Add support for digest authentication to web queries

[Sandro Martini <sa...@gmail.com>]

Hi to all,
I've just started to make some test on the question "Add support for
digest authentication to web queries" (
http://issues.apache.org/jira/browse/PIVOT-43 ), and after some search
I've seen that Apache Tomcat, Apache HTTP Client (and many other
projects) have their implementation of this, already working, tested,
etc.

So, to avoid reinvent the wheel, would it be possible to start from
one of these implementation (like that of the latest Tomcat 6), and
make the necessary modifications to adapt to Pivot ?
Having the same Apache license is think this is possible, but there is
a right way to do this (referring the project in the source, and maybe
also in other places) ?

Then, I'd like to test it accessing protected resources from Tomcat,
ands maybe also on other common Servers, like Apache HTTPD, and if i
find time also on Jetty and Grizzly.
But for the Server side code of these tests, I'm thinking to provide
only one, and describe what to do on others ...

What do you think ?

Thanks,
Sandro

Re: Add support for digest authentication to web queries

[Greg Brown <gk...@mac.com>]

>It's possible that i could need to modify a little also the
>BasicAuthentication, don't know at the moment. But I've seen that
>there isn't a base class fir this in Pivot, and nor a dedicated
>package like pivot.web.authentication.

Right - DigestAuthentication should implement Authentication and go in pivot.web.

>Some time ago i wrote something like this to access WebSphere 5.x
>protected resources, and we could need similar things to access
>protected resources on other common servers ... but this is future
>work, and this could go in the Demos project ...

Yup - application-specific authenticators could go in Demos.

Re: Add support for digest authentication to web queries

[Sandro Martini <sa...@gmail.com>]

Ok, thanks to all for the info.

Sandro

Re: Add support for digest authentication to web queries

[Todd Volkert <tv...@gmail.com>]

> Yes, my first approach is looking at the related classes in Apache
> Tomcat 6.0.18, but the real question here was to our mentors (or
> others of us), if there is a right apache-way to do this:
> - need to include some reference to original code (still if only some
> portion is used and adapted) ?
> - is required a description on this only in the related Pivot sources,
> or also in some other part (for example in one of general files like
> requirements etc) ?
> - other to do ?

You can use and modify any Apache 2 licensed code.  We'll just need to
give the proper notice in the NOTICE file.

Re: Add support for digest authentication to web queries

[Sandro Martini <sa...@gmail.com>]

Hi to all,

> We don't want to create additional dependencies if we can avoid it. But I'm also not sure that it would meet our needs even if we did.
I was imaging this, and I agree.

> This task refers to the creation of an implementation of pivot.web.Authentication that supports digest authentication (we currently only support BasicAuthentication). However, I'm sure there is existing code in one or more Apache projects that we could take advantage of and adapt to use in this class.
Yes, my first approach is looking at the related classes in Apache
Tomcat 6.0.18, but the real question here was to our mentors (or
others of us), if there is a right apache-way to do this:
- need to include some reference to original code (still if only some
portion is used and adapted) ?
- is required a description on this only in the related Pivot sources,
or also in some other part (for example in one of general files like
requirements etc) ?
- other to do ?


It's possible that i could need to modify a little also the
BasicAuthentication, don't know at the moment. But I've seen that
there isn't a base class fir this in Pivot, and nor a dedicated
package like pivot.web.authentication.

One time this is working, future work could be to implement other
authorization types.
Some time ago i wrote something like this to access WebSphere 5.x
protected resources, and we could need similar things to access
protected resources on other common servers ... but this is future
work, and this could go in the Demos project ...

What do you think ?


For the moment, thanks to all,
Sandro

Re: Add support for digest authentication to web queries

[Greg Brown <gk...@mac.com>]

>Could just use the apache http client library (i.e. make it a
>dependency), which seems to support most of the extensions to the HTTP
>protocols.
>No point in duplicating code unnecessarily.

We don't want to create additional dependencies if we can avoid it. But I'm also not sure that it would meet our needs even if we did. This task refers to the creation of an implementation of pivot.web.Authentication that supports digest authentication (we currently only support BasicAuthentication). However, I'm sure there is existing code in one or more Apache projects that we could take advantage of and adapt to use in this class.

Re: Add support for digest authentication to web queries

[Noel Grandin <no...@gmail.com>]

Could just use the apache http client library (i.e. make it a
dependency), which seems to support most of the extensions to the HTTP
protocols.
No point in duplicating code unnecessarily.

Sandro Martini wrote:
> Hi to all,
> I've just started to make some test on the question "Add support for
> digest authentication to web queries" (
> http://issues.apache.org/jira/browse/PIVOT-43 ), and after some search
> I've seen that Apache Tomcat, Apache HTTP Client (and many other
> projects) have their implementation of this, already working, tested,
> etc.
>
> So, to avoid reinvent the wheel, would it be possible to start from
> one of these implementation (like that of the latest Tomcat 6), and
> make the necessary modifications to adapt to Pivot ?
> Having the same Apache license is think this is possible, but there is
> a right way to do this (referring the project in the source, and maybe
> also in other places) ?
>
> Then, I'd like to test it accessing protected resources from Tomcat,
> ands maybe also on other common Servers, like Apache HTTPD, and if i
> find time also on Jetty and Grizzly.
> But for the Server side code of these tests, I'm thinking to provide
> only one, and describe what to do on others ...
>
> What do you think ?
>
> Thanks,
> Sandro
>