You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Oleg Kalnichevski <o....@dplanet.ch> on 2003/03/19 21:09:39 UTC
[FEEDBACK NEEDED]: Authentication logic completely refactored
Folks,
I know I have been a pain in the rear ;-)
Your feedback would be highly appreciated. I know it is quite a bit of a
patch ;-) So, you are welcome to start throwing bad tomatoes at me
[Taking cover]
Oleg
On Wed, 2003-03-19 at 20:59, bugzilla@apache.org wrote:
> DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
> RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
> <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17884>.
> ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
> INSERTED IN THE BUG DATABASE.
>
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17884
>
> Multiple DIGEST authentication attempts with same credentials
>
>
>
>
>
> ------- Additional Comments From olegk@apache.org 2003-03-19 19:59 -------
> While working on a fix for this bug I have come to realize that any sort of
> clean solution would require an almost complete authentication logic redesign.
> Authenticator#authenticate method needed to be more modular, so that HttpClient
> class could access information about authentication scheme being used. Besides,
> authentication parsing logic was a complete mess. I was not sure I could fix it
> without introducing subtle bugs
>
> IMPORTANT: The patch retains full API compatibility with the existing version.
> No existing code should be broken.
>
> This patch should also fix the following bugs:
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17158
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16861
>
> You'll have to perform some manual adjustments after having applied the patch:
> - create org.apache.commons.httpclient.auth package
> - move AuthChallengeParser, AuthenticationException,
> MalformedChallengeException, AuthScheme, AuthSchemeBase, BasicScheme,
> DigestScheme, NTLMScheme, RFC2617Scheme, HttpAuthenticator classes to the newly
> created package
>
> Oleg
> PS: New classes have not been documented yet
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
Re: [FEEDBACK NEEDED]: Authentication logic completely refactored
Posted by Michael Becke <be...@u.washington.edu>.
Hi Oleg,
I like the new design. It makes things much simpler and more modular.
I have only a few minor questions/comments:
- should the various auth/* classes be public?
- is there a need for someone to supply their own AuthScheme? it
seems that all of the choices are now hard coded.
- HttpState should use standard bean naming conventions for
preemptiveAuthentication, something like isAuthenticationPreemptive()
and setAuthenticationPreemptive()
- there are some small style problems, and unused imports
Again, very nice work.
Mike
On Wednesday, March 19, 2003, at 03:09 PM, Oleg Kalnichevski wrote:
> Folks,
>
> I know I have been a pain in the rear ;-)
>
> Your feedback would be highly appreciated. I know it is quite a bit of
> a
> patch ;-) So, you are welcome to start throwing bad tomatoes at me
>
> [Taking cover]
>
> Oleg
>
> On Wed, 2003-03-19 at 20:59, bugzilla@apache.org wrote:
>> DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
>> RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
>> <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17884>.
>> ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
>> INSERTED IN THE BUG DATABASE.
>>
>> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17884
>>
>> Multiple DIGEST authentication attempts with same credentials
>>
>>
>>
>>
>>
>> ------- Additional Comments From olegk@apache.org 2003-03-19 19:59
>> -------
>> While working on a fix for this bug I have come to realize that any
>> sort of
>> clean solution would require an almost complete authentication logic
>> redesign.
>> Authenticator#authenticate method needed to be more modular, so that
>> HttpClient
>> class could access information about authentication scheme being
>> used. Besides,
>> authentication parsing logic was a complete mess. I was not sure I
>> could fix it
>> without introducing subtle bugs
>>
>> IMPORTANT: The patch retains full API compatibility with the existing
>> version.
>> No existing code should be broken.
>>
>> This patch should also fix the following bugs:
>> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17158
>> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16861
>>
>> You'll have to perform some manual adjustments after having applied
>> the patch:
>> - create org.apache.commons.httpclient.auth package
>> - move AuthChallengeParser, AuthenticationException,
>> MalformedChallengeException, AuthScheme, AuthSchemeBase, BasicScheme,
>> DigestScheme, NTLMScheme, RFC2617Scheme, HttpAuthenticator classes to
>> the newly
>> created package
>>
>> Oleg
>> PS: New classes have not been documented yet
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> commons-httpclient-dev-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail:
>> commons-httpclient-dev-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> commons-httpclient-dev-help@jakarta.apache.org
>