You are viewing a plain text version of this content. The canonical link for it is here.
Posted to xmlrpc-dev@ws.apache.org by Ryan Hoegg <rh...@isisnetworks.net> on 2003/01/22 20:18:07 UTC

Re: Authentication patch

Note: Taking discussion to xml-rpc-dev list.

For Dejan:

We have a short page on our site on contributing to the XML-RPC project:
http://xml.apache.org/xmlrpc/contributing.html

There are several things we like to see accompanying your contribution:
1. A feature request / bug report on http://nagoya.apache.org.  Anyone 
can register for a free account.   If not, a post to the dev list 
(rpc-dev@xml.apache.org) with [PATCH] in the title will work as well.
2. A clear and concise description of the problem you are trying to 
solve.  Your web site has this information, but it is more of a nice 
piece of documentation of your code than a description.  Put this 
description in the bug report, it will eventually end up in changes.xml.
3. A unit test that fails before your patch is applied and passes 
afterwards.  For new features, the fact that the unit test doesn't 
compile before your patch is OK.

For the other developers:
OK I took the time to read this.  It seems like the point of it is this 
(taken from the page):

 >All you have to do is to make your object implement AuthenticatedHandler
 >interface and write authenticate method:

>        public boolean authenticate(String username, String password);

 >Method should do whatever it takes to check if a username and password 
belongs to a valid user. It
 >could connect to a relational database, LDAP or any other user storage 
and return true if user is
 >permitted for a call or false otherwise. After authorization, client 
can make a call to any public method
 >of your handler.

And the substantive change to the code is here:

+                else if (handler instanceof AuthenticatedHandler)
+                {
+                        if (((AuthenticatedHandler)handler).authenticate(user, password))
+                        {
+                                Invoker invoker = new Invoker(handler);
+                                outParam = invoker.execute(methodName, inParams);
+                        }
+                        else
+                        {
+                                throw new XmlRpcException(0, "Username or password does not match");
+                        }
+                }

If we don't hear from Dejan again soon I will put this in nagoya and 
take it from there.

--
Ryan Hoegg
ISIS Networks
http://www.isisnetworks.net

Dejan Bosanac wrote:

> Hi,
> I've made a little patch for v1.1 library which alows you to expose any of
> your business objects as a authenticated handler.
> You can find more about it at
> http://solair.eunet.yu/~chuki/software/s001.html 
> <http://solair.eunet.yu/%7Echuki/software/s001.html>
> So if someone find it usefull ...
> Regards,
> Dejan