Introduction ------------ WebStack is a package which provides a common API for Python Web applications, regardless of the underlying server or framework environment. It should be possible with WebStack to design and implement an application, to choose a deployment environment, and then to be able to deploy the application in a different environment later on without having to go back and rewrite substantial parts of the application. Quick Start ----------- Try running the demo: python tools/demo.py An introductory guide to creating applications can be found in the docs directory - see docs/index.html for the start page. Contact, Copyright and Licence Information ------------------------------------------ The current Web page for WebStack at the time of release is: http://www.boddie.org.uk/python/WebStack.html Copyright and licence information can be found in the docs directory - see docs/COPYING.txt, docs/LICENCE.txt and docs/LICENCE-PyServlet.txt for more information. Framework Support ----------------- See the docs/supported-frameworks.html document for more information. New in WebStack 1.2.7 (Changes since WebStack 1.2.6) ---------------------------------------------------- * Fixed the MessageBodyStream class, adding an optional parameter to the readline method which seems to be necessary when handling multipart requests. * Introduced stream usage for file uploads where possible, in order to reduce memory usage (suggested by Kevin Glynn), adding a stream attribute to the FileContent class and making the content attribute a property. * Removed error handling in the examples in order to make troubleshooting easier. * Fixed header issues by introducing a special HeaderDict class which enforces the case-insensitivity expected of header dictionaries. New in WebStack 1.2.6 (Changes since WebStack 1.2.5) ---------------------------------------------------- * Added a jython-webstack package for Ubuntu Feisty (7.04). * Improved support for Jython on Ubuntu Feisty (7.04), adding python.path and python.cachedir settings which respectively avoid issues with missing libraries (due to the separation of libraries in the Ubuntu package) and with failed imports (due to a read-only class cache directory). * Improved the webstack_java_build.py script and added a deployment descriptor for JSP to accompany the new Java Servlet-specific JSPTest example. * Added a special Java Servlet-specific get_servlet method to support the JSPTest example. It is envisaged that a more general method could be made available for all frameworks in order to support access to underlying request dispatchers and other framework facilities. * Added more Jython-related documentation as suggested by Kevin Glynn. * Added missing request headers for CGI/WSGI environment variables. * Fixed Webware support to work with Webware 0.9.4. * Fixed/improved Zope path value retrieval. * Added support for wsgiref, changing the WSGI deploy function for CGI-based applications to deploy_as_cgi and adding a deploy_with_wsgiref function. New in WebStack 1.2.5 (Changes since WebStack 1.2.4) ---------------------------------------------------- * Fixed mod_python status codes using a solution proposed by John Krukoff. * Fixed a Twisted deprecation warning when accessing port numbers, thanks to John Krukoff. * Added Ubuntu Feisty (7.04) package support. * Tidied up the documentation HTML. New in WebStack 1.2.4 (Changes since WebStack 1.2.3) ---------------------------------------------------- * Made a SessionDirectoryRepository which uses directories for data produced by the shelve module, rather than attempting to manipulate files produced by the shelve module, since the details of such files may differ between environments: a situation noticed by John Krukoff in an environment without the bsddb module installed. New in WebStack 1.2.3 (Changes since WebStack 1.2.2) ---------------------------------------------------- * Fixed inadvertent OpenSSL dependency, noticed by John Krukoff. New in WebStack 1.2.2 (Changes since WebStack 1.2.1) ---------------------------------------------------- * Added an EncodingSelector class for the setting of default encodings on transactions. * Added some documentation about path processing strategies. * Added a secure variant of the BaseHTTPServer provided in the adapter for BaseHTTPRequestHandler. New in WebStack 1.2.1 (Changes since WebStack 1.2) -------------------------------------------------- * Fixed mod_python get_content_type method. * Fixed LoginResource form field processing; changed the field type to password. * Exposed LoginResource and LoginRedirectResource page contents as attributes. * Added documentation about extending LoginRedirectResource and using PathSelector to remember an application's root path. * Changed handle_errors to 1 throughout the examples. New in WebStack 1.2 (Changes since WebStack 1.1.2) -------------------------------------------------- * Added support for Django. * Fixed documentation about the representation of file upload fields. * Changed mod_python, Java Servlet and Webware (> 0.8.1) deployment to use a deploy function instead of more complicated configuration mechanisms. * Improved mod_python deployment documentation and tools so that cleaner application paths/URLs can now be used. * Moved user and path_info default definitions into WebStack.Generic as class attributes. * Fixed encoding usage issues with path fields when using get_fields in a Zope environment. * Added a FileResource class to WebStack.Resources.Static. * Made DirectoryRepository convert filenames to Unicode in all cases. * Renamed the Apache and Java Servlet tools, making them scripts which are installed by setup.py. * Fixed CGI content charsets and languages support. * Fixed CGI cookie output. * Added URL overriding in the LoginRedirectResource. * Exposed a get_target function from WebStack.Resources.Login in order to better support alternative login resources. * Added improved error reporting for BaseHTTPRequestHandler, CGI, Django and WSGI. * Added a traverse_path method to the Transaction class. * Made a path_encoding alias for urlencoding in the initialisation of WebStack.Resources.ResourceMap objects. * Added a Selectors module to WebStack.Resources in order to support common resource selection patterns. New in WebStack 1.1.2 (Changes since WebStack 1.1.1) ---------------------------------------------------- * Fixed missing import in WebStack.Repositories.Directory. New in WebStack 1.1.1 (Changes since WebStack 1.1) -------------------------------------------------- * Fixed update_path to handle the root path properly. New in WebStack 1.1 (Changes since WebStack 1.0) ------------------------------------------------ * Added a Repositories package to provide session-like support for different kinds of storage. * Added an explicit filesystem encoding to the Calendar example and adopted the DirectoryRepository from the Repositories package. * Added get_path_without_info, update_path and redirect methods to the Transaction class. * Added get_attributes (attribute support) to the Transaction class. * Added a values method to Helpers.Session.Wrapper. * Fixed get_processed_virtual_path_info (to match from right to left). * Improved/fixed exception handling in the adapters so that transactions are committed as the final act of an adapter experiencing an unhandled exception. This should result in session stores being closed properly. * Changed the Helpers.Session.SessionStore to use DirectoryRepository. * Made the "not found" behaviour of DirectoryResource more configurable. * Added documentation for MapResource and DirectoryResource. * Fixed the distribution names in the Ubuntu changelog. New in WebStack 1.0 (Changes since WebStack 0.10) ------------------------------------------------- * Changed the behaviour of get_path, get_path_without_query, get_path_info, get_virtual_path_info, get_processed_virtual_path_info and get_fields_from_path to return Unicode data decoded using the optional encoding parameter or a common default encoding. * Fixed file upload values so that FileContent objects are returned for such fields in get_fields_from_body and get_fields. (Warning! Except for Twisted!) * Fixed the JavaServlet support so that streams and file content are obtained as "almost" plain strings. * Updated/fixed LoginResource and LoginRedirectResource to use the updated path API and to handle special characters properly. * Added convenience methods to Transaction for the decoding and encoding of path values (to and from Unicode objects) - see the decode_path and encode_path methods. * Added the notion of processed virtual path info - the part of the original path info not represented in the current virtual path info. * Added "pass through" behaviour to ResourceMap.MapResource (prompted by a patch from Scott Robinson). * Fixed ResourceMap.MapResource to handle non-existent resources properly (where the virtual path info is only one component in length). * Added Debian package support. * Added automatic session directory creation for the WebStack sessions implementation. * Added support for the repeated retrieval of sessions from the same WebStack session store, avoiding deadlocks. * Fixed the calendar example, making it perform a proper function. * Made the BaseHTTPRequestHandler and Twisted SimpleWithLogin applications include the Login application, since Konqueror (at least) does not share cookies across different port numbers on the same host. * Added the SimpleWithLogin and Login applications to the demonstration. * Improved the documentation, adding information on request headers, and describing file upload and session support limitations. * Improved the AOLserver-related notes for CGI and Webware, adding a patch for Webware in order to work around AOLserver issues. New in WebStack 0.10 (Changes since WebStack 0.9) ------------------------------------------------- * Changes to make the tools/demo.py script work on Windows (and other) platforms (suggested by Jim Madsen). * Fixed end of header newlines for CGI (suggested by Matt Harrison). * Minor documentation fixes and improvements, adding information on AOLserver in the CGI and Webware notes. * Changed the mod_python server name method to use the server object rather than the connection object. * Added a parameter to the ResourceMap.MapResource class to permit automatic redirects into resource hierarchies when no trailing "/" was given in the URL; changed the updated virtual path info so that empty values may be set (the guarantee that "/" will always appear no longer applies). * Fixed virtual path info retrieval when the value is an empty string. New in WebStack 0.9 (Changes since WebStack 0.8) ------------------------------------------------ * Standardised error handling in the adapters so that tracebacks can be suppressed and an internal server error condition raised. * Added overriding of path info in transactions. * Added a ResourceMap resource for dispatching to different resources according to path components. * Standardised deployment for some frameworks (see docs/deploying.html). * Introductory documentation in XHTML format. * Added server name and port methods to the transaction. * Added a simple demonstration application, incorporating many of the examples and launched under a single script. * Fixed mod_python native sessions. * Fixed Zope request stream access. * WebStack is now licensed under the LGPL - see docs/COPYING.txt for details. New in WebStack 0.8 (Changes since WebStack 0.7) ------------------------------------------------ * Added a standard exception, EndOfResponse, which can be used to immediately stop the processing/production of a response; this is useful when resources need to issue a redirect without unnecessary content being generated, for example. * Fixed path information for Zope. * Added WSGI support. * Verified Twisted 1.3.0 support with Python 2.3.3. New in WebStack 0.7 (Changes since WebStack 0.6) ------------------------------------------------ * Fixed path information semantics. * Fixed file upload semantics. * Fixed content type handling for Unicode output and for interpreting request body fields/parameters (although some improvement remains). * Added a method to discover the chosen response stream encoding. * Fixed field/parameter retrieval so that path and body fields are distinct, regardless of the framework employed. * Added a method to get a combination of path and body fields (suggested by Jacob Smullyan). * Introduced Zope 2 support. * Improved Jython/Java Servlet API support (although a special PyServlet class must now be used, and certain libraries must be deployed with applications). * Introduced authentication/authorisation support for Jython/Java Servlet API. * Session support has been added (except for Webware 0.8.1). * Alternative cookie support for mod_python has been added. * Cookie support now supports encoded Unicode sequences for names and values. New in WebStack 0.6 (Changes since WebStack 0.5) ------------------------------------------------ * Introduced Jython/Java Servlet API support. * Minor fixes to example applications and to BaseHTTPRequestHandler. New in WebStack 0.5 (Changes since WebStack 0.4) ------------------------------------------------ * Changed request body fields/parameters so that they are now represented using Unicode objects rather than plain strings. * Introduced better support for Unicode in response streams. New in WebStack 0.4 (Changes since WebStack 0.3) ------------------------------------------------ * Added application definition of user identity, permitting alternative authentication mechanisms. * Improved BaseHTTPRequestHandler and mod_python reliability around fields from request bodies. * Provided stream and environment parameterisation in the CGI adapter. * Added LoginRedirect and Login examples. * Added get_path_without_query and fixed get_path behaviour. New in WebStack 0.3 (Changes since WebStack 0.2) ------------------------------------------------ * Added better header support for Webware (suggested by Ian Bicking). * Introduced CGI and Java Servlet support (the latter is currently broken/unfinished). * Introduced support for cookies. Future Work ----------- (Essential) Twisted 1.3.0 does not provide file upload metadata, and Twisted Web 0.5.0 also seems to be missing this functionality. It isn't obvious whether Twisted Web2 will just copy its predecessors and provide a similarly limited API. Perhaps the Twisted support needs to resemble the CGI support much more when handling fields. JythonServlet libraries need to be configured using sys.add_package when these do not feature in the compiled-in list. Adding such configuration to the handler may be most appropriate (since the web.xml file can be too arcane), but this needs testing. The algorithm employed in the WebStack.Helpers.Auth.get_token function should be reviewed and improved for better security. (Important) Field access needs testing, especially for anything using the cgi.FieldStorage class, and the way file uploads are exposed should be reviewed (currently the meta-data is not exposed). The acquisition of fields from specific sources should be tested with different request methods - some frameworks provide path fields in the body fields dictionary, others (eg. Zope) change the fields exposed depending on request method. Interpretation of path field encodings needs to be verified. Currently, stray path fields are handled (eg. in WebStack.Helpers.Request) as being ISO-8859-1, but it might be the case that some such fields might be submitted as UTF-8. The decode_path method on Transaction does do much of the work that is likely to be required, however. Still, a good policy for decoding path fields, reducing the number of times one might specify the encoding in various method calls, may be important. An interesting test of encodings is to introduce things like the following to the path info and query string sections of the URL: %25F0?%E6=%F8&%25F0=%F8 This should produce the following decoded result: %F0?æ=ø&%F0=ø (The above needs to be read in ISO-8859-1 or ISO-8859-15.) Cookie objects need defining strictly, especially since the standard library Cookie object behaves differently to mod_python (and possibly Webware) Cookie objects. Moreover, the set_cookie_value method needs to provide access to the usual cookie parameters as supported by the frameworks. The standard library Cookie module has issues with Unicode cookie names (and possibly values) - this is worked around, but it would be best to resolve this comprehensively. UTF-16 (and possibly other encodings) causes problems with HTML form data sent in POST requests using the application/x-www-form-urlencoded content type. This should be reviewed at a later date when proper standardisation has taken place. Session support, especially through WebStack.Helpers.Session, should be reviewed and be made compatible with non-cookie mechanisms. Locking in the session support and in DirectoryRepository should be improved. HeaderValue objects should be employed more extensively. Thus, the header access methods may need to change their behaviour slightly. The get_headers method should potentially return a list for each item in the dictionary. WSGI support could demand that a special "end of headers" method be introduced into WebStack, thus making response output more efficient (and probably also for other frameworks, too). Investigate proper support for HEAD, OPTIONS and other request methods. Consider packages for different operating systems (other than Debian). Investigate cStringIO usage. The location of deployed applications in the filesystem should be exposed to those applications. (This is actually available in the __file__ module variable.) A resource could be provided to record the "root" path and added to a resource hierarchy or site map. Note that PathSelector records the "root" path, although it is not automatically deployed. (Completed/rejected) Path information should be consistent across all frameworks, and the "path info" value should be meaningful. (This should now be correct.) Investigate the nicer functions in the cgi module, discarding the "magic" stuff like FieldStorage. (These nicer functions are used by projects like Twisted - as of 1.3.0 at least - and do not give the necessary information we require.) Release Procedures ------------------ Update the WebStack/__init__.py __version__ attribute. Change the version number and package filename/directory in the documentation. Change code examples in the documentation if appropriate. Update the release notes (see above). Check the setup.py file and ensure that all package directories are mentioned. Check the release information in the PKG-INFO file and in the package changelog (and other files). Tag, export. Generate the PyServlet classes. Generate the API documentation. Remove generated .pyc files: rm `find . -name "*.pyc"` Archive, upload. Upload the introductory documentation. Update PyPI, PythonInfo Wiki entries. Generating the PyServlet Classes -------------------------------- In order to generate the PyServlet classes, it is necessary to run the supplied script: ./tools/JavaServlet/compile.sh This produces Java classes and a .jar file for use by WebStack applications running on the Java platform. Generating the API Documentation -------------------------------- In order to prepare the API documentation, it is necessary to generate some Web pages from the Python source code. For this, the epydoc application must be available on your system. Then, inside the distribution directory, run the apidocs.sh tool script as follows: ./tools/apidocs.sh Some warnings may be generated by the script, but the result should be a new apidocs directory within the distribution directory. Making Packages --------------- To make Debian-based packages: 1. Create new package directories under packages if necessary. 2. Make a symbolic link in the distribution's root directory to keep the Debian tools happy. For example, one of the following: ln -s packages/ubuntu-hoary/python2.4-webstack/debian/ ln -s packages/ubuntu-feisty/python-webstack/debian/ ln -s packages/ubuntu-feisty/jython-webstack/debian/ 3. Run the package builder: dpkg-buildpackage -rfakeroot 4. Locate and tidy up the packages in the parent directory of the distribution's root directory.