First test to implement a requestbin like service with Eiffel.

Updated EWF  http_network, websocket, httpd to use the latest EiffelN…

library/network/http_client/src/http_client.e

@@ -16,8 +16,19 @@ feature -- Access
 		deferred
 		end
 
+	get (a_url: READABLE_STRING_8; ctx: detachable HTTP_CLIENT_REQUEST_CONTEXT): HTTP_CLIENT_RESPONSE
+		do
+			Result := new_session (a_url).get ("", ctx)
+		end
+
+	custom (a_method: READABLE_STRING_8; a_url: READABLE_STRING_8; ctx: detachable HTTP_CLIENT_REQUEST_CONTEXT): HTTP_CLIENT_RESPONSE
+			-- Response for `a_method' request based on `a_url' and optional `ctx'.	
+		do
+			Result := new_session (a_url).custom (a_method, "", ctx)
+		end
+
 note
-	copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
+	copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
 	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
 	source: "[
 			Eiffel Software

library/network/http_network/src/ssl/http_stream_secure_socket.e

@@ -55,12 +55,19 @@ feature -- Secure connection Helpers
 		end
 
 	set_secure_protocol_to_ssl_2_or_3
-			-- Set `ssl_protocol' with `Ssl_23'.
-		do
-			set_secure_protocol ({SSL_PROTOCOL}.Ssl_23)
-		end
+ 			-- Set `ssl_protocol' with `Ssl_23'.
+ 			-- Protocol not supported anymore.
+		obsolete
+			"Use set_secure_protocol_to_tls_1_2 [2017-06-23]."
+ 		local
+ 			err: DEVELOPER_EXCEPTION
+ 		do
+ 		    create err
+			err.set_description ("SSL_2 or SSL_3 are not supported anymore, upgrate to TLS set_secure_protocol_to_tls_1_2")
+			err.raise
+ 		end
 
-	set_secure_protocol_to_tls_1_0
+ 	set_secure_protocol_to_tls_1_0
 			-- Set `ssl_protocol' with `Tls_1_0'.
 		do
 			set_secure_protocol ({SSL_PROTOCOL}.Tls_1_0)
@@ -176,7 +183,14 @@ feature -- Output
 		end
 
 note
-	copyright: "2011-2013, Javier Velilla, Jocelyn Fiat and others"
+	copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Olivier Ligot, Colin Adams, Eiffel Software and others"
 	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
+	source: "[
+			Eiffel Software
+			5949 Hollister Ave., Goleta, CA 93117 USA
+			Telephone 805-685-1006, Fax 805-685-6869
+			Website http://www.eiffel.com
+			Customer support http://support.eiffel.com
+		]"
 
 end

library/security/jwt/src/errors/jwt_mismatched_alg_error.e

@@ -0,0 +1,36 @@
+note
+	description: "Summary description for {JWT_MISMATCHED_ALG_ERROR}."
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	JWT_MISMATCHED_ALG_ERROR
+
+inherit
+	JWT_ERROR
+
+create
+	make
+
+feature {NONE} -- Initialization
+
+	make (a_alg, a_header_alg: READABLE_STRING_8)
+		do
+			alg := a_alg
+			header_alg := a_header_alg
+		end
+
+feature -- Access
+
+	alg: READABLE_STRING_8
+
+	header_alg: READABLE_STRING_8
+
+	id: STRING = "ALG_MISMATCH"
+
+	message: READABLE_STRING_8
+		do
+			Result := "Header alg [" + header_alg + "] does not match given alg [" + alg + "]!"
+		end
+
+end

library/security/jwt/src/jwt.e

@@ -118,6 +118,11 @@ feature {JWT_UTILITIES} -- Error reporting
 			l_errors.extend (err)
 		end
 
+	report_mismatched_alg_error (alg, a_header_alg: READABLE_STRING_8)
+		do
+			report_error (create {JWT_MISMATCHED_ALG_ERROR}.make (alg, a_header_alg))
+		end
+
 	report_unsupported_alg_error (alg: READABLE_STRING_8)
 		do
 			report_error (create {JWT_UNSUPPORTED_ALG_ERROR}.make (alg))

library/security/jwt/src/jwt_loader.e

@@ -1,8 +1,8 @@
 note
-	description: "Summary description for {JWT_LOADER}."
-	author: ""
+	description: "Loader and verifier to JWT token."
 	date: "$Date$"
 	revision: "$Revision$"
+	EIS: "name=Known Critical vulnerabilities in JWT libs", "protocol=URI", "src=https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/"
 
 class
 	JWT_LOADER
@@ -12,9 +12,13 @@ inherit
 
 feature -- Access
 
-	token (a_token_input: READABLE_STRING_8; a_secret: READABLE_STRING_8; ctx: detachable JWT_CONTEXT): detachable JWT
-			-- Decoded token from `a_token_input` given the secret `a_secret`, and optional context `ctx`
+	token (a_token_input: READABLE_STRING_8; a_alg: detachable READABLE_STRING_8; a_verification_key: READABLE_STRING_8; ctx: detachable JWT_CONTEXT): detachable JWT
+			-- Decoded token from `a_token_input` given the verification key `a_verification_key` and optional (but recommended) signature algorithm `a_alg`, and optional context `ctx`
 			-- used to specify eventual issuer and various parameters.
+			-- WARNING: passing Void for `a_alg` is not safe, as the server should know which alg he used for tokens,
+			-- 			leaving the possibility to use the header alg is dangerous as client may use "none" and then bypass verification!
+		require
+			a_valid_alg: a_alg /= Void implies is_supporting_signature_algorithm (a_alg)
 		local
 			jws: JWS
 			i,j,n: INTEGER
@@ -29,20 +33,27 @@ feature -- Access
 					l_enc_payload := a_token_input.substring (i + 1, j - 1)
 					l_signature := a_token_input.substring (j + 1, n)
 					create jws.make_with_json_payload (base64url_decode (l_enc_payload))
-
 					alg := signature_algorithm_from_encoded_header (l_enc_header)
-					jws.set_algorithm (alg)
-					if alg = Void then
-							-- Use default
-						alg := alg_hs256
+					if a_alg /= Void then
+						if alg /= Void and then not alg.is_case_insensitive_equal_general (a_alg) then
+							jws.report_mismatched_alg_error (a_alg, alg)
+						else
+							alg := a_alg
+						end
+					else
+						if alg = Void then
+								-- Use default
+							alg := alg_hs256
+						end
 					end
+					jws.set_algorithm (alg)
 					check alg_set: alg /= Void end
 					if ctx = Void or else not ctx.validation_ignored then
 						if not is_supporting_signature_algorithm (alg) then
 							jws.report_unsupported_alg_error (alg)
 							alg := alg_hs256
 						end
-						if not l_signature.same_string (signature (l_enc_header, l_enc_payload, a_secret, alg)) then
+						if not l_signature.same_string (signature (l_enc_header, l_enc_payload, a_verification_key, alg)) then
 							jws.report_unverified_token_error
 						end
 						if

library/security/jwt/testing/test_jwt.e

@@ -54,7 +54,14 @@ feature -- Test
 
 			create jwt_loader
 
-			if attached jwt_loader.token (tok, "secret", Void) as l_tok then
+				-- Use header alg!
+			if attached jwt_loader.token (tok, Void, "secret", Void) as l_tok then
+				assert ("no error", not l_tok.has_error)
+				assert ("same payload", l_tok.claimset.string.same_string (payload))
+			end
+
+				-- Use given alg!
+			if attached jwt_loader.token (tok, jwt.algorithm, "secret", Void) as l_tok then
 				assert ("no error", not l_tok.has_error)
 				assert ("same payload", l_tok.claimset.string.same_string (payload))
 			end
@@ -96,21 +103,21 @@ feature -- Test
 			create jwt_loader
 
 				-- Test with validation + exp
-			if attached jwt_loader.token (tok, "secret", Void) as l_tok then
+			if attached jwt_loader.token (tok, jwt.algorithm, "secret", Void) as l_tok then
 				assert ("no error", not l_tok.has_error)
 				assert ("same payload", l_tok.claimset.string.same_string (payload))
 			end
 
 			create ctx
 			ctx.set_time (now)
-			if attached jwt_loader.token (tok, "secret", ctx) as l_tok then
+			if attached jwt_loader.token (tok, jwt.algorithm, "secret", ctx) as l_tok then
 				assert ("no error", not l_tok.has_error)
 			end
 
 			dt := duplicated_time (now)
 			dt.hour_add (5)
 			ctx.set_time (dt)
-			if attached jwt_loader.token (tok, "secret", ctx) as l_tok then
+			if attached jwt_loader.token (tok, jwt.algorithm, "secret", ctx) as l_tok then
 				assert ("exp error", l_tok.has_error)
 			end
 
@@ -122,7 +129,7 @@ feature -- Test
 			tok := jwt.encoded_string ("secret")
 
 			ctx.set_time (now)
-			if attached jwt_loader.token (tok, "secret", ctx) as l_tok then
+			if attached jwt_loader.token (tok, jwt.algorithm, "secret", ctx) as l_tok then
 				assert ("has nbf error", l_tok.has_error)
 			end
 
@@ -130,7 +137,7 @@ feature -- Test
 			dt.second_add (15)
 			ctx.set_time (dt)
 
-			if attached jwt_loader.token (tok, "secret", ctx) as l_tok then
+			if attached jwt_loader.token (tok, jwt.algorithm, "secret", ctx) as l_tok then
 				assert ("has nbf error", l_tok.has_error)
 			end
 
@@ -138,31 +145,51 @@ feature -- Test
 			dt.minute_add (45)
 			ctx.set_time (dt)
 
-			if attached jwt_loader.token (tok, "secret", ctx) as l_tok then
+			if attached jwt_loader.token (tok, jwt.algorithm, "secret", ctx) as l_tok then
 				assert ("no error", not l_tok.has_error)
 			end
 
 				-- Test Issuer
 			ctx.set_issuer ("urn:foobar")
-			if attached jwt_loader.token (tok, "secret", ctx) as l_tok then
+			if attached jwt_loader.token (tok, jwt.algorithm, "secret", ctx) as l_tok then
 				assert ("has iss error", l_tok.has_error)
 			end
 			ctx.set_issuer ("urn:foo")
-			if attached jwt_loader.token (tok, "secret", ctx) as l_tok then
+			if attached jwt_loader.token (tok, jwt.algorithm, "secret", ctx) as l_tok then
 				assert ("no error", not l_tok.has_error)
 			end
 
 				-- Test Audience
 			ctx.set_audience ("urn:foobar")
-			if attached jwt_loader.token (tok, "secret", ctx) as l_tok then
+			if attached jwt_loader.token (tok, jwt.algorithm, "secret", ctx) as l_tok then
 				assert ("has aud error", l_tok.has_error)
 			end
 			ctx.set_audience ("urn:foo")
-			if attached jwt_loader.token (tok, "secret", ctx) as l_tok then
+			if attached jwt_loader.token (tok, jwt.algorithm, "secret", ctx) as l_tok then
 				assert ("no error", not l_tok.has_error)
 			end
 		end
 
+	test_mismatched_alg_jwt
+		local
+			jwt: JWS
+			payload: STRING
+			tok: STRING
+		do
+			payload := "[
+				{"iss":"joe","exp":1300819380,"http://example.com/is_root":true}
+				]"
+
+			create jwt.make_with_json_payload (payload)
+			jwt.set_algorithm ("none")
+			tok := jwt.encoded_string ("secret")
+
+			if attached (create {JWT_LOADER}).token (tok, "HS256", "secret", Void) as l_tok then
+				assert ("no error", not jwt.has_error)
+				assert ("same payload", l_tok.claimset.string.same_string (payload))
+			end
+		end
+
 	test_unsecured_jwt
 		local
 			jwt: JWS
@@ -177,7 +204,11 @@ feature -- Test
 			jwt.set_algorithm ("none")
 			tok := jwt.encoded_string ("secret")
 
-			if attached (create {JWT_LOADER}).token (tok, "secret", Void) as l_tok then
+			if attached (create {JWT_LOADER}).token (tok, "none", "secret", Void) as l_tok then
+				assert ("no error", not jwt.has_error)
+				assert ("same payload", l_tok.claimset.string.same_string (payload))
+			end
+			if attached (create {JWT_LOADER}).token (tok, Void, "secret", Void) as l_tok then
 				assert ("no error", not jwt.has_error)
 				assert ("same payload", l_tok.claimset.string.same_string (payload))
 			end

library/server/httpd/configuration/httpd_configuration_i.e

@@ -167,7 +167,7 @@ feature -- Element change
 		end
 
 	set_socket_timeout (a_nb_seconds: like socket_timeout)
-			-- Set `socket_timeout' with `a_nb_seconds'
+			-- Set `socket_timeout' with `a_nb_seconds'.
 		do
 			socket_timeout := a_nb_seconds
 		ensure
@@ -175,7 +175,7 @@ feature -- Element change
 		end
 
 	set_socket_recv_timeout (a_nb_seconds: like socket_recv_timeout)
-			-- Set `socket_recv_timeout' with `a_nb_seconds'
+			-- Set `socket_recv_timeout' with `a_nb_seconds'.
 		do
 			socket_recv_timeout := a_nb_seconds
 		ensure
@@ -183,7 +183,7 @@ feature -- Element change
 		end
 
 	set_keep_alive_timeout (a_seconds: like keep_alive_timeout)
-			-- Set `keep_alive_timeout' with `a_seconds'
+			-- Set `keep_alive_timeout' with `a_seconds'.
 		do
 			keep_alive_timeout := a_seconds
 		ensure
@@ -191,7 +191,7 @@ feature -- Element change
 		end
 
 	set_max_keep_alive_requests (nb: like max_keep_alive_requests)
-			-- Set `max_keep_alive_requests' with `nb'
+			-- Set `max_keep_alive_requests' with `nb'.
 		do
 			max_keep_alive_requests := nb
 		ensure
@@ -254,7 +254,7 @@ feature -- Element change
 		end
 
 	mark_secure
-			-- Set is_secure in True
+			-- Set is_secure in True.
 		do
 			set_is_secure (True)
 		ensure
@@ -287,7 +287,7 @@ feature -- Element change
 		end
 
 	set_secure_protocol (a_version: NATURAL)
-			-- Set `secure_protocol' with `a_version'
+			-- Set `secure_protocol' with `a_version'.
 		do
 			secure_protocol := a_version
 		ensure
@@ -295,7 +295,7 @@ feature -- Element change
 		end
 
 	set_secure_protocol_from_string (a_ssl_version: READABLE_STRING_GENERAL)
-			-- Set `secure_protocol' with `a_ssl_version'
+			-- Set `secure_protocol' with `a_ssl_version'.
 		do
 			if a_ssl_version.is_case_insensitive_equal ("ssl_2_3") then
 				set_secure_protocol_to_ssl_2_or_3
@@ -316,6 +316,8 @@ feature -- SSL Helpers
 
 	set_secure_protocol_to_ssl_2_or_3
 			-- Set `secure_protocol' with `Ssl_23'.
+		obsolete
+			"Use set_secure_protocol_to_tls_1_2 [2017-06-23]."
 		deferred
 		end
 

library/server/httpd/ssl/httpd_configuration.e

@@ -36,9 +36,16 @@ feature -- Access
 feature -- SSL Helpers
 
 	set_secure_protocol_to_ssl_2_or_3
-			-- Set `secure_protocol' with `Ssl_23'.
+			-- Set `ssl_protocol' with `Ssl_23'.
+			-- Protocol not supported anymore.
+		obsolete
+			"Use set_secure_protocol_to_tls_1_2 [2017-06-23]."
+		local
+			err: DEVELOPER_EXCEPTION
 		do
-			set_secure_protocol ({SSL_PROTOCOL}.Ssl_23)
+			create err
+			err.set_description ("SSL_2 or SSL_3 are not supported anymore, upgrate to TLS set_secure_protocol_to_tls_1_2")
+			err.raise
 		end
 
 	set_secure_protocol_to_tls_1_0
@@ -67,7 +74,7 @@ feature -- SSL Helpers
 
 
 note
-	copyright: "2011-2014, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
+	copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
 	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
 	source: "[
 			Eiffel Software

tools/requestbin/README.md

@@ -0,0 +1 @@
+This example is a simple service that analyze the request and return a formatted output of the request data (query parameters, form parameters, environment variables, and so on). It could be used to debug client, or to experiment the EiffelWeb behavior on various connectors (standalone, apache, iis, ...).

tools/requestbin/launcher/any/application_launcher.e

@@ -0,0 +1,19 @@
+note
+	description: "[
+				Effective class for APPLICATION_LAUNCHER_I
+
+				You can put modification in this class
+			]"
+	date: "$Date: 2013-06-12 13:55:42 +0200 (mer., 12 juin 2013) $"
+	revision: "$Revision: 36 $"
+
+class
+	APPLICATION_LAUNCHER [G -> WSF_EXECUTION create make end]
+
+inherit
+	APPLICATION_LAUNCHER_I [G]
+
+feature -- Custom
+
+end
+

tools/requestbin/launcher/any/application_launcher_i.e

@@ -0,0 +1,102 @@
+note
+	description: "[
+			Specific application launcher
+
+			DO NOT EDIT THIS CLASS
+
+			you can customize APPLICATION_LAUNCHER
+		]"
+	date: "$Date: 2013-06-12 13:55:42 +0200 (mer., 12 juin 2013) $"
+	revision: "$Revision: 36 $"
+
+deferred class
+	APPLICATION_LAUNCHER_I [G -> WSF_EXECUTION create make end]
+
+inherit
+	SHARED_EXECUTION_ENVIRONMENT
+
+feature -- Execution
+
+	launch (opts: detachable WSF_SERVICE_LAUNCHER_OPTIONS)
+		local
+			nature: like launcher_nature
+		do
+			nature := launcher_nature
+			if nature = Void or else nature = nature_standalone then
+				launch_standalone (opts)
+			elseif nature = nature_cgi then
+				launch_cgi (opts)
+			elseif nature = nature_libfcgi then
+				launch_libfcgi (opts)
+			else
+				-- bye bye
+				(create {EXCEPTIONS}).die (-1)
+			end
+		end
+
+feature {NONE} -- Access
+
+	launcher_nature: detachable READABLE_STRING_8
+			-- Initialize the launcher nature
+			-- either cgi, libfcgi, or standalone.
+			--| We could extend with more connector if needed.
+			--| and we could use WSF_DEFAULT_SERVICE_LAUNCHER to configure this at compilation time.
+		local
+			p: PATH
+			ext: detachable READABLE_STRING_32
+		do
+			create p.make_from_string (execution_environment.arguments.command_name)
+			if attached p.entry as l_entry then
+				ext := l_entry.extension
+			end
+			if ext /= Void then
+				if ext.same_string (nature_standalone) then
+					Result := nature_standalone
+				end
+				if ext.same_string (nature_cgi) then
+					Result := nature_cgi
+				end
+				if ext.same_string (nature_libfcgi) or else ext.same_string ("fcgi") then
+					Result := nature_libfcgi
+				end
+			end
+			Result := nature_standalone
+		end
+
+feature {NONE} -- Standalone
+
+	nature_standalone: STRING = "standalone"
+
+	launch_standalone (opts: detachable WSF_SERVICE_LAUNCHER_OPTIONS)
+		local
+			launcher: WSF_STANDALONE_SERVICE_LAUNCHER [G]
+		do
+			create launcher.make_and_launch (opts)
+		end
+
+feature {NONE} -- cgi
+
+	nature_cgi: STRING = "cgi"
+
+	launch_cgi (opts: detachable WSF_SERVICE_LAUNCHER_OPTIONS)
+		local
+			launcher: WSF_CGI_SERVICE_LAUNCHER [G]
+		do
+			create launcher.make_and_launch (opts)
+		end
+
+feature {NONE} -- libfcgi
+
+	nature_libfcgi: STRING = "libfcgi"
+
+	launch_libfcgi (opts: detachable WSF_SERVICE_LAUNCHER_OPTIONS)
+		local
+			launcher: WSF_LIBFCGI_SERVICE_LAUNCHER [G]
+		do
+			create launcher.make_and_launch (opts)
+		end
+
+
+end
+
+

tools/requestbin/launcher/default/application_launcher.e

@@ -0,0 +1,19 @@
+note
+	description: "[
+				Effective class for APPLICATION_LAUNCHER_I
+
+				You can put modification in this class
+			]"
+	date: "$Date: 2013-06-12 13:55:42 +0200 (mer., 12 juin 2013) $"
+	revision: "$Revision: 36 $"
+
+class
+	APPLICATION_LAUNCHER [G -> WSF_EXECUTION create make end]
+
+inherit
+	APPLICATION_LAUNCHER_I [G]
+
+feature -- Custom
+
+end
+

tools/requestbin/launcher/default/application_launcher_i.e

@@ -0,0 +1,26 @@
+note
+	description: "[
+			Specific application launcher
+
+			DO NOT EDIT THIS CLASS
+
+			you can customize APPLICATION_LAUNCHER
+		]"
+	date: "$Date: 2013-06-12 13:55:42 +0200 (mer., 12 juin 2013) $"
+	revision: "$Revision: 36 $"
+
+deferred class
+	APPLICATION_LAUNCHER_I [G -> WSF_EXECUTION create make end]
+
+feature -- Execution
+
+	launch (opts: detachable WSF_SERVICE_LAUNCHER_OPTIONS)
+		local
+			launcher: WSF_SERVICE_LAUNCHER [G]
+		do
+			create {WSF_DEFAULT_SERVICE_LAUNCHER [G]} launcher.make_and_launch (opts)
+		end
+
+end
+
+

tools/requestbin/requestbin.ecf

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-15-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-15-0 http://www.eiffel.com/developers/xml/configuration-1-15-0.xsd" name="requestbin" uuid="FF1E47E3-7677-4E1C-9459-2E2C2341325A">
+	<target name="common" abstract="true">
+		<file_rule>
+			<exclude>/.svn$</exclude>
+			<exclude>/CVS$</exclude>
+			<exclude>/EIFGENs$</exclude>
+		</file_rule>
+		<option warning="true" void_safety="all">
+			<assertions precondition="true" postcondition="true" check="true" invariant="true" loop="true" supplier_precondition="true"/>
+		</option>
+		<setting name="console_application" value="true"/>
+		<setting name="concurrency" value="scoop"/>
+		<library name="base" location="$ISE_LIBRARY\library\base\base-safe.ecf"/>
+		<library name="encoder" location="..\..\library\text\encoder\encoder-safe.ecf" readonly="false"/>
+		<library name="http" location="..\..\library\network\protocol\http\http-safe.ecf"/>
+		<library name="wsf" location="..\..\library\server\wsf\wsf-safe.ecf" readonly="false"/>
+		<library name="wsf_extension" location="..\..\library\server\wsf\wsf_extension-safe.ecf" readonly="false"/>
+	</target>
+	<target name="requestbin_any" extends="common">
+		<root class="EWF_REQUESTBIN_SERVER" feature="make_and_launch"/>
+		<setting name="concurrency" value="scoop"/>
+		<library name="cgi" location="..\..\library\server\wsf\connector\cgi-safe.ecf" readonly="false"/>
+		<library name="libfcgi" location="..\..\library\server\wsf\connector\libfcgi-safe.ecf" readonly="false"/>
+		<library name="standalone" location="..\..\library\server\wsf\connector\standalone-safe.ecf" readonly="false"/>
+		<cluster name="launcher" location=".\launcher\any\" recursive="true"/>
+		<cluster name="src" location=".\src\" recursive="true"/>
+	</target>
+	<target name="requestbin" extends="common">
+		<root class="EWF_REQUESTBIN_SERVER" feature="make_and_launch"/>
+		<setting name="concurrency" value="scoop"/>
+		<library name="default_standalone" location="..\..\library\server\wsf\default\standalone-safe.ecf" readonly="false"/>
+		<cluster name="launcher" location=".\launcher\default\" recursive="true"/>
+		<cluster name="src" location=".\src\" recursive="true"/>
+	</target>
+	<target name="requestbin_cgi" extends="common">
+		<root class="EWF_REQUESTBIN_SERVER" feature="make_and_launch"/>
+		<library name="default_cgi" location="..\..\library\server\wsf\default\cgi-safe.ecf" readonly="false"/>
+		<cluster name="launcher" location=".\launcher\default\" recursive="true"/>
+		<cluster name="src" location=".\src\" recursive="true"/>
+	</target>
+	<target name="requestbin_libfcgi" extends="common">
+		<root class="EWF_REQUESTBIN_SERVER" feature="make_and_launch"/>
+		<library name="default_libfcgi" location="..\..\library\server\wsf\default\libfcgi-safe.ecf"/>
+		<cluster name="launcher" location=".\launcher\default\" recursive="true"/>
+		<cluster name="src" location=".\src\" recursive="true"/>
+	</target>
+</system>

tools/requestbin/server.ini

@@ -0,0 +1,2 @@
+port=9090
+verbose=true

tools/requestbin/src/ewf_debug_execution.e

@@ -0,0 +1,27 @@
+note
+	description: "Summary description for {EWF_DEBUG_EXECUTION}."
+	author: ""
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	EWF_DEBUG_EXECUTION
+
+inherit
+	WSF_EXECUTION
+
+create
+	make
+
+feature -- Execution
+
+	execute
+		local
+			dbg: WSF_DEBUG_HANDLER
+		do
+			response.put_error ("DEBUG uri=" + request.request_uri + "%N")
+			create dbg.make
+			dbg.execute_starts_with ("", request, response)
+		end
+
+end

tools/requestbin/src/ewf_requestbin_server.e

@@ -0,0 +1,35 @@
+note
+	description: "[
+				application service
+			]"
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	EWF_REQUESTBIN_SERVER
+
+inherit
+	WSF_LAUNCHABLE_SERVICE
+		redefine
+			initialize
+		end
+
+	APPLICATION_LAUNCHER [EWF_DEBUG_EXECUTION]
+
+create
+	make_and_launch
+
+feature {NONE} -- Initialization
+
+	initialize
+			-- Initialize current service.
+		do
+			Precursor
+--			set_service_option ("verbose", True)
+			set_service_option ("port", 9090)
+--			set_service_option ("base", "/www-debug/debug_service.fcgi/")
+			import_service_options (create {WSF_SERVICE_LAUNCHER_OPTIONS_FROM_INI}.make_from_file ("server.ini"))
+		end
+
+end
+