1 Introduction
2 ------------
3
4 WebStack is a package which provides a common API for Python Web
5 applications, regardless of the underlying server or framework environment.
6 It should be possible with WebStack to design and implement an application,
7 to choose a deployment environment, and then to be able to deploy the
8 application in a different environment later on without having to go back
9 and rewrite substantial parts of the application.
10
11 Quick Start
12 -----------
13
14 Try running the demo:
15
16 python tools/demo.py
17
18 An introductory guide to creating applications can be found in the docs
19 directory - see docs/index.html for the start page.
20
21 Contact, Copyright and Licence Information
22 ------------------------------------------
23
24 The current Web page for WebStack at the time of release is:
25
26 http://www.boddie.org.uk/python/WebStack.html
27
28 Copyright and licence information can be found in the docs directory - see
29 docs/COPYING.txt, docs/LICENCE.txt and docs/LICENCE-PyServlet.txt for more
30 information.
31
32 Framework Support
33 -----------------
34
35 Currently, BaseHTTPRequestHandler (via BaseHTTPServer in the standard
36 library), CGI, Jython/Java Servlet API, mod_python, Twisted, Webware, WSGI
37 and Zope 2 are supported. Each framework has its own set of strengths and
38 weaknesses, but the idea is that deployment concerns can be considered
39 separately from the implementation of application functionality. Consult the
40 NOTES.txt files in each framework's subdirectory of the docs directory for
41 some notes on how applications may be run in each environment.
42
43 Tested Frameworks Release Information
44 ----------------- -------------------
45
46 BaseHTTPRequestHandler Python 2.2.2, Python 2.3.3, Python 2.4.1
47 CGI Apache 2.0.44, Apache 2.0.53, AOLserver 4.0.10, lighttpd 1.3.15
48 Jython/Java Servlet API Jython 2.1, Java JDK 1.3.1_02, Tomcat 4.1.31 (Servlet 2.3)
49 mod_python 3.0.3 (3.1.3 for framework cookie and session support)
50 Twisted 1.0.5, 1.3.0
51 Webware 0.8.1, CVS (2004-02-06), 0.9b2
52 WSGI run_with_cgi (PEP 333)
53 Zope 2.7.2-0, 2.8.0-final
54
55 New in WebStack 1.0 (Changes since WebStack 0.10)
56 -------------------------------------------------
57
58 Changed the behaviour of get_path, get_path_without_query, get_path_info,
59 get_virtual_path_info, get_processed_virtual_path_info and
60 get_fields_from_path to return Unicode data decoded using the optional
61 encoding parameter or a common default encoding.
62 Fixed file upload values so that plain strings are returned for such fields in
63 get_fields_from_body and get_fields. (Warning! Except for Twisted!)
64 Updated/fixed LoginResource and LoginRedirectResource to use the updated path
65 API and to handle special characters properly.
66 Added convenience methods to Transaction for the decoding and encoding of path
67 values (to and from Unicode objects) - see the decode_path and encode_path
68 methods.
69 Added the notion of processed virtual path info - the part of the original
70 path info not represented in the current virtual path info.
71 Added "pass through" behaviour to ResourceMap.MapResource (prompted by a patch
72 from Scott Robinson).
73 Fixed ResourceMap.MapResource to handle non-existent resources properly (where
74 the virtual path info is only one component in length).
75 Added Debian package support.
76 Added automatic session directory creation for the WebStack sessions
77 implementation.
78 Added support for the repeated retrieval of sessions from the same WebStack
79 session store, avoiding deadlocks.
80 Fixed the calendar example, making it perform a proper function.
81
82 New in WebStack 0.10 (Changes since WebStack 0.9)
83 -------------------------------------------------
84
85 Changes to make the tools/demo.py script work on Windows (and other) platforms
86 (suggested by Jim Madsen).
87 Fixed end of header newlines for CGI (suggested by Matt Harrison).
88 Minor documentation fixes and improvements, adding information on AOLserver in
89 the CGI and Webware notes.
90 Changed the mod_python server name method to use the server object rather than
91 the connection object.
92 Added a parameter to the ResourceMap.MapResource class to permit automatic
93 redirects into resource hierarchies when no trailing "/" was given in the URL;
94 changed the updated virtual path info so that empty values may be set (the
95 guarantee that "/" will always appear no longer applies).
96 Fixed virtual path info retrieval when the value is an empty string.
97
98 New in WebStack 0.9 (Changes since WebStack 0.8)
99 ------------------------------------------------
100
101 Standardised error handling in the adapters so that tracebacks can be
102 suppressed and an internal server error condition raised.
103 Added overriding of path info in transactions.
104 Added a ResourceMap resource for dispatching to different resources
105 according to path components.
106 Standardised deployment for some frameworks (see docs/deploying.html).
107 Introductory documentation in XHTML format.
108 Added server name and port methods to the transaction.
109 Added a simple demonstration application, incorporating many of the examples
110 and launched under a single script.
111 Fixed mod_python native sessions.
112 Fixed Zope request stream access.
113 WebStack is now licensed under the LGPL - see docs/COPYING.txt for details.
114
115 New in WebStack 0.8 (Changes since WebStack 0.7)
116 ------------------------------------------------
117
118 Added a standard exception, EndOfResponse, which can be used to immediately
119 stop the processing/production of a response; this is useful when resources
120 need to issue a redirect without unnecessary content being generated, for
121 example.
122 Fixed path information for Zope.
123 Added WSGI support.
124 Verified Twisted 1.3.0 support with Python 2.3.3.
125
126 New in WebStack 0.7 (Changes since WebStack 0.6)
127 ------------------------------------------------
128
129 Fixed path information semantics.
130 Fixed file upload semantics.
131 Fixed content type handling for Unicode output and for interpreting request
132 body fields/parameters (although some improvement remains).
133 Added a method to discover the chosen response stream encoding.
134 Fixed field/parameter retrieval so that path and body fields are distinct,
135 regardless of the framework employed.
136 Added a method to get a combination of path and body fields (suggested by
137 Jacob Smullyan).
138 Introduced Zope 2 support.
139 Improved Jython/Java Servlet API support (although a special PyServlet class
140 must now be used, and certain libraries must be deployed with applications).
141 Introduced authentication/authorisation support for Jython/Java Servlet API.
142 Session support has been added (except for Webware 0.8.1).
143 Alternative cookie support for mod_python has been added.
144 Cookie support now supports encoded Unicode sequences for names and values.
145
146 New in WebStack 0.6 (Changes since WebStack 0.5)
147 ------------------------------------------------
148
149 Introduced Jython/Java Servlet API support.
150 Minor fixes to example applications and to BaseHTTPRequestHandler.
151
152 New in WebStack 0.5 (Changes since WebStack 0.4)
153 ------------------------------------------------
154
155 Changed request body fields/parameters so that they are now represented
156 using Unicode objects rather than plain strings.
157 Introduced better support for Unicode in response streams.
158
159 New in WebStack 0.4 (Changes since WebStack 0.3)
160 ------------------------------------------------
161
162 Added application definition of user identity, permitting alternative
163 authentication mechanisms.
164 Improved BaseHTTPRequestHandler and mod_python reliability around fields
165 from request bodies.
166 Provided stream and environment parameterisation in the CGI adapter.
167 Added LoginRedirect and Login examples.
168 Added get_path_without_query and fixed get_path behaviour.
169
170 New in WebStack 0.3 (Changes since WebStack 0.2)
171 ------------------------------------------------
172
173 Added better header support for Webware (suggested by Ian Bicking).
174 Introduced CGI and Java Servlet support (the latter is currently
175 broken/unfinished).
176 Introduced support for cookies.
177
178 Future Work
179 -----------
180
181 (Essential)
182
183 Twisted 1.3.0 does not provide file upload metadata, and Twisted Web 0.5.0
184 also seems to be missing this functionality. It isn't obvious whether Twisted
185 Web2 will just copy its predecessors and provide a similarly limited API.
186 Perhaps the Twisted support needs to resemble the CGI support much more when
187 handling fields.
188
189 JythonServlet libraries need to be configured using sys.add_package when
190 these do not feature in the compiled-in list. Adding such configuration to
191 the handler may be most appropriate (since the web.xml file can be too
192 arcane), but this needs testing.
193
194 (Important)
195
196 Things to consider for future releases: improved cookie support, redirects,
197 access to shared resources and much better documentation.
198
199 Field access needs testing, especially for anything using the
200 cgi.FieldStorage class, and the way file uploads are exposed should be
201 reviewed (currently the meta-data is not exposed). The acquisition of fields
202 from specific sources should be tested with different request methods - some
203 frameworks provide path fields in the body fields dictionary, others (eg.
204 Zope) change the fields exposed depending on request method.
205
206 Interpretation of path field encodings needs to be verified. Currently,
207 stray path fields are handled (eg. in WebStack.Helpers.Request) as being
208 ISO-8859-1, but it might be the case that some such fields might be
209 submitted as UTF-8. The decode_path method on Transaction does do much of the
210 work that is likely to be required, however. Still, a good policy for decoding
211 path fields, reducing the number of times one might specify the encoding in
212 various method calls, may be important.
213
214 An interesting test of encodings is to introduce things like the following to
215 the path info and query string sections of the URL: %25F0?%E6=%F8&%25F0=%F8
216 This should produce the following decoded result: %F0?æ=ø&%F0=ø
217 (The above needs to be read in ISO-8859-1 or ISO-8859-15.)
218
219 Cookie objects need defining strictly, especially since the standard library
220 Cookie object behaves differently to mod_python (and possibly Webware)
221 Cookie objects. Moreover, the set_cookie_value method needs to provide
222 access to the usual cookie parameters as supported by the frameworks. The
223 standard library Cookie module has issues with Unicode cookie names (and
224 possibly values) - this is worked around, but it would be best to resolve
225 this comprehensively.
226
227 UTF-16 (and possibly other encodings) causes problems with HTML form data
228 sent in POST requests using the application/x-www-form-urlencoded content
229 type. This should be reviewed at a later date when proper standardisation
230 has taken place.
231
232 Session support, especially through WebStack.Helpers.Session, should be
233 reviewed and be made compatible with non-cookie mechanisms.
234
235 HeaderValue objects should be employed more extensively. Thus, the header
236 access methods may need to change their behaviour slightly.
237
238 WSGI support could demand that a special "end of headers" method be
239 introduced into WebStack, thus making response output more efficient (and
240 probably also for other frameworks, too).
241
242 The algorithm employed in the WebStack.Helpers.Auth.get_token function
243 should be reviewed and improved for better security.
244
245 Investigate proper support for HEAD, OPTIONS and other request methods.
246
247 Consider packages for different operating systems (other than Debian).
248
249 Provide some 500 error content when handle_errors is true.
250
251 (Completed/rejected)
252
253 The location of deployed applications in the filesystem should be exposed to
254 those applications. (This is actually available in the __file__ module
255 variable.)
256
257 Path information should be consistent across all frameworks, and the "path
258 info" value should be meaningful. (This should now be correct.)
259
260 Investigate the nicer functions in the cgi module, discarding the "magic"
261 stuff like FieldStorage. (These nicer functions are used by projects like
262 Twisted - as of 1.3.0 at least - and do not give the necessary information we
263 require.)
264
265 Release Procedures
266 ------------------
267
268 Update the WebStack/__init__.py __version__ attribute.
269 Change the version number and package filename/directory in the documentation.
270 Change code examples in the documentation if appropriate.
271 Update the release notes (see above).
272 Check the setup.py file and ensure that all package directories are mentioned.
273 Check the release information in the PKG-INFO file and in the package
274 changelog (and other files).
275 Tag, export.
276 Generate the PyServlet classes.
277 Generate the API documentation.
278 Remove generated .pyc files: rm `find . -name "*.pyc"`
279 Archive, upload.
280 Upload the introductory documentation.
281 Update PyPI, PythonInfo Wiki, Vaults of Parnassus entries.
282
283 Generating the API Documentation
284 --------------------------------
285
286 In order to prepare the API documentation, it is necessary to generate some
287 Web pages from the Python source code. For this, the epydoc application must
288 be available on your system. Then, inside the WebStack directory, run the
289 apidocs.sh tool script as follows:
290
291 ./tools/apidocs.sh
292
293 Some warnings may be generated by the script, but the result should be a new
294 apidocs directory within the WebStack directory.