You are viewing a plain text version of this content. The canonical link for it is here.
Posted to xmlrpc-dev@ws.apache.org by "Jochen Wiedmann (JIRA)" <xm...@ws.apache.org> on 2006/05/09 22:44:05 UTC

[jira] Geschlossen: (XMLRPC-25) Authenticated handler

     [ http://issues.apache.org/jira/browse/XMLRPC-25?page=all ]
     
Jochen Wiedmann closed XMLRPC-25:
---------------------------------

    Resolution: Fixed
     Assign To:     (was: rpc-dev mailing list)

In version 3, it is possible to provide custom authentication by supplying an instance of AuthenticationHandler.


> Authenticated handler
> ---------------------
>
>          Key: XMLRPC-25
>          URL: http://issues.apache.org/jira/browse/XMLRPC-25
>      Project: XML-RPC
>         Type: Bug

>   Components: Source
>     Versions: unspecified
>  Environment: Operating System: Other
> Platform: All
>     Reporter: Dejan Bosanac
>  Attachments: authenticated.patch, authenticated.patch
>
> Enable to expose any business object as a handler that performs basic HTTP
> authentication, but not to be forced to call only execute() method of the handler. 
> If AuthenticatedXmlRpcHandler is used you are forced to call only execute
> method. The problem with this approach is that we are responsible for
> determining what action should be used. This could be a easy task in most cases,
> but it could be a big challenge in a complex handler.
> Idea is to make your object implement AuthenticatedHandler interface and only
> write authenticate method:
>         public boolean authenticate(String username, String password);
>  
> Method should do whatever it takes to check if a username and password belongs
> to a valid user. It could connect to a relational database, LDAP or any other
> user storage and return true if user is permitted for a call or false otherwise.
> After authorization, client can make a call to any public method of your handler.
>             XmlRpcClient client = new XmlRpcClient(url);
>             try
>             {
>                 client.setBasicAuthentication(username, password);
>                 client.execute("authenticated.test", params);
>             }
>             catch(Exception ex)
>             {
>                 System.err.println("Error: " + ex.getMessage());
>             }
> The actual test method will be called.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira