You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fop-dev@xmlgraphics.apache.org by bu...@apache.org on 2002/06/14 21:47:40 UTC

DO NOT REPLY [Bug 9880] New: - URL-Authentication in org.apache.fop.image

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9880>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9880

URL-Authentication in org.apache.fop.image

           Summary: URL-Authentication in org.apache.fop.image
           Product: Fop
           Version: 0.20.3
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: images
        AssignedTo: fop-dev@xml.apache.org
        ReportedBy: ms@bitset.de


Dear Eric,

in a project we needed an Apache Webserver authentication via URL. 

The project is a content management system based on the Tamino
XML-Server. Documents can be presented either in HTML or in 
PDF format, this is where FOP comes in the place.

Due to security issues we protected an URL-path with Basic Authentication.
This lead to HTTP 401 errors when trying to get image files into the
FOP process by an HttpRequest.

We added some lines of code to the following classes from the 
package org.apache.fop.image:
BmpImage 
JimiImage 
JAIImage 
JpegImage 
GifImage 
FopImageFactory

We replaced the invocation of the methods URL.getContent() and
URL.openStream() by this code (with slight differences in either
class):

<!--------- snip ------------>

java.net.URLConnection urlCon = this.m_href.openConnection(); 
String userpass = this.m_href.getUserInfo(); 
String auth = "Basic " + new 
             sun.misc.BASE64Encoder().encode(userpass.getBytes()); 
urlCon.setRequestProperty("Authorization", auth); 
ImageProducer ip = (ImageProducer)urlCon.getContent();

<!--------- snap ------------>

We made a straight forward approch with hard encoding of our 
user/password requirements. You should of course better replace
this by invocation of the URL-method getUserInfo() which returns
a colon seperated string "user:password". Maybe you still have
to check whether it is null or not.

Thanks for your good work in the ASF, we hope this info is
helpful for your work!

with best regards

Marko Petersen
Malte Schnack

PS: If you need the amended source files pls contact either
Marko (mp@bitset.de) or me (ms@bitset.de)

---------------------------------------------------------------------
To unsubscribe, e-mail: fop-dev-unsubscribe@xml.apache.org
For additional commands, email: fop-dev-help@xml.apache.org