You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rpc-dev@xml.apache.org by Ryan Hoegg <rh...@isisnetworks.net> on 2003/01/27 01:11:53 UTC
Authentication: Whose responsibility?
I know what you're thinking: Here we go again!
But I think we should revisit authentication now that we have abstracted
the transport from the XML-RPC client. As I go through implementing
(cleanly) my new XmlRpcTransport, I took a look at the authentication
piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.
It isn't there!
setBasicAuthentication is still a method of XmlRpcClient. Now, I don't
mind leaving it there for the comfort of our users (although I wouldn't
mind deprecating it) but I think we should make this functionality a
responsibility of the XmlRpcTransport instead. I will go ahead and do
this, but not commit it until tomorrow night (after dark EST) so you all
get a chance to veto me first :)
--
Ryan Hoegg
ISIS Networks
http://www.isisnetworks.net
Re: Authentication: Whose responsibility?
Posted by Ryan Hoegg <rh...@isisnetworks.net>.
Andrew Evers wrote:
>>But I think we should revisit authentication now that we have abstracted
>>the transport from the XML-RPC client. As I go through implementing
>>(cleanly) my new XmlRpcTransport, I took a look at the authentication
>>piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.
>>
>>It isn't there!
>>
>>
>
>Well, I'm not sure whether there should be a setBasicAuthentication() method
>on XmlRpcTransport, maybe a setAuthenticationInfo(Properties authInfo), and
>some standard properties (like USERNAME, PASSWORD).
>
>As far as {Default, Lite}XmlRpcTransport are concerned, there is no reason
>why they can't have a setBasicAuthentication method. This can be called
>after
>creating the transport and before passing it to anything else.
>
>Andrew.
>
We could leave the XmlRpcTransport interface as it is, and just put
setBasicAuthentication on any Transports that want to support it.
Currently I need some way to pass authentication credentials from
XmlRpcClient to its transport because I deprecated
XmlRpcClient.setBasicAuthentication but did not remove it. Removing it
would remove the need for the interface to support authentication.
--
Ryan Hoegg
ISIS Networks
http://www.isisnetworks.net
Re: Authentication: Whose responsibility?
Posted by Ryan Hoegg <rh...@isisnetworks.net>.
Andrew Evers wrote:
>>But I think we should revisit authentication now that we have abstracted
>>the transport from the XML-RPC client. As I go through implementing
>>(cleanly) my new XmlRpcTransport, I took a look at the authentication
>>piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.
>>
>>It isn't there!
>>
>>
>
>Well, I'm not sure whether there should be a setBasicAuthentication() method
>on XmlRpcTransport, maybe a setAuthenticationInfo(Properties authInfo), and
>some standard properties (like USERNAME, PASSWORD).
>
>As far as {Default, Lite}XmlRpcTransport are concerned, there is no reason
>why they can't have a setBasicAuthentication method. This can be called
>after
>creating the transport and before passing it to anything else.
>
>Andrew.
>
We could leave the XmlRpcTransport interface as it is, and just put
setBasicAuthentication on any Transports that want to support it.
Currently I need some way to pass authentication credentials from
XmlRpcClient to its transport because I deprecated
XmlRpcClient.setBasicAuthentication but did not remove it. Removing it
would remove the need for the interface to support authentication.
--
Ryan Hoegg
ISIS Networks
http://www.isisnetworks.net
Re: Authentication: Whose responsibility?
Posted by Ryan Hoegg <rh...@isisnetworks.net>.
Andrew Evers wrote:
>>But I think we should revisit authentication now that we have abstracted the transport from the XML-RPC client. As I go through implementing (cleanly) my new XmlRpcTransport, I took a look at the authentication piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.
>>
>>It isn't there!
>>
>>
>Well, I'm not sure whether there should be a setBasicAuthentication() method on XmlRpcTransport, maybe a setAuthenticationInfo(Properties authInfo), and some standard properties (like USERNAME, PASSWORD).
>
I don't think I like the idea of a public method signature for
authentication on XmlRpcTransport at all. I am going to try to find a
way to deprecate setBasicAuthentication and allow it to continue
functioning as users have come to expect. As current users have no
access to XmlRpcTransports, I am assuming that anyone calling
setBasicAuthentication will be using execute(String method, Vector
params) only. I will ignore any credentials given in
setBasicAuthentication() with the other method signatures. This will
all be in the javadocs.
--
Ryan Hoegg
ISIS Networks
http://www.isisnetworks.net
>
>
Re: Authentication: Whose responsibility?
Posted by Ryan Hoegg <rh...@isisnetworks.net>.
Andrew Evers wrote:
>>But I think we should revisit authentication now that we have abstracted the transport from the XML-RPC client. As I go through implementing (cleanly) my new XmlRpcTransport, I took a look at the authentication piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.
>>
>>It isn't there!
>>
>>
>Well, I'm not sure whether there should be a setBasicAuthentication() method on XmlRpcTransport, maybe a setAuthenticationInfo(Properties authInfo), and some standard properties (like USERNAME, PASSWORD).
>
I don't think I like the idea of a public method signature for
authentication on XmlRpcTransport at all. I am going to try to find a
way to deprecate setBasicAuthentication and allow it to continue
functioning as users have come to expect. As current users have no
access to XmlRpcTransports, I am assuming that anyone calling
setBasicAuthentication will be using execute(String method, Vector
params) only. I will ignore any credentials given in
setBasicAuthentication() with the other method signatures. This will
all be in the javadocs.
--
Ryan Hoegg
ISIS Networks
http://www.isisnetworks.net
>
>
Re: Authentication: Whose responsibility?
Posted by Andrew Evers <an...@redwood.com>.
> But I think we should revisit authentication now that we have abstracted
> the transport from the XML-RPC client. As I go through implementing
> (cleanly) my new XmlRpcTransport, I took a look at the authentication
> piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.
>
> It isn't there!
Well, I'm not sure whether there should be a setBasicAuthentication() method
on XmlRpcTransport, maybe a setAuthenticationInfo(Properties authInfo), and
some standard properties (like USERNAME, PASSWORD).
As far as {Default, Lite}XmlRpcTransport are concerned, there is no reason
why they can't have a setBasicAuthentication method. This can be called
after
creating the transport and before passing it to anything else.
Andrew.
Re: Authentication: Whose responsibility?
Posted by Andrew Evers <an...@redwood.com>.
> But I think we should revisit authentication now that we have abstracted
> the transport from the XML-RPC client. As I go through implementing
> (cleanly) my new XmlRpcTransport, I took a look at the authentication
> piece of DefaultXmlRpcTransport and LiteXmlRpcTransport.
>
> It isn't there!
Well, I'm not sure whether there should be a setBasicAuthentication() method
on XmlRpcTransport, maybe a setAuthenticationInfo(Properties authInfo), and
some standard properties (like USERNAME, PASSWORD).
As far as {Default, Lite}XmlRpcTransport are concerned, there is no reason
why they can't have a setBasicAuthentication method. This can be called
after
creating the transport and before passing it to anything else.
Andrew.