You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Oleg Kalnichevski <o....@dplanet.ch> on 2003/05/10 16:29:38 UTC
[PATCH] Authentication Realm & Proxy Authentication Realm
Adrian,
In the future get*HeaderGroup will be made public. I would not change
HttpAuthenticator.selectAuthScheme() just to work around limitations of
the existing API. So, how about this for a compromise solution?
Cheers
Oleg
On Fri, 2003-05-09 at 03:55, Adrian Sutton wrote:
> Well, it's my turn to start updating our product to the latest
> HttpClient and while it's generally going well I've run into my first
> problem - hopefully I'm just missing something really simple.
>
> I'm trying to retrieve the realm for authentication using the simple
> method for doing so we were meant to add a little while back, but I
> can't find that simple method... Currently, I'm trying to use
> HttpAuthenticator.selectAuthScheme() to get the scheme then call
> getRealm() on that followed by a special case of it being null (for
> NTLM) where we use the host name. There's two problems with this:
>
> 1. It's more difficult than just parsing the auth challenge myself.
> 2. selectAuthScheme() parses every header that's passed to it so we
> need to do what HttpMethodBase does ie:
> HttpAuthenticator.selectAuthScheme(getResponseHeaderGroup().getHeaders(H
> ttpAuthenticator.WWW_AUTH)));
>
> The problem is that getResponseHeaderGroup() is protected so I'd have
> to manually weed out the authentication headers. What I'd really like
> is a simple method in HttpMethod like:
>
> public String getAuthenticationRealm();
>
> and
>
> public String getProxyAuthenticationRealm();
>
> I'd also be happy if it were in HttpAuthenticator and accepted either
> the full array of headers or the actual HttpMethod. Finding out what
> authentication method will be used should be similar (possibly getting
> NTLMScheme to return something other than null for getRealm and
> changing HttpAuthenticator.selectAuthScheme to take the full array of
> headers would be the best option).
>
> I can produce the patches for doing this and have no particular
> preference on whether it goes into 2.0 or 2.1 (we have to maintain our
> own fork anyway because you can't use JCE from an applet and we need
> NTLM).
>
> Hopefully though, I just missed a really obvious method and I'll slap
> myself and move on. :)
>
> Regards,
>
> Adrian Sutton.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
Re: [PATCH] Authentication Realm & Proxy Authentication Realm
Posted by Oleg Kalnichevski <o....@dplanet.ch>.
Patch applied
Oleg
On Mon, 2003-05-12 at 20:53, Michael Becke wrote:
> Fine with me.
>
> Mike
>
> Oleg Kalnichevski wrote:
> > Here it is
> >
> > Oleg
> >
> > On Mon, 2003-05-12 at 20:37, Michael Becke wrote:
> >
> >>I can't seem to locate the patch. Could you send it again?
> >>
> >>Mike
> >>
> >>Oleg Kalnichevski wrote:
> >>
> >>>Are there any objections to committing this patch?
> >>>
> >>>Oleg
> >>>
> >>>On Sat, 2003-05-10 at 23:31, Adrian Sutton wrote:
> >>>
> >>>
> >>>>Oleg,
> >>>>I wouldn't call that a compromise - I'd call that the ideal solution!
> >>>>:) We'd still need to grab the authentication header to check if NTLM
> >>>>authentication is being used (so we know whether to ask for a domain or
> >>>>not) but that's no hassle since it's just a simple check for the
> >>>>presence of "ntlm" in the auth challenge.
> >>>>
> >>>>Thanks for looking into it.
> >>>>
> >>>>Regards,
> >>>>
> >>>>Adrian.
> >>>>
> >>>>On Sunday, May 11, 2003, at 12:29 AM, Oleg Kalnichevski wrote:
> >>>>
> >>>>
> >>>>
> >>>>>Adrian,
> >>>>>In the future get*HeaderGroup will be made public. I would not change
> >>>>>HttpAuthenticator.selectAuthScheme() just to work around limitations of
> >>>>>the existing API. So, how about this for a compromise solution?
> >>>>>
> >>>>>Cheers
> >>>>>
> >>>>>Oleg
> >>>>>
> >>>>
> >>>>
> >>>>---------------------------------------------------------------------
> >>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>>>
> >>>
> >>>
> >>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>
> >>
> >>
> >>------------------------------------------------------------------------
> >>
> >>Index: java/org/apache/commons/httpclient/HttpMethodBase.java
> >>===================================================================
> >>RCS file: /home/cvspublic/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java,v
> >>retrieving revision 1.145
> >>diff -u -r1.145 HttpMethodBase.java
> >>--- java/org/apache/commons/httpclient/HttpMethodBase.java 8 May 2003 17:33:51 -0000 1.145
> >>+++ java/org/apache/commons/httpclient/HttpMethodBase.java 12 May 2003 18:45:02 -0000
> >>@@ -174,9 +174,15 @@
> >> /** Realms that we tried to authenticate to */
> >> private Set realms = null;
> >>
> >>+ /** Actual authentication realm */
> >>+ private String realm = null;
> >>+
> >> /** Proxy Realms that we tried to authenticate to */
> >> private Set proxyRealms = null;
> >>
> >>+ /** Actual proxy authentication realm */
> >>+ private String proxyRealm = null;
> >>+
> >> /** My request path. */
> >> private String path = null;
> >>
> >>@@ -195,7 +201,7 @@
> >> /** Whether or not I should automatically follow redirects. */
> >> private boolean followRedirects = false;
> >>
> >>- /** Whether or not I should automatically processs authentication. */
> >>+ /** Whether or not I should automatically process authentication. */
> >> private boolean doAuthentication = true;
> >>
> >> /** Whether or not I should use the HTTP/1.1 protocol. */
> >>@@ -1263,6 +1269,8 @@
> >> path = null;
> >> followRedirects = false;
> >> doAuthentication = true;
> >>+ realm = null;
> >>+ proxyRealm = null;
> >> queryString = null;
> >> getRequestHeaderGroup().clear();
> >> getResponseHeaderGroup().clear();
> >>@@ -2420,11 +2428,13 @@
> >> removeRequestHeader(HttpAuthenticator.WWW_AUTH_RESP);
> >> authenticated = HttpAuthenticator.authenticate(
> >> authscheme, this, conn, state);
> >>+ this.realm = authscheme.getRealm();
> >> break;
> >> case HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED:
> >> removeRequestHeader(HttpAuthenticator.PROXY_AUTH_RESP);
> >> authenticated = HttpAuthenticator.authenticateProxy(
> >> authscheme, this, conn, state);
> >>+ this.proxyRealm = authscheme.getRealm();
> >> break;
> >> }
> >> } catch (AuthenticationException e) {
> >>@@ -2448,6 +2458,26 @@
> >> }
> >>
> >> /**
> >>+ * Returns proxy authentication realm, if it has been used during authentication process.
> >>+ * Otherwise returns <tt>null</tt>.
> >>+ *
> >>+ * @return proxy authentication realm
> >>+ */
> >>+ public String getProxyAuthenticationRealm() {
> >>+ return this.proxyRealm;
> >>+ }
> >>+
> >>+ /**
> >>+ * Returns authentication realm, if it has been used during authentication process.
> >>+ * Otherwise returns <tt>null</tt>.
> >>+ *
> >>+ * @return authentication realm
> >>+ */
> >>+ public String getAuthenticationRealm() {
> >>+ return this.realm;
> >>+ }
> >>+
> >>+ /**
> >> * Write a request and read the response. Both the write to the server will
> >> * be retried {@link #maxRetries} times if the operation fails with a
> >> * HttpRecoverableException. The write will only be attempted if the read
> >>@@ -2677,5 +2707,4 @@
> >> this.responseBody = null;
> >> this.responseStream = responseStream;
> >> }
> >>-
> >> }
> >>
> >>
> >>
> >>------------------------------------------------------------------------
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
Re: [PATCH] Authentication Realm & Proxy Authentication Realm
Posted by Michael Becke <be...@u.washington.edu>.
Fine with me.
Mike
Oleg Kalnichevski wrote:
> Here it is
>
> Oleg
>
> On Mon, 2003-05-12 at 20:37, Michael Becke wrote:
>
>>I can't seem to locate the patch. Could you send it again?
>>
>>Mike
>>
>>Oleg Kalnichevski wrote:
>>
>>>Are there any objections to committing this patch?
>>>
>>>Oleg
>>>
>>>On Sat, 2003-05-10 at 23:31, Adrian Sutton wrote:
>>>
>>>
>>>>Oleg,
>>>>I wouldn't call that a compromise - I'd call that the ideal solution!
>>>>:) We'd still need to grab the authentication header to check if NTLM
>>>>authentication is being used (so we know whether to ask for a domain or
>>>>not) but that's no hassle since it's just a simple check for the
>>>>presence of "ntlm" in the auth challenge.
>>>>
>>>>Thanks for looking into it.
>>>>
>>>>Regards,
>>>>
>>>>Adrian.
>>>>
>>>>On Sunday, May 11, 2003, at 12:29 AM, Oleg Kalnichevski wrote:
>>>>
>>>>
>>>>
>>>>>Adrian,
>>>>>In the future get*HeaderGroup will be made public. I would not change
>>>>>HttpAuthenticator.selectAuthScheme() just to work around limitations of
>>>>>the existing API. So, how about this for a compromise solution?
>>>>>
>>>>>Cheers
>>>>>
>>>>>Oleg
>>>>>
>>>>
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>>>
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>
>>
>>
>>------------------------------------------------------------------------
>>
>>Index: java/org/apache/commons/httpclient/HttpMethodBase.java
>>===================================================================
>>RCS file: /home/cvspublic/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java,v
>>retrieving revision 1.145
>>diff -u -r1.145 HttpMethodBase.java
>>--- java/org/apache/commons/httpclient/HttpMethodBase.java 8 May 2003 17:33:51 -0000 1.145
>>+++ java/org/apache/commons/httpclient/HttpMethodBase.java 12 May 2003 18:45:02 -0000
>>@@ -174,9 +174,15 @@
>> /** Realms that we tried to authenticate to */
>> private Set realms = null;
>>
>>+ /** Actual authentication realm */
>>+ private String realm = null;
>>+
>> /** Proxy Realms that we tried to authenticate to */
>> private Set proxyRealms = null;
>>
>>+ /** Actual proxy authentication realm */
>>+ private String proxyRealm = null;
>>+
>> /** My request path. */
>> private String path = null;
>>
>>@@ -195,7 +201,7 @@
>> /** Whether or not I should automatically follow redirects. */
>> private boolean followRedirects = false;
>>
>>- /** Whether or not I should automatically processs authentication. */
>>+ /** Whether or not I should automatically process authentication. */
>> private boolean doAuthentication = true;
>>
>> /** Whether or not I should use the HTTP/1.1 protocol. */
>>@@ -1263,6 +1269,8 @@
>> path = null;
>> followRedirects = false;
>> doAuthentication = true;
>>+ realm = null;
>>+ proxyRealm = null;
>> queryString = null;
>> getRequestHeaderGroup().clear();
>> getResponseHeaderGroup().clear();
>>@@ -2420,11 +2428,13 @@
>> removeRequestHeader(HttpAuthenticator.WWW_AUTH_RESP);
>> authenticated = HttpAuthenticator.authenticate(
>> authscheme, this, conn, state);
>>+ this.realm = authscheme.getRealm();
>> break;
>> case HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED:
>> removeRequestHeader(HttpAuthenticator.PROXY_AUTH_RESP);
>> authenticated = HttpAuthenticator.authenticateProxy(
>> authscheme, this, conn, state);
>>+ this.proxyRealm = authscheme.getRealm();
>> break;
>> }
>> } catch (AuthenticationException e) {
>>@@ -2448,6 +2458,26 @@
>> }
>>
>> /**
>>+ * Returns proxy authentication realm, if it has been used during authentication process.
>>+ * Otherwise returns <tt>null</tt>.
>>+ *
>>+ * @return proxy authentication realm
>>+ */
>>+ public String getProxyAuthenticationRealm() {
>>+ return this.proxyRealm;
>>+ }
>>+
>>+ /**
>>+ * Returns authentication realm, if it has been used during authentication process.
>>+ * Otherwise returns <tt>null</tt>.
>>+ *
>>+ * @return authentication realm
>>+ */
>>+ public String getAuthenticationRealm() {
>>+ return this.realm;
>>+ }
>>+
>>+ /**
>> * Write a request and read the response. Both the write to the server will
>> * be retried {@link #maxRetries} times if the operation fails with a
>> * HttpRecoverableException. The write will only be attempted if the read
>>@@ -2677,5 +2707,4 @@
>> this.responseBody = null;
>> this.responseStream = responseStream;
>> }
>>-
>> }
>>
>>
>>
>>------------------------------------------------------------------------
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
[PATCH] Authentication Realm & Proxy Authentication Realm
Posted by Oleg Kalnichevski <o....@dplanet.ch>.
Here it is
Oleg
On Mon, 2003-05-12 at 20:37, Michael Becke wrote:
> I can't seem to locate the patch. Could you send it again?
>
> Mike
>
> Oleg Kalnichevski wrote:
> > Are there any objections to committing this patch?
> >
> > Oleg
> >
> > On Sat, 2003-05-10 at 23:31, Adrian Sutton wrote:
> >
> >>Oleg,
> >>I wouldn't call that a compromise - I'd call that the ideal solution!
> >>:) We'd still need to grab the authentication header to check if NTLM
> >>authentication is being used (so we know whether to ask for a domain or
> >>not) but that's no hassle since it's just a simple check for the
> >>presence of "ntlm" in the auth challenge.
> >>
> >>Thanks for looking into it.
> >>
> >>Regards,
> >>
> >>Adrian.
> >>
> >>On Sunday, May 11, 2003, at 12:29 AM, Oleg Kalnichevski wrote:
> >>
> >>
> >>>Adrian,
> >>>In the future get*HeaderGroup will be made public. I would not change
> >>>HttpAuthenticator.selectAuthScheme() just to work around limitations of
> >>>the existing API. So, how about this for a compromise solution?
> >>>
> >>>Cheers
> >>>
> >>>Oleg
> >>>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >>
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
Re: [PATCH] Authentication Realm & Proxy Authentication Realm
Posted by Michael Becke <be...@u.washington.edu>.
I can't seem to locate the patch. Could you send it again?
Mike
Oleg Kalnichevski wrote:
> Are there any objections to committing this patch?
>
> Oleg
>
> On Sat, 2003-05-10 at 23:31, Adrian Sutton wrote:
>
>>Oleg,
>>I wouldn't call that a compromise - I'd call that the ideal solution!
>>:) We'd still need to grab the authentication header to check if NTLM
>>authentication is being used (so we know whether to ask for a domain or
>>not) but that's no hassle since it's just a simple check for the
>>presence of "ntlm" in the auth challenge.
>>
>>Thanks for looking into it.
>>
>>Regards,
>>
>>Adrian.
>>
>>On Sunday, May 11, 2003, at 12:29 AM, Oleg Kalnichevski wrote:
>>
>>
>>>Adrian,
>>>In the future get*HeaderGroup will be made public. I would not change
>>>HttpAuthenticator.selectAuthScheme() just to work around limitations of
>>>the existing API. So, how about this for a compromise solution?
>>>
>>>Cheers
>>>
>>>Oleg
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
Re: [PATCH] Authentication Realm & Proxy Authentication Realm
Posted by Oleg Kalnichevski <o....@dplanet.ch>.
Are there any objections to committing this patch?
Oleg
On Sat, 2003-05-10 at 23:31, Adrian Sutton wrote:
> Oleg,
> I wouldn't call that a compromise - I'd call that the ideal solution!
> :) We'd still need to grab the authentication header to check if NTLM
> authentication is being used (so we know whether to ask for a domain or
> not) but that's no hassle since it's just a simple check for the
> presence of "ntlm" in the auth challenge.
>
> Thanks for looking into it.
>
> Regards,
>
> Adrian.
>
> On Sunday, May 11, 2003, at 12:29 AM, Oleg Kalnichevski wrote:
>
> > Adrian,
> > In the future get*HeaderGroup will be made public. I would not change
> > HttpAuthenticator.selectAuthScheme() just to work around limitations of
> > the existing API. So, how about this for a compromise solution?
> >
> > Cheers
> >
> > Oleg
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
Re: [PATCH] Authentication Realm & Proxy Authentication Realm
Posted by Adrian Sutton <ad...@intencha.com>.
Oleg,
I wouldn't call that a compromise - I'd call that the ideal solution!
:) We'd still need to grab the authentication header to check if NTLM
authentication is being used (so we know whether to ask for a domain or
not) but that's no hassle since it's just a simple check for the
presence of "ntlm" in the auth challenge.
Thanks for looking into it.
Regards,
Adrian.
On Sunday, May 11, 2003, at 12:29 AM, Oleg Kalnichevski wrote:
> Adrian,
> In the future get*HeaderGroup will be made public. I would not change
> HttpAuthenticator.selectAuthScheme() just to work around limitations of
> the existing API. So, how about this for a compromise solution?
>
> Cheers
>
> Oleg
>