You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cxf.apache.org by Christian Schneider <ch...@die-schneider.net> on 2010/12/24 11:18:06 UTC

Request for feedback: Second step of http auth change

I have prepared another change for the http auth. The reason why I ask 
you guys for feedback again is that this changes the HttpAuthSupplier 
interface in an incompatible way.
Is that ok or do we have to first deprecate the interface and add the 
new one in parallel?

After this patch practically all auth stuff is moved out of HttpConduit.

Here are the details of the patch:

    * Replacing HttpConduit with AuthorizationPolicy in HttpAuthSupplier
      interface
      => This eliminates a circular dependency with HttpConduit and
      allows to reuse the interface for proxy auth
    * removed realm parameter from HttpAuthSupplier
      => The parameter is not necessary as the realm can always be
      extracted from the full auth token
    * Moving auth stuff into a package http.auth
      => As I change the interface and so loose backwards compatibility
      I also sorted the classes
    * Add proxyAuthSupplier in Httpcondduit and use it for proxy auth
      like authSupplier for serve auth
      => This change makes proxy auth and server auth very similar.
      Currently there is no retransmit for 407 reponses but it can
      easily added now. All one step authentications should work with
      this change already
    * Removed HttpBasicAuthSupplier
      => I hope this is ok. I doubt it was used frequently by customers
      anyway

https://issues.apache.org/jira/browse/CXF-3216

Best regards

Christian

-- 
----
http://www.liquid-reality.de