1 Introduction
2 ------------
3
4 WebStack is a package which provides a common API for Python Web
5 applications, regardless of the underlying server or framework environment.
6 It should be possible with WebStack to design and implement an application,
7 to choose a deployment environment, and then to be able to deploy the
8 application in a different environment later on without having to go back
9 and rewrite substantial parts of the application.
10
11 Quick Start
12 -----------
13
14 Try running the demo:
15
16 python tools/demo.py
17
18 An introductory guide to creating applications can be found in the docs
19 directory - see docs/index.html for the start page.
20
21 Contact, Copyright and Licence Information
22 ------------------------------------------
23
24 The current Web page for WebStack at the time of release is:
25
26 http://www.boddie.org.uk/python/WebStack.html
27
28 Copyright and licence information can be found in the docs directory - see
29 docs/COPYING.txt, docs/LICENCE.txt and docs/LICENCE-PyServlet.txt for more
30 information.
31
32 Framework Support
33 -----------------
34
35 Currently, BaseHTTPRequestHandler (via BaseHTTPServer in the standard
36 library), CGI, Jython/Java Servlet API, mod_python, Twisted, Webware, WSGI
37 and Zope 2 are supported. Each framework has its own set of strengths and
38 weaknesses, but the idea is that deployment concerns can be considered
39 separately from the implementation of application functionality. Consult the
40 NOTES.txt files in each framework's subdirectory of the docs directory for
41 some notes on how applications may be run in each environment.
42
43 Tested Frameworks Release Information
44 ----------------- -------------------
45
46 BaseHTTPRequestHandler Python 2.2.2, Python 2.3.3, Python 2.4.1
47 CGI Apache 2.0.44, Apache 2.0.53, AOLserver 4.0.10, lighttpd 1.3.15
48 Jython/Java Servlet API Jython 2.1, Java JDK 1.3.1_02, Tomcat 4.1.31 (Servlet 2.3)
49 mod_python 3.0.3 (3.1.3 for framework cookie and session support)
50 Twisted 1.0.5, 1.3.0
51 Webware 0.8.1, CVS (2004-02-06), 0.9b2
52 WSGI run_with_cgi (PEP 333)
53 Zope 2.7.2-0, 2.8.0-final
54
55 New in WebStack 1.0 (Changes since WebStack 0.10)
56 -------------------------------------------------
57
58 Changed the behaviour of get_path, get_path_without_query, get_path_info,
59 get_virtual_path_info, get_processed_virtual_path_info and
60 get_fields_from_path to return Unicode data decoded using the optional
61 encoding parameter or a common default encoding.
62 Fixed file upload values so that FileContent objects are returned for such
63 fields in get_fields_from_body and get_fields. (Warning! Except for Twisted!)
64 Fixed the JavaServlet support so that streams and file content are obtained as
65 "almost" plain strings.
66 Updated/fixed LoginResource and LoginRedirectResource to use the updated path
67 API and to handle special characters properly.
68 Added convenience methods to Transaction for the decoding and encoding of path
69 values (to and from Unicode objects) - see the decode_path and encode_path
70 methods.
71 Added the notion of processed virtual path info - the part of the original
72 path info not represented in the current virtual path info.
73 Added "pass through" behaviour to ResourceMap.MapResource (prompted by a patch
74 from Scott Robinson).
75 Fixed ResourceMap.MapResource to handle non-existent resources properly (where
76 the virtual path info is only one component in length).
77 Added Debian package support.
78 Added automatic session directory creation for the WebStack sessions
79 implementation.
80 Added support for the repeated retrieval of sessions from the same WebStack
81 session store, avoiding deadlocks.
82 Fixed the calendar example, making it perform a proper function.
83 Made the BaseHTTPRequestHandler and Twisted SimpleWithLogin applications
84 include the Login application, since Konqueror (at least) does not share
85 cookies across different port numbers on the same host.
86 Added the SimpleWithLogin and Login applications to the demonstration.
87 Improved the documentation, adding information on request headers, and
88 describing file upload and session support limitations.
89
90 New in WebStack 0.10 (Changes since WebStack 0.9)
91 -------------------------------------------------
92
93 Changes to make the tools/demo.py script work on Windows (and other) platforms
94 (suggested by Jim Madsen).
95 Fixed end of header newlines for CGI (suggested by Matt Harrison).
96 Minor documentation fixes and improvements, adding information on AOLserver in
97 the CGI and Webware notes.
98 Changed the mod_python server name method to use the server object rather than
99 the connection object.
100 Added a parameter to the ResourceMap.MapResource class to permit automatic
101 redirects into resource hierarchies when no trailing "/" was given in the URL;
102 changed the updated virtual path info so that empty values may be set (the
103 guarantee that "/" will always appear no longer applies).
104 Fixed virtual path info retrieval when the value is an empty string.
105
106 New in WebStack 0.9 (Changes since WebStack 0.8)
107 ------------------------------------------------
108
109 Standardised error handling in the adapters so that tracebacks can be
110 suppressed and an internal server error condition raised.
111 Added overriding of path info in transactions.
112 Added a ResourceMap resource for dispatching to different resources
113 according to path components.
114 Standardised deployment for some frameworks (see docs/deploying.html).
115 Introductory documentation in XHTML format.
116 Added server name and port methods to the transaction.
117 Added a simple demonstration application, incorporating many of the examples
118 and launched under a single script.
119 Fixed mod_python native sessions.
120 Fixed Zope request stream access.
121 WebStack is now licensed under the LGPL - see docs/COPYING.txt for details.
122
123 New in WebStack 0.8 (Changes since WebStack 0.7)
124 ------------------------------------------------
125
126 Added a standard exception, EndOfResponse, which can be used to immediately
127 stop the processing/production of a response; this is useful when resources
128 need to issue a redirect without unnecessary content being generated, for
129 example.
130 Fixed path information for Zope.
131 Added WSGI support.
132 Verified Twisted 1.3.0 support with Python 2.3.3.
133
134 New in WebStack 0.7 (Changes since WebStack 0.6)
135 ------------------------------------------------
136
137 Fixed path information semantics.
138 Fixed file upload semantics.
139 Fixed content type handling for Unicode output and for interpreting request
140 body fields/parameters (although some improvement remains).
141 Added a method to discover the chosen response stream encoding.
142 Fixed field/parameter retrieval so that path and body fields are distinct,
143 regardless of the framework employed.
144 Added a method to get a combination of path and body fields (suggested by
145 Jacob Smullyan).
146 Introduced Zope 2 support.
147 Improved Jython/Java Servlet API support (although a special PyServlet class
148 must now be used, and certain libraries must be deployed with applications).
149 Introduced authentication/authorisation support for Jython/Java Servlet API.
150 Session support has been added (except for Webware 0.8.1).
151 Alternative cookie support for mod_python has been added.
152 Cookie support now supports encoded Unicode sequences for names and values.
153
154 New in WebStack 0.6 (Changes since WebStack 0.5)
155 ------------------------------------------------
156
157 Introduced Jython/Java Servlet API support.
158 Minor fixes to example applications and to BaseHTTPRequestHandler.
159
160 New in WebStack 0.5 (Changes since WebStack 0.4)
161 ------------------------------------------------
162
163 Changed request body fields/parameters so that they are now represented
164 using Unicode objects rather than plain strings.
165 Introduced better support for Unicode in response streams.
166
167 New in WebStack 0.4 (Changes since WebStack 0.3)
168 ------------------------------------------------
169
170 Added application definition of user identity, permitting alternative
171 authentication mechanisms.
172 Improved BaseHTTPRequestHandler and mod_python reliability around fields
173 from request bodies.
174 Provided stream and environment parameterisation in the CGI adapter.
175 Added LoginRedirect and Login examples.
176 Added get_path_without_query and fixed get_path behaviour.
177
178 New in WebStack 0.3 (Changes since WebStack 0.2)
179 ------------------------------------------------
180
181 Added better header support for Webware (suggested by Ian Bicking).
182 Introduced CGI and Java Servlet support (the latter is currently
183 broken/unfinished).
184 Introduced support for cookies.
185
186 Future Work
187 -----------
188
189 (Essential)
190
191 Twisted 1.3.0 does not provide file upload metadata, and Twisted Web 0.5.0
192 also seems to be missing this functionality. It isn't obvious whether Twisted
193 Web2 will just copy its predecessors and provide a similarly limited API.
194 Perhaps the Twisted support needs to resemble the CGI support much more when
195 handling fields.
196
197 JythonServlet libraries need to be configured using sys.add_package when
198 these do not feature in the compiled-in list. Adding such configuration to
199 the handler may be most appropriate (since the web.xml file can be too
200 arcane), but this needs testing.
201
202 (Important)
203
204 Things to consider for future releases: improved cookie support, redirects,
205 access to shared resources and much better documentation.
206
207 Field access needs testing, especially for anything using the
208 cgi.FieldStorage class, and the way file uploads are exposed should be
209 reviewed (currently the meta-data is not exposed). The acquisition of fields
210 from specific sources should be tested with different request methods - some
211 frameworks provide path fields in the body fields dictionary, others (eg.
212 Zope) change the fields exposed depending on request method.
213
214 Interpretation of path field encodings needs to be verified. Currently,
215 stray path fields are handled (eg. in WebStack.Helpers.Request) as being
216 ISO-8859-1, but it might be the case that some such fields might be
217 submitted as UTF-8. The decode_path method on Transaction does do much of the
218 work that is likely to be required, however. Still, a good policy for decoding
219 path fields, reducing the number of times one might specify the encoding in
220 various method calls, may be important.
221
222 An interesting test of encodings is to introduce things like the following to
223 the path info and query string sections of the URL: %25F0?%E6=%F8&%25F0=%F8
224 This should produce the following decoded result: %F0?æ=ø&%F0=ø
225 (The above needs to be read in ISO-8859-1 or ISO-8859-15.)
226
227 Cookie objects need defining strictly, especially since the standard library
228 Cookie object behaves differently to mod_python (and possibly Webware)
229 Cookie objects. Moreover, the set_cookie_value method needs to provide
230 access to the usual cookie parameters as supported by the frameworks. The
231 standard library Cookie module has issues with Unicode cookie names (and
232 possibly values) - this is worked around, but it would be best to resolve
233 this comprehensively.
234
235 UTF-16 (and possibly other encodings) causes problems with HTML form data
236 sent in POST requests using the application/x-www-form-urlencoded content
237 type. This should be reviewed at a later date when proper standardisation
238 has taken place.
239
240 Session support, especially through WebStack.Helpers.Session, should be
241 reviewed and be made compatible with non-cookie mechanisms.
242
243 HeaderValue objects should be employed more extensively. Thus, the header
244 access methods may need to change their behaviour slightly. The get_headers
245 method should potentially return a list for each item in the dictionary.
246
247 WSGI support could demand that a special "end of headers" method be
248 introduced into WebStack, thus making response output more efficient (and
249 probably also for other frameworks, too).
250
251 The algorithm employed in the WebStack.Helpers.Auth.get_token function
252 should be reviewed and improved for better security.
253
254 Investigate proper support for HEAD, OPTIONS and other request methods.
255
256 Consider packages for different operating systems (other than Debian).
257
258 Provide some 500 error content when handle_errors is true.
259
260 (Completed/rejected)
261
262 The location of deployed applications in the filesystem should be exposed to
263 those applications. (This is actually available in the __file__ module
264 variable.)
265
266 Path information should be consistent across all frameworks, and the "path
267 info" value should be meaningful. (This should now be correct.)
268
269 Investigate the nicer functions in the cgi module, discarding the "magic"
270 stuff like FieldStorage. (These nicer functions are used by projects like
271 Twisted - as of 1.3.0 at least - and do not give the necessary information we
272 require.)
273
274 Release Procedures
275 ------------------
276
277 Update the WebStack/__init__.py __version__ attribute.
278 Change the version number and package filename/directory in the documentation.
279 Change code examples in the documentation if appropriate.
280 Update the release notes (see above).
281 Check the setup.py file and ensure that all package directories are mentioned.
282 Check the release information in the PKG-INFO file and in the package
283 changelog (and other files).
284 Tag, export.
285 Generate the PyServlet classes.
286 Generate the API documentation.
287 Remove generated .pyc files: rm `find . -name "*.pyc"`
288 Archive, upload.
289 Upload the introductory documentation.
290 Update PyPI, PythonInfo Wiki, Vaults of Parnassus entries.
291
292 Generating the API Documentation
293 --------------------------------
294
295 In order to prepare the API documentation, it is necessary to generate some
296 Web pages from the Python source code. For this, the epydoc application must
297 be available on your system. Then, inside the WebStack directory, run the
298 apidocs.sh tool script as follows:
299
300 ./tools/apidocs.sh
301
302 Some warnings may be generated by the script, but the result should be a new
303 apidocs directory within the WebStack directory.