You are viewing a plain text version of this content. The canonical link for it is here.
Posted to xmlrpc-dev@ws.apache.org by Robbert-Jan Roos <rj...@roos.ws> on 2003/05/13 12:37:20 UTC
[PATCH] AuthenticatedXmlRpcHandler with client ip address.
Hello,
I needed an Authentication mechanism that also does client ip checking.
I've included a patch against the latest 2.0 cvs version that makes
this happen by changing the
execute(String method, Vector params, String user, String pass) in the
AuthenticatedXmlRpcHandler interface to
execute(String method, Vector params, XmlRpcContext context)
I have added an extra method
InetAddress getInetAddress() on the XmlRpcContext interface and
changes all implementing classes to the new interfaces.
Furthermore I ran into a NullPointerException in WebServer in the
parseAuth method. Which was silently ignored by
try {
...
} catch(Throwable ignore) {}
This is also fixed in the AddClientip.patch file. I added an extra
patch with only the fixed NullPointerException which doesn't change
any interfaces.
Robbert-Jan
Re: [PATCH] AuthenticatedXmlRpcHandler with client ip address.
Posted by Ryan Hoegg <rh...@isisnetworks.net>.
Hi,
The use case is great, but I have some concerns about the solution.
First, we already have a ContextXmlRpcHandler interface with the method
signature you added.
Second, this is only one other way in which a system administrator might
want to do authentication. It seems to me that an extensible
authentication API makes more sense, and is not too far off the current
state of the code.
Looking over the code, perhaps the AuthenticatedXmlRpcHandler interface
needs to go away and in its place, an AuthenticatedXmlRpcHandler class
should be created that implements ContextXmlRpcHandler. This class
would have a setAuthenticator(Authenticator auth) method that would
allow pluggable authentication. Probably an
AuthenticationFailedException could be used internally here to
communicate results of an authentication attempt.
The more I look at this, the more XmlRpcContext is looking like a Map or
a DynaBean rather than a concrete interface. That way, different kinds
of authentication credentials can be passed to the back end
Authenticator. Thoughts?
--
Ryan Hoegg
ISIS Networks
http://www.isisnetworks.net
>execute(String method, Vector params, String user, String pass) in the
>AuthenticatedXmlRpcHandler interface to
>execute(String method, Vector params, XmlRpcContext context)
>
>I have added an extra method
>InetAddress getInetAddress() on the XmlRpcContext interface and
>changes all implementing classes to the new interfaces.
>
>Furthermore I ran into a NullPointerException in WebServer in the
>parseAuth method. Which was silently ignored by
>
>try {
>...
>} catch(Throwable ignore) {}
>
>This is also fixed in the AddClientip.patch file. I added an extra
>patch with only the fixed NullPointerException which doesn't change
>any interfaces.
>
>
>Robbert-Jan
>
>
>------------------------------------------------------------------------
>
Re: [PATCH] AuthenticatedXmlRpcHandler with client ip address.
Posted by Dejan Bosanac <de...@datagate.co.yu>.
Hi all,
maybe we should merge this patch with patch for bug no. 16355
(http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16355)
I know realized that I haven't write 16355 patch for 2.0 code base.
Should I do it now?
Regards,
Dejan Bosanac
Robbert-Jan Roos wrote:
> Hello,
>
> I needed an Authentication mechanism that also does client ip checking.
>
> I've included a patch against the latest 2.0 cvs version that makes
> this happen by changing the
>
> execute(String method, Vector params, String user, String pass) in the
> AuthenticatedXmlRpcHandler interface to
> execute(String method, Vector params, XmlRpcContext context)
>
> I have added an extra method
> InetAddress getInetAddress() on the XmlRpcContext interface and
> changes all implementing classes to the new interfaces.
>
> Furthermore I ran into a NullPointerException in WebServer in the
> parseAuth method. Which was silently ignored by
>
> try {
> ...
> } catch(Throwable ignore) {}
>
> This is also fixed in the AddClientip.patch file. I added an extra
> patch with only the fixed NullPointerException which doesn't change
> any interfaces.
>
>
> Robbert-Jan
>
Re: [PATCH] AuthenticatedXmlRpcHandler with client ip address.
Posted by Dejan Bosanac <de...@datagate.co.yu>.
Hi all,
maybe we should merge this patch with patch for bug no. 16355
(http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16355)
I know realized that I haven't write 16355 patch for 2.0 code base.
Should I do it now?
Regards,
Dejan Bosanac
Robbert-Jan Roos wrote:
> Hello,
>
> I needed an Authentication mechanism that also does client ip checking.
>
> I've included a patch against the latest 2.0 cvs version that makes
> this happen by changing the
>
> execute(String method, Vector params, String user, String pass) in the
> AuthenticatedXmlRpcHandler interface to
> execute(String method, Vector params, XmlRpcContext context)
>
> I have added an extra method
> InetAddress getInetAddress() on the XmlRpcContext interface and
> changes all implementing classes to the new interfaces.
>
> Furthermore I ran into a NullPointerException in WebServer in the
> parseAuth method. Which was silently ignored by
>
> try {
> ...
> } catch(Throwable ignore) {}
>
> This is also fixed in the AddClientip.patch file. I added an extra
> patch with only the fixed NullPointerException which doesn't change
> any interfaces.
>
>
> Robbert-Jan
>