You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Christian Schneider (JIRA)" <ji...@apache.org> on 2010/12/22 20:37:03 UTC
[jira] Updated: (CXF-3216) Refactor http authentication to make it
more flexible and simpler
[ https://issues.apache.org/jira/browse/CXF-3216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christian Schneider updated CXF-3216:
-------------------------------------
Attachment: CXF-3216-1.patch
I have now refactored the authentication of the http transport so the basic auth is now supported by DefaultBasicAuthSupplier. Spnego is now also supported using a SpnegoAuthSupplier.
Basic, Digest and Spnego / Kerberos auth can now be configured by simply setting the AuthType in the AuthorizationPolicy. The HttpConduit then creates a HttpAuthSupplier on the fly if none is configured explicitly. Still an AuthoriationPolicy on the message overrides the AuthorizationPolicy on the Conduit.
I have also added a system test for DigestAuthSupplier as I changed the code and wanted to make sure it really works against a jetty insstance.
There are some possible compatibility issues with my patch:
- The first thing is that the HttpAuthSupplier is cached so it is created only once. If you later change the Authtype the supplier will stay the same. This can be solved by deleting the authSupplier so it is recreated.
- The HttpAuthsupplier now overrides the AuthorizationPolicy on the message. Before the AuthorizationPolicy on the message would override the AuthSupplier. I donĀ“t think anyone really would use this
- If the message content is to be cached is now only determined by calling the requiresRequestCaching method on the authsupplier. Before the authSupplier was also asked for premptiveAuthentication. If this did not return null the message was also cached. I think this is not necessary as the authsupplier can still decide if caching is needed.
- Currently you can set authType and authorization on the authorizationPolicy. This is then used to directly create the authorization header. This is used by the old spnego interceptor I added recently. I removed this feature as it is only really usable in an interceptor and it can be done better by creating a custom authSupplier
Additionally I would like to remove the feature of setting an AuthorizationPolicy on the message. This would allow us to make the authsuppliers independent of conduit and message in the future.
I also would like to introduce an authSupplier for proxy auth and handling of 407 responses so we can support multi phase authentications with a proxy.
> Refactor http authentication to make it more flexible and simpler
> -----------------------------------------------------------------
>
> Key: CXF-3216
> URL: https://issues.apache.org/jira/browse/CXF-3216
> Project: CXF
> Issue Type: Improvement
> Components: Transports
> Affects Versions: 2.3.1
> Reporter: Christian Schneider
> Assignee: Christian Schneider
> Attachments: CXF-3216-1.patch
>
>
> The http authentication should be completely based on authSupplier. The HttpConduit should simply delegate to it.
> We should also remove some of the other auth config options besides authorizationPolicy on conduit.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.