You are viewing a plain text version of this content. The canonical link for it is here.
Posted to xmlrpc-dev@ws.apache.org by "Dave Pederson (JIRA)" <xm...@ws.apache.org> on 2006/08/14 22:08:14 UTC
[jira] Commented: (XMLRPC-102) Basic username and password don't
get sent to the Servlet
[ http://issues.apache.org/jira/browse/XMLRPC-102?page=comments#action_12427959 ]
Dave Pederson commented on XMLRPC-102:
--------------------------------------
I have found that the issue in question occurs in the HttpUtils.parseAuthorization method. The problem is that it never parses the encoded information which needs to be set in the configuration object passed. I have found a work-around if anyone is interested (you basically implement your own parseAuthorization method):
Create two sub-classes. One that extends XmlRpcHttpRequestConfigImpl and another that extends XmlRpcServlet. Here an example of a class that extends XmlRpcHttpRequestConfigImpl:
import javax.servlet.http.HttpServletRequest;
import org.apache.ws.commons.util.Base64;
import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
public class MyHttpRqstConfig extends XmlRpcHttpRequestConfigImpl
{
public MyHttpRqstConfig(HttpServletRequest request)
{
setConfig(request);
}
private void setConfig(HttpServletRequest request)
{
parseAuthorization(request.getHeader("Authorization"));
}
private void parseAuthorization(String encoded)
{
if (encoded == null)
{
return;
}
int index = encoded.indexOf(' ');
if (index < 0)
{
return;
}
index++;
String auth = encoded.substring(index, encoded.length());
try
{
byte[] decoded = Base64.decode(auth.toCharArray(), 0, auth.length());
String str = new String(decoded);
int col = str.indexOf(':');
if (col >= 0)
{
String username = str.substring(0, col);
super.setBasicUserName(username);
String password = str.substring(col+1);
super.setBasicPassword(password);
}
}
catch (Throwable ignore) {}
}
}
Then, override the following method in your servlet implementation:
protected XmlRpcServletServer newXmlRpcServer(ServletConfig pConfig) throws XmlRpcException
{
return new XmlRpcServletServer()
{
protected XmlRpcHttpRequestConfigImpl newConfig(HttpServletRequest request)
{
return new MyHttpRqstConfig(request);
}
};
}
Now you can access the username and password from your AuthenticationHandler class
public boolean isAuthorized(XmlRpcRequest request)
{
MyHttpRqstConfig config = (MyHttpRqstConfig) request.getConfig();
return "foo".equals(config.getBasicUserName()) && "bar".equals(config.getBasicPassword());
}
I have tested the above concepts from running a custom XmlRpcServlet within the ServletWebServer class and from within a Tomcat servlet container. Hope this helps someone.
> Basic username and password don't get sent to the Servlet
> ---------------------------------------------------------
>
> Key: XMLRPC-102
> URL: http://issues.apache.org/jira/browse/XMLRPC-102
> Project: XML-RPC
> Issue Type: Bug
> Components: Source
> Affects Versions: 3.0rc1
> Environment: Tested issue on Ubutu Linux Dapper Drake x86 and OS X 10.4.7 on a MacBook Pro
> Reporter: Dave Pederson
> Priority: Minor
>
> Username and password authentication are not working with the WebServer class. An example is to extend PropertyHandlerMapping.AuthenticationHandler and implement (here is just an example) the following method:
> public boolean isAuthorized(XmlRpcRequest pRequest)
> {
> if (pRequest.getConfig() instanceof RequestData)
> {
> RequestData data = (RequestData) pRequest.getConfig();
> System.out.println("username = "+data.getBasicUserName());
> System.out.println("password = "+data.getBasicPassword());
> }
> }
> This class is then instantiated and set as the authentication handler in the WebServer's PropertyHandlerMapping when the WebServer is created and started. Then, on the client side, I set the username and password in the configuration as seen below:
> XmlRpcClientConfigImpl config = new XmlRpcClientConfigImpl();
> config.setServerUrl("http://127.0.0.1:8080/xmlrpc");
> config.setBasicUserName("adst-test");
> config.setBasicPassword("adst-test#@!");
> XmlRpcClient client = new XmlRpcClient();
> client.setConfig(config);
> Object[] params = new Object[]{new Integer(1), new HashMap()};
> Map result = (Map) client.execute("AssignmentService.getAssignees", params);
> The remote method call executes successfully, however, the System.out statements always reveals the following on the server:
> username = null
> password = null
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira