You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fop-dev@xmlgraphics.apache.org by bu...@apache.org on 2002/06/14 21:47:40 UTC
DO NOT REPLY [Bug 9880] New: -
URL-Authentication in org.apache.fop.image
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9880>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9880
URL-Authentication in org.apache.fop.image
Summary: URL-Authentication in org.apache.fop.image
Product: Fop
Version: 0.20.3
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Enhancement
Priority: Other
Component: images
AssignedTo: fop-dev@xml.apache.org
ReportedBy: ms@bitset.de
Dear Eric,
in a project we needed an Apache Webserver authentication via URL.
The project is a content management system based on the Tamino
XML-Server. Documents can be presented either in HTML or in
PDF format, this is where FOP comes in the place.
Due to security issues we protected an URL-path with Basic Authentication.
This lead to HTTP 401 errors when trying to get image files into the
FOP process by an HttpRequest.
We added some lines of code to the following classes from the
package org.apache.fop.image:
BmpImage
JimiImage
JAIImage
JpegImage
GifImage
FopImageFactory
We replaced the invocation of the methods URL.getContent() and
URL.openStream() by this code (with slight differences in either
class):
<!--------- snip ------------>
java.net.URLConnection urlCon = this.m_href.openConnection();
String userpass = this.m_href.getUserInfo();
String auth = "Basic " + new
sun.misc.BASE64Encoder().encode(userpass.getBytes());
urlCon.setRequestProperty("Authorization", auth);
ImageProducer ip = (ImageProducer)urlCon.getContent();
<!--------- snap ------------>
We made a straight forward approch with hard encoding of our
user/password requirements. You should of course better replace
this by invocation of the URL-method getUserInfo() which returns
a colon seperated string "user:password". Maybe you still have
to check whether it is null or not.
Thanks for your good work in the ASF, we hope this info is
helpful for your work!
with best regards
Marko Petersen
Malte Schnack
PS: If you need the amended source files pls contact either
Marko (mp@bitset.de) or me (ms@bitset.de)
---------------------------------------------------------------------
To unsubscribe, e-mail: fop-dev-unsubscribe@xml.apache.org
For additional commands, email: fop-dev-help@xml.apache.org