You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@commons.apache.org by "Sean C. Sullivan" <se...@seansullivan.com> on 2002/02/18 06:09:52 UTC

[httpclient] HTTP Digest authentication

I was looking at the 

    org.apache.commons.httpclient.Authenticator

class.  The class implements "Basic" authentication only.

It does not implement the "Digest" authentication scheme.

The Digest authentication scheme is described in RFC 2617:

  ftp://ftp.isi.edu/in-notes/rfc2617.txt

Is anybody planning to implement Digest authentication?

Is there a reason why it has not been implemented?

Would it be worthwhile for me to implement Digest 
authentication?

-Sean



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: [httpclient] HTTP Digest authentication

Posted by Remy Maucherat <re...@apache.org>.

> > I was looking at the
> >
> >     org.apache.commons.httpclient.Authenticator
> >
> > class.  The class implements "Basic" authentication only.
> >
> > It does not implement the "Digest" authentication scheme.
> >
> > The Digest authentication scheme is described in RFC 2617:
> >
> >   ftp://ftp.isi.edu/in-notes/rfc2617.txt
> >
> > Is anybody planning to implement Digest authentication?
> >
> > Is there a reason why it has not been implemented?
>
> As far as I am concerned, it's 100% lack of time.
> Digest is quite important in the WebDAV world, so I'm interested in the
> funtionality.
>
> > Would it be worthwhile for me to implement Digest
> > authentication?
>
> Only if you feel like it.
> Tomcat 4 has an implementation of DIGEST you can test against on the
server
> side.

Ooops, sorry, I just realized that was already implemented in Slide.
I attach the authenticator, which can be used as a good starting point.

If everyone is ok with it, I can merge the code with the code in the commons
HTTP client authenticator.

Remy

Re: [httpclient] HTTP Digest authentication

Posted by Remy Maucherat <re...@apache.org>.

> I was looking at the
>
>     org.apache.commons.httpclient.Authenticator
>
> class.  The class implements "Basic" authentication only.
>
> It does not implement the "Digest" authentication scheme.
>
> The Digest authentication scheme is described in RFC 2617:
>
>   ftp://ftp.isi.edu/in-notes/rfc2617.txt
>
> Is anybody planning to implement Digest authentication?
>
> Is there a reason why it has not been implemented?

As far as I am concerned, it's 100% lack of time.
Digest is quite important in the WebDAV world, so I'm interested in the
funtionality.

> Would it be worthwhile for me to implement Digest
> authentication?

Only if you feel like it.
Tomcat 4 has an implementation of DIGEST you can test against on the server
side.

Remy


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>