You are viewing a plain text version of this content. The canonical link for it is here.
Posted to xmlrpc-dev@ws.apache.org by "Jochen Wiedmann (JIRA)" <xm...@ws.apache.org> on 2006/05/10 14:52:05 UTC

[jira] Closed: (XMLRPC-65) HTTP Basic Authentication is unusable

     [ http://issues.apache.org/jira/browse/XMLRPC-65?page=all ]
     
Jochen Wiedmann closed XMLRPC-65:
---------------------------------

    Resolution: Won't Fix

The method is deprecated, because specifying the credentials is transport specific and XmlRpcClient.setBasicAuthentication binds you to the sun transport. I have added an FAQ entry, which shows the recommended way to specify credentials.


> HTTP Basic Authentication is unusable
> -------------------------------------
>
>          Key: XMLRPC-65
>          URL: http://issues.apache.org/jira/browse/XMLRPC-65
>      Project: XML-RPC
>         Type: Bug

>   Components: Releases, Source
>     Versions: 2.0
>     Reporter: Oded Arbel

>
> XmlRpcClient support for HTTP Basic Authentication is unusable.
> Apparently while calling XmlRpcClient.setBasicAuthentication() still works, it is deprecated and there is no simple alternative to use.
> The only other option is to create a DefaultXmlRpcTransportFactory, calling setBasicAuthentication() on it, and the passing it in the constructor to XmlRpcClient. this is bad for two reasons:
> 1) the URL has to be specified twice - once in the c'tor of the factory and once in the c'tor of the client.
> 2) It doesn't work - DefaultXmlRpcTransportFactory is broken and when using non-SSL connections, it does not initialize created transports with the basic authentication information (one reason is probably that the transport's c'tor that takes encoded basic auth is deprecated and as the factory saves auth information encoded, it has no way of providing it to the transport).
> Currently the only way I can make it work is to subclass DefaultXmlRpcTransportFactory and implement my own createTransport() call that calls setBasicAuthentication() on the created transport using externally stored auth info. This is undocumented and incredibly clanky.
> Possible Solutions:
> a) undeprecate XmlRpcClient.setBasicAuthentication(). 
> I don't see any reason not to let it work by doing what it currently does when no factory is supplied. If the user has supplied a factory then either XmlRpcClient can call setBasicAuthentication() on the factory or createed transport with the stored credentials (unlike factory, client stores the unencoded credentials), or it can just do what it currently does in that case (i.e. nothing) and assume that the provided factory knows how to setBasicAuthentication() properly
> b) Fix DefaultXmlRpcTransportFactory by storing the unencoded credentials and calling setBasicAuthentination() on the created transport before returning it.
> c) undeprecate the XmlRpcTransport c'tor that takes encoded auth info and let DefaultXmlRpcTransportFactory use that to construct transports.
> Also, either a+b or a+c can be implemented.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira