[PATCH] AuthenticatedXmlRpcHandler with client ip address.

[Robbert-Jan Roos <rj...@roos.ws>]

Hello,

I needed an Authentication mechanism that also does client ip checking.

I've included a patch against the latest 2.0 cvs version that makes
this happen by changing the 

execute(String method, Vector params, String user, String pass) in the
AuthenticatedXmlRpcHandler interface to
execute(String method, Vector params, XmlRpcContext context)

I have added an extra method 
InetAddress getInetAddress() on the XmlRpcContext interface and
changes all implementing classes to the new interfaces.

Furthermore I ran into a NullPointerException in WebServer in the 
parseAuth method. Which was silently ignored by 

try {
...
} catch(Throwable ignore) {}

This is also fixed in the AddClientip.patch file. I added an extra
patch with only the fixed NullPointerException which doesn't change
any interfaces.


Robbert-Jan

Re: [PATCH] AuthenticatedXmlRpcHandler with client ip address.

[Ryan Hoegg <rh...@isisnetworks.net>]

Hi,

The use case is great, but I have some concerns about the solution.

First, we already have a ContextXmlRpcHandler interface with the method 
signature you added.

Second, this is only one other way in which a system administrator might 
want to do authentication.  It seems to me that an extensible 
authentication API makes more sense, and is not too far off the current 
state of the code.

Looking over the code, perhaps the AuthenticatedXmlRpcHandler interface 
needs to go away and in its place, an AuthenticatedXmlRpcHandler class 
should be created that implements ContextXmlRpcHandler.  This class 
would have a setAuthenticator(Authenticator auth) method that would 
allow pluggable authentication.  Probably an 
AuthenticationFailedException could be used internally here to 
communicate results of an authentication attempt.

The more I look at this, the more XmlRpcContext is looking like a Map or 
a DynaBean rather than a concrete interface.  That way, different kinds 
of authentication credentials can be passed to the back end 
Authenticator.  Thoughts?

--
Ryan Hoegg
ISIS Networks
http://www.isisnetworks.net

>execute(String method, Vector params, String user, String pass) in the
>AuthenticatedXmlRpcHandler interface to
>execute(String method, Vector params, XmlRpcContext context)
>
>I have added an extra method 
>InetAddress getInetAddress() on the XmlRpcContext interface and
>changes all implementing classes to the new interfaces.
>
>Furthermore I ran into a NullPointerException in WebServer in the 
>parseAuth method. Which was silently ignored by 
>
>try {
>...
>} catch(Throwable ignore) {}
>
>This is also fixed in the AddClientip.patch file. I added an extra
>patch with only the fixed NullPointerException which doesn't change
>any interfaces.
>
>
>Robbert-Jan
>  
>
>------------------------------------------------------------------------
>

Re: [PATCH] AuthenticatedXmlRpcHandler with client ip address.

[Dejan Bosanac <de...@datagate.co.yu>]

Hi all,
maybe we should merge this patch with patch for bug no. 16355
(http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16355)

I know realized that I haven't write 16355 patch for 2.0 code base.
Should I do it now?

Regards,
Dejan Bosanac

Robbert-Jan Roos wrote:
> Hello,
> 
> I needed an Authentication mechanism that also does client ip checking.
> 
> I've included a patch against the latest 2.0 cvs version that makes
> this happen by changing the 
> 
> execute(String method, Vector params, String user, String pass) in the
> AuthenticatedXmlRpcHandler interface to
> execute(String method, Vector params, XmlRpcContext context)
> 
> I have added an extra method 
> InetAddress getInetAddress() on the XmlRpcContext interface and
> changes all implementing classes to the new interfaces.
> 
> Furthermore I ran into a NullPointerException in WebServer in the 
> parseAuth method. Which was silently ignored by 
> 
> try {
> ...
> } catch(Throwable ignore) {}
> 
> This is also fixed in the AddClientip.patch file. I added an extra
> patch with only the fixed NullPointerException which doesn't change
> any interfaces.
> 
> 
> Robbert-Jan
> 

Re: [PATCH] AuthenticatedXmlRpcHandler with client ip address.

[Dejan Bosanac <de...@datagate.co.yu>]

Hi all,
maybe we should merge this patch with patch for bug no. 16355 
(http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16355)

I know realized that I haven't write 16355 patch for 2.0 code base. 
Should I do it now?

Regards,
Dejan Bosanac

Robbert-Jan Roos wrote:
> Hello,
> 
> I needed an Authentication mechanism that also does client ip checking.
> 
> I've included a patch against the latest 2.0 cvs version that makes
> this happen by changing the 
> 
> execute(String method, Vector params, String user, String pass) in the
> AuthenticatedXmlRpcHandler interface to
> execute(String method, Vector params, XmlRpcContext context)
> 
> I have added an extra method 
> InetAddress getInetAddress() on the XmlRpcContext interface and
> changes all implementing classes to the new interfaces.
> 
> Furthermore I ran into a NullPointerException in WebServer in the 
> parseAuth method. Which was silently ignored by 
> 
> try {
> ...
> } catch(Throwable ignore) {}
> 
> This is also fixed in the AddClientip.patch file. I added an extra
> patch with only the fixed NullPointerException which doesn't change
> any interfaces.
> 
> 
> Robbert-Jan
>