Authentication: Whose responsibility?

[Ryan Hoegg <rh...@isisnetworks.net>]

I know what you're thinking: Here we go again!

But I think we should revisit authentication now that we have abstracted 
the transport from the XML-RPC client.  As I go through implementing 
(cleanly) my new XmlRpcTransport, I took a look at the authentication 
piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.

It isn't there!

setBasicAuthentication is still a method of XmlRpcClient.  Now, I don't 
mind leaving it there for the comfort of our users (although I wouldn't 
mind deprecating it) but I think we should make this functionality a 
responsibility of the XmlRpcTransport instead.  I will go ahead and do 
this, but not commit it until tomorrow night (after dark EST) so you all 
get a chance to veto me first :)

--
Ryan Hoegg
ISIS Networks
http://www.isisnetworks.net

Re: Authentication: Whose responsibility?

[Ryan Hoegg <rh...@isisnetworks.net>]

Andrew Evers wrote:

>>But I think we should revisit authentication now that we have abstracted
>>the transport from the XML-RPC client.  As I go through implementing
>>(cleanly) my new XmlRpcTransport, I took a look at the authentication
>>piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.
>>
>>It isn't there!
>>    
>>
>
>Well, I'm not sure whether there should be a setBasicAuthentication() method
>on XmlRpcTransport, maybe a setAuthenticationInfo(Properties authInfo), and
>some standard properties (like USERNAME, PASSWORD).
>
>As far as {Default, Lite}XmlRpcTransport are concerned, there is no reason
>why they can't have a setBasicAuthentication method. This can be called
>after
>creating the transport and before passing it to anything else.
>
>Andrew.
>
We could leave the XmlRpcTransport interface as it is, and just put 
setBasicAuthentication on any Transports that want to support it. 
 Currently I need some way to pass authentication credentials from 
XmlRpcClient to its transport because I deprecated 
XmlRpcClient.setBasicAuthentication but did not remove it.  Removing it 
would remove the need for the interface to support authentication.

--
Ryan Hoegg
ISIS Networks
http://www.isisnetworks.net

Re: Authentication: Whose responsibility?

[Ryan Hoegg <rh...@isisnetworks.net>]

Andrew Evers wrote:

>>But I think we should revisit authentication now that we have abstracted
>>the transport from the XML-RPC client.  As I go through implementing
>>(cleanly) my new XmlRpcTransport, I took a look at the authentication
>>piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.
>>
>>It isn't there!
>>    
>>
>
>Well, I'm not sure whether there should be a setBasicAuthentication() method
>on XmlRpcTransport, maybe a setAuthenticationInfo(Properties authInfo), and
>some standard properties (like USERNAME, PASSWORD).
>
>As far as {Default, Lite}XmlRpcTransport are concerned, there is no reason
>why they can't have a setBasicAuthentication method. This can be called
>after
>creating the transport and before passing it to anything else.
>
>Andrew.
>
We could leave the XmlRpcTransport interface as it is, and just put 
setBasicAuthentication on any Transports that want to support it. 
 Currently I need some way to pass authentication credentials from 
XmlRpcClient to its transport because I deprecated 
XmlRpcClient.setBasicAuthentication but did not remove it.  Removing it 
would remove the need for the interface to support authentication.

--
Ryan Hoegg
ISIS Networks
http://www.isisnetworks.net

Re: Authentication: Whose responsibility?

[Ryan Hoegg <rh...@isisnetworks.net>]

Andrew Evers wrote:

>>But I think we should revisit authentication now that we have abstracted the transport from the XML-RPC client.  As I go through implementing (cleanly) my new XmlRpcTransport, I took a look at the authentication piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.
>>
>>It isn't there!
>>    
>>
>Well, I'm not sure whether there should be a setBasicAuthentication() method on XmlRpcTransport, maybe a setAuthenticationInfo(Properties authInfo), and some standard properties (like USERNAME, PASSWORD).
>
I don't think I like the idea of a public method signature for 
authentication on XmlRpcTransport at all.  I am going to try to find a 
way to deprecate setBasicAuthentication and allow it to continue 
functioning as users have come to expect.  As current users have no 
access to XmlRpcTransports, I am assuming that anyone calling 
setBasicAuthentication will be using execute(String method, Vector 
params) only.  I will ignore any credentials given in 
setBasicAuthentication() with the other method signatures.  This will 
all be in the javadocs.

--
Ryan Hoegg
ISIS Networks
http://www.isisnetworks.net

>  
>

Re: Authentication: Whose responsibility?

[Ryan Hoegg <rh...@isisnetworks.net>]

Andrew Evers wrote:

>>But I think we should revisit authentication now that we have abstracted the transport from the XML-RPC client.  As I go through implementing (cleanly) my new XmlRpcTransport, I took a look at the authentication piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.
>>
>>It isn't there!
>>    
>>
>Well, I'm not sure whether there should be a setBasicAuthentication() method on XmlRpcTransport, maybe a setAuthenticationInfo(Properties authInfo), and some standard properties (like USERNAME, PASSWORD).
>
I don't think I like the idea of a public method signature for 
authentication on XmlRpcTransport at all.  I am going to try to find a 
way to deprecate setBasicAuthentication and allow it to continue 
functioning as users have come to expect.  As current users have no 
access to XmlRpcTransports, I am assuming that anyone calling 
setBasicAuthentication will be using execute(String method, Vector 
params) only.  I will ignore any credentials given in 
setBasicAuthentication() with the other method signatures.  This will 
all be in the javadocs.

--
Ryan Hoegg
ISIS Networks
http://www.isisnetworks.net

>  
>

Re: Authentication: Whose responsibility?

[Andrew Evers <an...@redwood.com>]

> But I think we should revisit authentication now that we have abstracted
> the transport from the XML-RPC client.  As I go through implementing
> (cleanly) my new XmlRpcTransport, I took a look at the authentication
> piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.
>
> It isn't there!

Well, I'm not sure whether there should be a setBasicAuthentication() method
on XmlRpcTransport, maybe a setAuthenticationInfo(Properties authInfo), and
some standard properties (like USERNAME, PASSWORD).

As far as {Default, Lite}XmlRpcTransport are concerned, there is no reason
why they can't have a setBasicAuthentication method. This can be called
after
creating the transport and before passing it to anything else.

Andrew.

Re: Authentication: Whose responsibility?

[Andrew Evers <an...@redwood.com>]

> But I think we should revisit authentication now that we have abstracted
> the transport from the XML-RPC client.  As I go through implementing
> (cleanly) my new XmlRpcTransport, I took a look at the authentication
> piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.
>
> It isn't there!

Well, I'm not sure whether there should be a setBasicAuthentication() method
on XmlRpcTransport, maybe a setAuthenticationInfo(Properties authInfo), and
some standard properties (like USERNAME, PASSWORD).

As far as {Default, Lite}XmlRpcTransport are concerned, there is no reason
why they can't have a setBasicAuthentication method. This can be called
after
creating the transport and before passing it to anything else.

Andrew.