type.  This should be reviewed at a later date when proper standardisation
   351 has taken place.
   352 
   353 Session support, especially through WebStack.Helpers.Session, should be
   354 reviewed and be made compatible with non-cookie mechanisms.
   355 
   356 Locking in the session support and in DirectoryRepository should be improved.
   357 
   358 HeaderValue objects should be employed more extensively. Thus, the header
   359 access methods may need to change their behaviour slightly. The get_headers
   360 method should potentially return a list for each item in the dictionary.
   361 
   362 WSGI support could demand that a special "end of headers" method be
   363 introduced into WebStack, thus making response output more efficient (and
   364 probably also for other frameworks, too).
   365 
   366 Investigate proper support for HEAD, OPTIONS and other request methods.
   367 
   368 Consider packages for different operating systems (other than Debian).
   369 
   370 Investigate cStringIO usage.
   371 
   372 The location of deployed applications in the filesystem should be exposed to
   373 those applications. (This is actually available in the __file__ module
   374 variable.) A resource could be provided to record the "root" path and added to
   375 a resource hierarchy or site map. Note that PathSelector records the "root"
   376 path, although it is not automatically deployed.
   377 
   378 (Completed/rejected)
   379 
   380 Path information should be consistent across all frameworks, and the "path
   381 info" value should be meaningful. (This should now be correct.)
   382 
   383 Investigate the nicer functions in the cgi module, discarding the "magic"
   384 stuff like FieldStorage. (These nicer functions are used by projects like
   385 Twisted - as of 1.3.0 at least - and do not give the necessary information we
   386 require.)
   387 
   388 Release Procedures
   389 ------------------
   390 
   391 Update the WebStack/__init__.py __version__ attribute.
   392 Change the version number and package filename/directory in the documentation.
   393 Change code examples in the documentation if appropriate.
   394 Update the release notes (see above).
   395 Check the setup.py file and ensure that all package directories are mentioned.
   396 Check the release information in the PKG-INFO file and in the package
   397 changelog (and other files).
   398 Tag, export.
   399 Generate the PyServlet classes.
   400 Generate the API documentation.
   401 Remove generated .pyc files: rm `find . -name "*.pyc"`
   402 Archive, upload.
   403 Upload the introductory documentation.
   404 Update PyPI, PythonInfo Wiki entries.
   405 
   406 Generating the API Documentation
   407 --------------------------------
   408 
   409 In order to prepare the API documentation, it is necessary to generate some
   410 Web pages from the Python source code. For this, the epydoc application must
   411 be available on your system. Then, inside the distribution directory, run the
   412 apidocs.sh tool script as follows:
   413 
   414 ./tools/apidocs.sh
   415 
   416 Some warnings may be generated by the script, but the result should be a new
   417 apidocs directory within the distribution directory.
   418 
   419 Making Packages
   420 ---------------
   421 
   422 To make Debian-based packages:
   423 
   424   1. Create new package directories under packages if necessary.
   425   2. Make a symbolic link in the distribution's root directory to keep the
   426      Debian tools happy. For example:
   427 
   428      ln -s packages/ubuntu-hoary/python2.4-webstack/debian/
   429      ln -s packages/ubuntu-feisty/python-webstack/debian/
   430 
   431   3. Run the package builder:
   432 
   433      dpkg-buildpackage -rfakeroot
   434 
   435   4. Locate and tidy up the packages in the parent directory of the
   436      distribution's root directory.