1 Introduction
2 ------------
3
4 WebStack is a package which provides a common API for Python Web
5 applications, regardless of the underlying server or framework environment.
6 It should be possible with WebStack to design and implement an application,
7 to choose a deployment environment, and then to be able to deploy the
8 application in a different environment later on without having to go back
9 and rewrite substantial parts of the application.
10
11 Quick Start
12 -----------
13
14 Try running the demo:
15
16 python tools/demo.py
17
18 An introductory guide to creating applications can be found in the docs
19 directory - see docs/index.html for the start page.
20
21 Contact, Copyright and Licence Information
22 ------------------------------------------
23
24 The current Web page for WebStack at the time of release is:
25
26 http://www.boddie.org.uk/python/WebStack.html
27
28 Copyright and licence information can be found in the docs directory - see
29 docs/COPYING.txt, docs/LICENCE.txt and docs/LICENCE-PyServlet.txt for more
30 information.
31
32 Framework Support
33 -----------------
34
35 See the docs/supported-frameworks.html document for more information.
36
37 Dependencies
38 ------------
39
40 WebStack has the following basic dependencies:
41
42 Packages Release Information
43 -------- -------------------
44
45 libxml2dom 0.4.3 (for OpenID support)
46 libxml2 and libxslt Some combinations may not be reliable!
47 Tested with libxml2 2.6.17 and libxslt 1.1.12
48 Tested with libxml2 2.6.27 and libxslt 1.1.20
49 libxslt 1.1.17 should be avoided
50
51 If the OpenID support is not used, the above packages need not be installed.
52
53 New in WebStack 1.3 (Changes since WebStack 1.2.7)
54 --------------------------------------------------
55
56 * Changed the default_charset on WebStack.Generic.Transaction to UTF-8,
57 introducing a safe_default_charset attribute which employs ISO-8859-1, and
58 removing the default encoding on various resources, making them rely on
59 the default_charset property instead.
60 WARNING: These changes could upset some applications. The EncodingSelector
61 should be used to override the default_charset setting if appropriate.
62 * Added an encode_url_without_query to Transaction for use with combined
63 protocol, address and path values.
64 * Added a StringResource to WebStack.Resources.Static, serving strings as
65 responses.
66 * Added Last-Modified headers to DirectoryResource and FileResource
67 responses.
68 * Added experimental OpenID support; improved the authentication resources
69 and mechanisms.
70 * Added a StoreSelector to WebStack.Resources.Selectors in order to provide
71 a convenient mechanism for database-related applications.
72 * Changed LoginRedirectResource to use class attributes for various optional
73 parameters, rather than having these supplied to the initialiser.
74 WARNING: These changes could affect some applications.
75 * Added a SiteLoginRedirectResource for site-specific login redirection to
76 WebStack.Resources.LoginRedirect.
77 * Added AuthInfoSelector for the retrieval of authentication details and
78 ConditionalAuthSelector for conditional authentication to
79 WebStack.Resources.Selectors.
80 * Added a filename attribute to FileContent instances, provided for file
81 upload parameters.
82 * Made content_type an attribute of Transaction instances, always indicating
83 the set content type for responses.
84
85 New in WebStack 1.2.7 (Changes since WebStack 1.2.6)
86 ----------------------------------------------------
87
88 * Fixed the MessageBodyStream class, adding an optional parameter to the
89 readline method which seems to be necessary when handling multipart
90 requests.
91 * Introduced stream usage for file uploads where possible, in order to
92 reduce memory usage (suggested by Kevin Glynn), adding a stream attribute
93 to the FileContent class and making the content attribute a property.
94 * Removed error handling in the examples in order to make troubleshooting
95 easier.
96 * Fixed header issues by introducing a special HeaderDict class which
97 enforces the case-insensitivity expected of header dictionaries.
98
99 New in WebStack 1.2.6 (Changes since WebStack 1.2.5)
100 ----------------------------------------------------
101
102 * Added a jython-webstack package for Ubuntu Feisty (7.04).
103 * Improved support for Jython on Ubuntu Feisty (7.04), adding python.path
104 and python.cachedir settings which respectively avoid issues with missing
105 libraries (due to the separation of libraries in the Ubuntu package) and
106 with failed imports (due to a read-only class cache directory).
107 * Improved the webstack_java_build.py script and added a deployment
108 descriptor for JSP to accompany the new Java Servlet-specific JSPTest
109 example.
110 * Added a special Java Servlet-specific get_servlet method to support the
111 JSPTest example. It is envisaged that a more general method could be made
112 available for all frameworks in order to support access to underlying
113 request dispatchers and other framework facilities.
114 * Added more Jython-related documentation as suggested by Kevin Glynn.
115 * Added missing request headers for CGI/WSGI environment variables.
116 * Fixed Webware support to work with Webware 0.9.4.
117 * Fixed/improved Zope path value retrieval.
118 * Added support for wsgiref, changing the WSGI deploy function for CGI-based
119 applications to deploy_as_cgi and adding a deploy_with_wsgiref function.
120
121 New in WebStack 1.2.5 (Changes since WebStack 1.2.4)
122 ----------------------------------------------------
123
124 * Fixed mod_python status codes using a solution proposed by John Krukoff.
125 * Fixed a Twisted deprecation warning when accessing port numbers, thanks to
126 John Krukoff.
127 * Added Ubuntu Feisty (7.04) package support.
128 * Tidied up the documentation HTML.
129
130 New in WebStack 1.2.4 (Changes since WebStack 1.2.3)
131 ----------------------------------------------------
132
133 * Made a SessionDirectoryRepository which uses directories for data produced
134 by the shelve module, rather than attempting to manipulate files produced
135 by the shelve module, since the details of such files may differ between
136 environments: a situation noticed by John Krukoff in an environment
137 without the bsddb module installed.
138
139 New in WebStack 1.2.3 (Changes since WebStack 1.2.2)
140 ----------------------------------------------------
141
142 * Fixed inadvertent OpenSSL dependency, noticed by John Krukoff.
143
144 New in WebStack 1.2.2 (Changes since WebStack 1.2.1)
145 ----------------------------------------------------
146
147 * Added an EncodingSelector class for the setting of default encodings on
148 transactions.
149 * Added some documentation about path processing strategies.
150 * Added a secure variant of the BaseHTTPServer provided in the adapter for
151 BaseHTTPRequestHandler.
152
153 New in WebStack 1.2.1 (Changes since WebStack 1.2)
154 --------------------------------------------------
155
156 * Fixed mod_python get_content_type method.
157 * Fixed LoginResource form field processing; changed the field type to
158 password.
159 * Exposed LoginResource and LoginRedirectResource page contents as
160 attributes.
161 * Added documentation about extending LoginRedirectResource and using
162 PathSelector to remember an application's root path.
163 * Changed handle_errors to 1 throughout the examples.
164
165 New in WebStack 1.2 (Changes since WebStack 1.1.2)
166 --------------------------------------------------
167
168 * Added support for Django.
169 * Fixed documentation about the representation of file upload fields.
170 * Changed mod_python, Java Servlet and Webware (> 0.8.1) deployment to use a
171 deploy function instead of more complicated configuration mechanisms.
172 * Improved mod_python deployment documentation and tools so that cleaner
173 application paths/URLs can now be used.
174 * Moved user and path_info default definitions into WebStack.Generic as
175 class attributes.
176 * Fixed encoding usage issues with path fields when using get_fields in a
177 Zope environment.
178 * Added a FileResource class to WebStack.Resources.Static.
179 * Made DirectoryRepository convert filenames to Unicode in all cases.
180 * Renamed the Apache and Java Servlet tools, making them scripts which are
181 installed by setup.py.
182 * Fixed CGI content charsets and languages support.
183 * Fixed CGI cookie output.
184 * Added URL overriding in the LoginRedirectResource.
185 * Exposed a get_target function from WebStack.Resources.Login in order to
186 better support alternative login resources.
187 * Added improved error reporting for BaseHTTPRequestHandler, CGI, Django and
188 WSGI.
189 * Added a traverse_path method to the Transaction class.
190 * Made a path_encoding alias for urlencoding in the initialisation of
191 WebStack.Resources.ResourceMap objects.
192 * Added a Selectors module to WebStack.Resources in order to support common
193 resource selection patterns.
194
195 New in WebStack 1.1.2 (Changes since WebStack 1.1.1)
196 ----------------------------------------------------
197
198 * Fixed missing import in WebStack.Repositories.Directory.
199
200 New in WebStack 1.1.1 (Changes since WebStack 1.1)
201 --------------------------------------------------
202
203 * Fixed update_path to handle the root path properly.
204
205 New in WebStack 1.1 (Changes since WebStack 1.0)
206 ------------------------------------------------
207
208 * Added a Repositories package to provide session-like support for
209 different kinds of storage.
210 * Added an explicit filesystem encoding to the Calendar example and adopted
211 the DirectoryRepository from the Repositories package.
212 * Added get_path_without_info, update_path and redirect methods to the
213 Transaction class.
214 * Added get_attributes (attribute support) to the Transaction class.
215 * Added a values method to Helpers.Session.Wrapper.
216 * Fixed get_processed_virtual_path_info (to match from right to left).
217 * Improved/fixed exception handling in the adapters so that transactions are
218 committed as the final act of an adapter experiencing an unhandled
219 exception. This should result in session stores being closed properly.
220 * Changed the Helpers.Session.SessionStore to use DirectoryRepository.
221 * Made the "not found" behaviour of DirectoryResource more configurable.
222 * Added documentation for MapResource and DirectoryResource.
223 * Fixed the distribution names in the Ubuntu changelog.
224
225 New in WebStack 1.0 (Changes since WebStack 0.10)
226 -------------------------------------------------
227
228 * Changed the behaviour of get_path, get_path_without_query, get_path_info,
229 get_virtual_path_info, get_processed_virtual_path_info and
230 get_fields_from_path to return Unicode data decoded using the optional
231 encoding parameter or a common default encoding.
232 * Fixed file upload values so that FileContent objects are returned for such
233 fields in get_fields_from_body and get_fields.
234 (Warning! Except for Twisted!)
235 * Fixed the JavaServlet support so that streams and file content are
236 obtained as "almost" plain strings.
237 * Updated/fixed LoginResource and LoginRedirectResource to use the updated
238 path API and to handle special characters properly.
239 * Added convenience methods to Transaction for the decoding and encoding of
240 path values (to and from Unicode objects) - see the decode_path and
241 encode_path methods.
242 * Added the notion of processed virtual path info - the part of the original
243 path info not represented in the current virtual path info.
244 * Added "pass through" behaviour to ResourceMap.MapResource (prompted by a
245 patch from Scott Robinson).
246 * Fixed ResourceMap.MapResource to handle non-existent resources properly
247 (where the virtual path info is only one component in length).
248 * Added Debian package support.
249 * Added automatic session directory creation for the WebStack sessions
250 implementation.
251 * Added support for the repeated retrieval of sessions from the same
252 WebStack session store, avoiding deadlocks.
253 * Fixed the calendar example, making it perform a proper function.
254 * Made the BaseHTTPRequestHandler and Twisted SimpleWithLogin applications
255 include the Login application, since Konqueror (at least) does not share
256 cookies across different port numbers on the same host.
257 * Added the SimpleWithLogin and Login applications to the demonstration.
258 * Improved the documentation, adding information on request headers, and
259 describing file upload and session support limitations.
260 * Improved the AOLserver-related notes for CGI and Webware, adding a patch
261 for Webware in order to work around AOLserver issues.
262
263 New in WebStack 0.10 (Changes since WebStack 0.9)
264 -------------------------------------------------
265
266 * Changes to make the tools/demo.py script work on Windows (and other)
267 platforms (suggested by Jim Madsen).
268 * Fixed end of header newlines for CGI (suggested by Matt Harrison).
269 * Minor documentation fixes and improvements, adding information on
270 AOLserver in the CGI and Webware notes.
271 * Changed the mod_python server name method to use the server object rather
272 than the connection object.
273 * Added a parameter to the ResourceMap.MapResource class to permit automatic
274 redirects into resource hierarchies when no trailing "/" was given in the
275 URL; changed the updated virtual path info so that empty values may be set
276 (the guarantee that "/" will always appear no longer applies).
277 * Fixed virtual path info retrieval when the value is an empty string.
278
279 New in WebStack 0.9 (Changes since WebStack 0.8)
280 ------------------------------------------------
281
282 * Standardised error handling in the adapters so that tracebacks can be
283 suppressed and an internal server error condition raised.
284 * Added overriding of path info in transactions.
285 * Added a ResourceMap resource for dispatching to different resources
286 according to path components.
287 * Standardised deployment for some frameworks (see docs/deploying.html).
288 * Introductory documentation in XHTML format.
289 * Added server name and port methods to the transaction.
290 * Added a simple demonstration application, incorporating many of the
291 examples and launched under a single script.
292 * Fixed mod_python native sessions.
293 * Fixed Zope request stream access.
294 * WebStack is now licensed under the LGPL - see docs/COPYING.txt for
295 details.
296
297 New in WebStack 0.8 (Changes since WebStack 0.7)
298 ------------------------------------------------
299
300 * Added a standard exception, EndOfResponse, which can be used to
301 immediately stop the processing/production of a response; this is useful
302 when resources need to issue a redirect without unnecessary content being
303 generated, for example.
304 * Fixed path information for Zope.
305 * Added WSGI support.
306 * Verified Twisted 1.3.0 support with Python 2.3.3.
307
308 New in WebStack 0.7 (Changes since WebStack 0.6)
309 ------------------------------------------------
310
311 * Fixed path information semantics.
312 * Fixed file upload semantics.
313 * Fixed content type handling for Unicode output and for interpreting
314 request body fields/parameters (although some improvement remains).
315 * Added a method to discover the chosen response stream encoding.
316 * Fixed field/parameter retrieval so that path and body fields are distinct,
317 regardless of the framework employed.
318 * Added a method to get a combination of path and body fields (suggested by
319 Jacob Smullyan).
320 * Introduced Zope 2 support.
321 * Improved Jython/Java Servlet API support (although a special PyServlet
322 class must now be used, and certain libraries must be deployed with
323 applications).
324 * Introduced authentication/authorisation support for Jython/Java Servlet
325 API.
326 * Session support has been added (except for Webware 0.8.1).
327 * Alternative cookie support for mod_python has been added.
328 * Cookie support now supports encoded Unicode sequences for names and
329 values.
330
331 New in WebStack 0.6 (Changes since WebStack 0.5)
332 ------------------------------------------------
333
334 * Introduced Jython/Java Servlet API support.
335 * Minor fixes to example applications and to BaseHTTPRequestHandler.
336
337 New in WebStack 0.5 (Changes since WebStack 0.4)
338 ------------------------------------------------
339
340 * Changed request body fields/parameters so that they are now represented
341 using Unicode objects rather than plain strings.
342 * Introduced better support for Unicode in response streams.
343
344 New in WebStack 0.4 (Changes since WebStack 0.3)
345 ------------------------------------------------
346
347 * Added application definition of user identity, permitting alternative
348 authentication mechanisms.
349 * Improved BaseHTTPRequestHandler and mod_python reliability around fields
350 from request bodies.
351 * Provided stream and environment parameterisation in the CGI adapter.
352 * Added LoginRedirect and Login examples.
353 * Added get_path_without_query and fixed get_path behaviour.
354
355 New in WebStack 0.3 (Changes since WebStack 0.2)
356 ------------------------------------------------
357
358 * Added better header support for Webware (suggested by Ian Bicking).
359 * Introduced CGI and Java Servlet support (the latter is currently
360 broken/unfinished).
361 * Introduced support for cookies.
362
363 Future Work
364 -----------
365
366 (Essential)
367
368 Twisted 1.3.0 does not provide file upload metadata, and Twisted Web 0.5.0
369 also seems to be missing this functionality. It isn't obvious whether Twisted
370 Web2 will just copy its predecessors and provide a similarly limited API.
371 Perhaps the Twisted support needs to resemble the CGI support much more when
372 handling fields.
373
374 JythonServlet libraries need to be configured using sys.add_package when
375 these do not feature in the compiled-in list. Adding such configuration to
376 the handler may be most appropriate (since the web.xml file can be too
377 arcane), but this needs testing.
378
379 The algorithm employed in the WebStack.Helpers.Auth.get_token function
380 should be reviewed and improved for better security.
381
382 (Important)
383
384 Field access needs testing, especially for anything using the
385 cgi.FieldStorage class, and the way file uploads are exposed should be
386 reviewed (currently the meta-data is not exposed). The acquisition of fields
387 from specific sources should be tested with different request methods - some
388 frameworks provide path fields in the body fields dictionary, others (eg.
389 Zope) change the fields exposed depending on request method.
390
391 Interpretation of path field encodings needs to be verified. Currently,
392 stray path fields are handled (eg. in WebStack.Helpers.Request) as being
393 ISO-8859-1, but it might be the case that some such fields might be
394 submitted as UTF-8. The decode_path method on Transaction does do much of the
395 work that is likely to be required, however. Still, a good policy for decoding
396 path fields, reducing the number of times one might specify the encoding in
397 various method calls, may be important.
398
399 An interesting test of encodings is to introduce things like the following to
400 the path info and query string sections of the URL: %25F0?%E6=%F8&%25F0=%F8
401 This should produce the following decoded result: %F0?æ=ø&%F0=ø
402 (The above needs to be read in ISO-8859-1 or ISO-8859-15.)
403
404 Cookie objects need defining strictly, especially since the standard library
405 Cookie object behaves differently to mod_python (and possibly Webware)
406 Cookie objects. Moreover, the set_cookie_value method needs to provide
407 access to the usual cookie parameters as supported by the frameworks. The
408 standard library Cookie module has issues with Unicode cookie names (and
409 possibly values) - this is worked around, but it would be best to resolve
410 this comprehensively.
411
412 UTF-16 (and possibly other encodings) causes problems with HTML form data
413 sent in POST requests using the application/x-www-form-urlencoded content
414 type. This should be reviewed at a later date when proper standardisation
415 has taken place.
416
417 Session support, especially through WebStack.Helpers.Session, should be
418 reviewed and be made compatible with non-cookie mechanisms.
419
420 Locking in the session support and in DirectoryRepository should be improved.
421
422 HeaderValue objects should be employed more extensively. Thus, the header
423 access methods may need to change their behaviour slightly. The get_headers
424 method should potentially return a list for each item in the dictionary.
425
426 WSGI support could demand that a special "end of headers" method be
427 introduced into WebStack, thus making response output more efficient (and
428 probably also for other frameworks, too).
429
430 Investigate proper support for HEAD, OPTIONS and other request methods.
431
432 Consider packages for different operating systems (other than Debian).
433
434 Investigate cStringIO usage.
435
436 The location of deployed applications in the filesystem should be exposed to
437 those applications. (This is actually available in the __file__ module
438 variable.) A resource could be provided to record the "root" path and added to
439 a resource hierarchy or site map. Note that PathSelector records the "root"
440 path, although it is not automatically deployed.
441
442 (Completed/rejected)
443
444 Path information should be consistent across all frameworks, and the "path
445 info" value should be meaningful. (This should now be correct.)
446
447 Investigate the nicer functions in the cgi module, discarding the "magic"
448 stuff like FieldStorage. (These nicer functions are used by projects like
449 Twisted - as of 1.3.0 at least - and do not give the necessary information we
450 require.)
451
452 Release Procedures
453 ------------------
454
455 Update the WebStack/__init__.py __version__ attribute.
456 Change the version number and package filename/directory in the documentation.
457 Change code examples in the documentation if appropriate.
458 Update the release notes (see above).
459 Check the setup.py file and ensure that all package directories are mentioned.
460 Check the release information in the PKG-INFO file and in the package
461 changelog (and other files).
462 Tag, export.
463 Generate the PyServlet classes.
464 Generate the API documentation.
465 Remove generated .pyc files: rm `find . -name "*.pyc"`
466 Archive, upload.
467 Upload the introductory documentation.
468 Update PyPI, PythonInfo Wiki entries.
469
470 Generating the PyServlet Classes
471 --------------------------------
472
473 In order to generate the PyServlet classes, it is necessary to run the
474 supplied script:
475
476 ./tools/JavaServlet/compile.sh
477
478 This produces Java classes and a .jar file for use by WebStack applications
479 running on the Java platform.
480
481 Generating the API Documentation
482 --------------------------------
483
484 In order to prepare the API documentation, it is necessary to generate some
485 Web pages from the Python source code. For this, the epydoc application must
486 be available on your system. Then, inside the distribution directory, run the
487 apidocs.sh tool script as follows:
488
489 ./tools/apidocs.sh
490
491 Some warnings may be generated by the script, but the result should be a new
492 apidocs directory within the distribution directory.
493
494 Making Packages
495 ---------------
496
497 To make Debian-based packages:
498
499 1. Create new package directories under packages if necessary.
500 2. Make a symbolic link in the distribution's root directory to keep the
501 Debian tools happy. For example, one of the following:
502
503 ln -s packages/ubuntu-hoary/python2.4-webstack/debian/
504 ln -s packages/ubuntu-feisty/python-webstack/debian/
505 ln -s packages/ubuntu-feisty/jython-webstack/debian/
506
507 3. Run the package builder:
508
509 dpkg-buildpackage -rfakeroot
510
511 4. Locate and tidy up the packages in the parent directory of the
512 distribution's root directory.