You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@axis.apache.org by "Dinesh Weerapurage (JIRA)" <ji...@apache.org> on 2012/11/08 04:04:13 UTC
[jira] [Assigned] (AXIS2C-1370) Axis should support libcurl's other
auth types (not just basic)
[ https://issues.apache.org/jira/browse/AXIS2C-1370?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dinesh Weerapurage reassigned AXIS2C-1370:
------------------------------------------
Assignee: Dinesh Weerapurage (was: S.Uthaiyashankar)
> Axis should support libcurl's other auth types (not just basic)
> ---------------------------------------------------------------
>
> Key: AXIS2C-1370
> URL: https://issues.apache.org/jira/browse/AXIS2C-1370
> Project: Axis2-C
> Issue Type: Improvement
> Components: transport/http
> Affects Versions: 1.6.0
> Reporter: Incarnadine
> Assignee: Dinesh Weerapurage
> Fix For: Next Version
>
> Attachments: axis2c-1370.diff, axis2_libcurl.c.diff, options.c.diff
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> Looking over axis2_libcurl_set_auth_options() I see it only allows basic auth.
> if (auth_type &&
> 0 == axutil_strcmp(auth_type, AXIS2_HTTP_AUTH_TYPE_BASIC))
> {
> curl_easy_setopt(handler, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
> }
> else
> {
> /* Uses anonymous connection.*/
> }
> If new schemes can be enabled as easily as mapping Axis options to Libcurl, this would appear to be an easy fix. Other supported values to be mapped include:
> CURLAUTH_BASIC
> HTTP Basic authentication. This is the default choice, and the only method that is in wide-spread use and supported virtually everywhere. This is sending the user name and password over the network in plain text, easily captured by others.
> CURLAUTH_DIGEST
> HTTP Digest authentication. Digest authentication is defined in RFC2617 and is a more secure way to do authentication over public networks than the regular old-fashioned Basic method.
> CURLAUTH_GSSNEGOTIATE
> HTTP GSS-Negotiate authentication. The GSS-Negotiate (also known as plain "Negotiate") method was designed by Microsoft and is used in their web applications. It is primarily meant as a support for Kerberos5 authentication but may be also used along with another authentication methods. For more information see IETF draft draft-brezak-spnego-http-04.txt.
> You need to build libcurl with a suitable GSS-API library for this to work.
> CURLAUTH_NTLM
> HTTP NTLM authentication. A proprietary protocol invented and used by Microsoft. It uses a challenge-response and hash concept similar to Digest, to prevent the password from being eavesdropped.
> You need to build libcurl with OpenSSL support for this option to work, or build libcurl on Windows.
> CURLAUTH_ANY
> This is a convenience macro that sets all bits and thus makes libcurl pick any it finds suitable. libcurl will automatically select the one it finds most secure.
> CURLAUTH_ANYSAFE
> This is a convenience macro that sets all bits except Basic and thus makes libcurl pick any it finds suitable. libcurl will automatically select the one it finds most secure.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org