You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by "Steven Dolg (JIRA)" <ji...@apache.org> on 2009/04/27 22:48:30 UTC
[jira] Created: (COCOON3-35) Support access to URLs that require
authentication.
Support access to URLs that require authentication.
---------------------------------------------------
Key: COCOON3-35
URL: https://issues.apache.org/jira/browse/COCOON3-35
Project: Cocoon 3
Issue Type: New Feature
Components: cocoon-sax, cocoon-stax, cocoon-stringtemplate
Affects Versions: 3.0.0-alpha-1
Reporter: Steven Dolg
Assignee: Cocoon Developers Team
Priority: Minor
Fix For: 3.0.0-alpha-2
Currently our pipeline components cannot access URLs that require authentication.
While it is possible to create specialized versions of each component and add authentication there, it shouldn't be too difficult to support this feature in every pipeline component we currently have.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (COCOON3-35) Support access to URLs that require
authentication.
Posted by "Vadim Gritsenko (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COCOON3-35?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12704233#action_12704233 ]
Vadim Gritsenko commented on COCOON3-35:
----------------------------------------
Did you try embedding username/password into the resource URL? I have not tried it myself but I would expect it to "just work". E.g. http://user:password@host:port/path/to/some.xslt
> Support access to URLs that require authentication.
> ---------------------------------------------------
>
> Key: COCOON3-35
> URL: https://issues.apache.org/jira/browse/COCOON3-35
> Project: Cocoon 3
> Issue Type: New Feature
> Components: cocoon-sax, cocoon-stax, cocoon-stringtemplate
> Affects Versions: 3.0.0-alpha-1
> Reporter: Steven Dolg
> Assignee: Cocoon Developers Team
> Priority: Minor
> Fix For: 3.0.0-alpha-2
>
>
> Currently our pipeline components cannot access URLs that require authentication.
> While it is possible to create specialized versions of each component and add authentication there, it shouldn't be too difficult to support this feature in every pipeline component we currently have.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (COCOON3-35) Support access to URLs that require
authentication.
Posted by "Reinhard Poetz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COCOON3-35?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12712789#action_12712789 ]
Reinhard Poetz commented on COCOON3-35:
---------------------------------------
An optional dependency is fine by me too.
And replying to your tweet http://twitter.com/BanDoga/status/1915444934
We could add a resource, that is protected by basic HTTP authentication, to our integration test suite. I already have implemented this for another project. I will see what I can do the next days.
> Support access to URLs that require authentication.
> ---------------------------------------------------
>
> Key: COCOON3-35
> URL: https://issues.apache.org/jira/browse/COCOON3-35
> Project: Cocoon 3
> Issue Type: New Feature
> Components: cocoon-sax, cocoon-stax, cocoon-stringtemplate
> Affects Versions: 3.0.0-alpha-1
> Reporter: Steven Dolg
> Assignee: Cocoon Developers Team
> Priority: Minor
> Fix For: 3.0.0-alpha-2
>
> Attachments: authentication.patch, authentication2.patch
>
>
> Currently our pipeline components cannot access URLs that require authentication.
> While it is possible to create specialized versions of each component and add authentication there, it shouldn't be too difficult to support this feature in every pipeline component we currently have.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (COCOON3-35) Support access to URLs that require
authentication.
Posted by "Steven Dolg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COCOON3-35?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steven Dolg updated COCOON3-35:
-------------------------------
Attachment: authentication.patch
I have created a small patch that demonstrates how authentication could be integrated into our PipelineComponents (without changing much).
To supply a user and password you have to use the format
<protocol>://<user>:<password>@<host>:<port>/<url-path>
(See http://tools.ietf.org/html/rfc1738#section-3.1 for details).
Using this for all components basically means changing how the URLConnection is obtained.
Not a very interesting task, but easily done.
However there is a downside to this:
Using the sun.misc.BASE64Encoder is potentially dangerous (changes in the API, etc.) and will probably not work with JREs from other vendors.
But there is also the "Pipeline does not have external dependencies" policy which would be nice to keep up.
Maybe we can introduce an optional dependency for that (like commons-codec).
There is also the java.net.Authenticator, which can basically provide the same functionality (without a dependency to sun... classes), however in my tests it did not work with redirects.
Maybe someone else has some opinions/experience with that...
> Support access to URLs that require authentication.
> ---------------------------------------------------
>
> Key: COCOON3-35
> URL: https://issues.apache.org/jira/browse/COCOON3-35
> Project: Cocoon 3
> Issue Type: New Feature
> Components: cocoon-sax, cocoon-stax, cocoon-stringtemplate
> Affects Versions: 3.0.0-alpha-1
> Reporter: Steven Dolg
> Assignee: Cocoon Developers Team
> Priority: Minor
> Fix For: 3.0.0-alpha-2
>
> Attachments: authentication.patch
>
>
> Currently our pipeline components cannot access URLs that require authentication.
> While it is possible to create specialized versions of each component and add authentication there, it shouldn't be too difficult to support this feature in every pipeline component we currently have.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (COCOON3-35) Support access to URLs that require
authentication.
Posted by "Steven Dolg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COCOON3-35?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12704485#action_12704485 ]
Steven Dolg commented on COCOON3-35:
------------------------------------
That was my first idea too and so I created a test (completely outside Cocoon).
I tried to access a website on an Apache httpd that requires authentication but got the 401 all the time.
Is this already supported in Cocoon 2.x? Maybe we can "borrow" that... ;-)
> Support access to URLs that require authentication.
> ---------------------------------------------------
>
> Key: COCOON3-35
> URL: https://issues.apache.org/jira/browse/COCOON3-35
> Project: Cocoon 3
> Issue Type: New Feature
> Components: cocoon-sax, cocoon-stax, cocoon-stringtemplate
> Affects Versions: 3.0.0-alpha-1
> Reporter: Steven Dolg
> Assignee: Cocoon Developers Team
> Priority: Minor
> Fix For: 3.0.0-alpha-2
>
>
> Currently our pipeline components cannot access URLs that require authentication.
> While it is possible to create specialized versions of each component and add authentication there, it shouldn't be too difficult to support this feature in every pipeline component we currently have.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (COCOON3-35) Support access to URLs that require
authentication.
Posted by "Vadim Gritsenko (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COCOON3-35?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12704771#action_12704771 ]
Vadim Gritsenko commented on COCOON3-35:
----------------------------------------
Reply to comment # ... ummm ... comment above. Yep, I found the code "responsible" for the "just works" behavior, it's in the URLSource:
http://svn.apache.org/repos/asf/excalibur/trunk/components/sourceresolve/impl/src/main/java/org/apache/excalibur/source/factories/URLSource.java
> Support access to URLs that require authentication.
> ---------------------------------------------------
>
> Key: COCOON3-35
> URL: https://issues.apache.org/jira/browse/COCOON3-35
> Project: Cocoon 3
> Issue Type: New Feature
> Components: cocoon-sax, cocoon-stax, cocoon-stringtemplate
> Affects Versions: 3.0.0-alpha-1
> Reporter: Steven Dolg
> Assignee: Cocoon Developers Team
> Priority: Minor
> Fix For: 3.0.0-alpha-2
>
> Attachments: authentication.patch
>
>
> Currently our pipeline components cannot access URLs that require authentication.
> While it is possible to create specialized versions of each component and add authentication there, it shouldn't be too difficult to support this feature in every pipeline component we currently have.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (COCOON3-35) Support access to URLs that require
authentication.
Posted by "Reinhard Poetz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COCOON3-35?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12707656#action_12707656 ]
Reinhard Poetz commented on COCOON3-35:
---------------------------------------
The URLSource uses the URLUtils http://svn.apache.org/viewvc/excalibur/trunk/components/sourceresolve/api/src/main/java/org/apache/excalibur/source/SourceUtil.java?view=markup
I think the best solution in this case is copying the encodeBASE64() method into the cocoon-pipeline module - it's just about 30 lines of code and it's rather unlikely that they have to be modified in the future.
> Support access to URLs that require authentication.
> ---------------------------------------------------
>
> Key: COCOON3-35
> URL: https://issues.apache.org/jira/browse/COCOON3-35
> Project: Cocoon 3
> Issue Type: New Feature
> Components: cocoon-sax, cocoon-stax, cocoon-stringtemplate
> Affects Versions: 3.0.0-alpha-1
> Reporter: Steven Dolg
> Assignee: Cocoon Developers Team
> Priority: Minor
> Fix For: 3.0.0-alpha-2
>
> Attachments: authentication.patch
>
>
> Currently our pipeline components cannot access URLs that require authentication.
> While it is possible to create specialized versions of each component and add authentication there, it shouldn't be too difficult to support this feature in every pipeline component we currently have.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (COCOON3-35) Support access to URLs that require
authentication.
Posted by "Steven Dolg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COCOON3-35?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steven Dolg updated COCOON3-35:
-------------------------------
Attachment: authentication2.patch
This patch adjusts all PipelineComponents to use the o.a.c.p.u.URLConnectionUtils to access URLs.
This class will deal with authentication when accessing resources using the http protocol.
The approach is still the same: supply the user info part in the URL and authentication will be used.
However I decided against copying the code from Excalibur and included commons-codec as an optional dependency.
Basically this means:
* when you want/need authentication just add commons-codec to your classpath and provide the user info.
* when you don't want/need authentication, you don't need commons-codec and must not provide the user info.
As always, I'll wait a couple of days before applying this patch - in case there are some issues/opinions/...
> Support access to URLs that require authentication.
> ---------------------------------------------------
>
> Key: COCOON3-35
> URL: https://issues.apache.org/jira/browse/COCOON3-35
> Project: Cocoon 3
> Issue Type: New Feature
> Components: cocoon-sax, cocoon-stax, cocoon-stringtemplate
> Affects Versions: 3.0.0-alpha-1
> Reporter: Steven Dolg
> Assignee: Cocoon Developers Team
> Priority: Minor
> Fix For: 3.0.0-alpha-2
>
> Attachments: authentication.patch, authentication2.patch
>
>
> Currently our pipeline components cannot access URLs that require authentication.
> While it is possible to create specialized versions of each component and add authentication there, it shouldn't be too difficult to support this feature in every pipeline component we currently have.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (COCOON3-35) Support access to URLs that require
authentication.
Posted by "Reinhard Poetz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COCOON3-35?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Reinhard Poetz updated COCOON3-35:
----------------------------------
Fix Version/s: (was: 3.0.0-alpha-2)
3.0.0-alpha-3
Affects Version/s: (was: 3.0.0-alpha-1)
Moving it to alpha-3 - don't know if I have enough time to provide the integration test.
> Support access to URLs that require authentication.
> ---------------------------------------------------
>
> Key: COCOON3-35
> URL: https://issues.apache.org/jira/browse/COCOON3-35
> Project: Cocoon 3
> Issue Type: New Feature
> Components: cocoon-sax, cocoon-stax, cocoon-stringtemplate
> Reporter: Steven Dolg
> Assignee: Cocoon Developers Team
> Priority: Minor
> Fix For: 3.0.0-alpha-3
>
> Attachments: authentication.patch, authentication2.patch
>
>
> Currently our pipeline components cannot access URLs that require authentication.
> While it is possible to create specialized versions of each component and add authentication there, it shouldn't be too difficult to support this feature in every pipeline component we currently have.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.