You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-users@xerces.apache.org by Chris Knight <ck...@email.arc.nasa.gov> on 2005/08/05 01:38:06 UTC
basic authentication for NetAccessors
Given that the XMLURL type has getUser and getPassword, what about
supporting basic authentication in the NetAccessors classes? I have
tried a piece of code but I'm not particularly familiar with the memory
management and internationalization mechanisms in Xerces so I'm probably
writing bad code. ;^>
I'd very much like to be able to say, in Xalan-C++, <xsl:variable
name="foo" select="document('http://user:pass@host:port/path')"/> and
have it perform authentication. I believe the user and pass make it all
the way to the NetAccessors but (in at least the Socket impl) is not
utilized.
Thanks for the consideration and keep me informed. If I get my code
working, I'll send it back to the list. I don't plan on subscribing, I'm
on enough Apache lists already.
Re: basic authentication for NetAccessors
Posted by Chris Knight <ck...@email.arc.nasa.gov>.
I'll give it a try. FYI, I created a "feature" request in Jira right
before I received your e-mail:
http://issues.apache.org/jira/browse/XERCESC-1472
Alberto Massari wrote:
> Hi Chris,
> thanks for the patch: I have modified it (to match the current coding
> style, fix the memory leaks and to remove the line feeds that Base64
> adds to the data it encodes) and committed. Please check if the 2.7
> baseline works for you.
Re: basic authentication for NetAccessors
Posted by Chris Knight <ck...@email.arc.nasa.gov>.
Alberto Massari wrote:
> thanks for the patch: I have modified it (to match the current coding
> style, fix the memory leaks and to remove the line feeds that Base64
> adds to the data it encodes) and committed. Please check if the 2.7
> baseline works for you.
An update: this (and 2.7 baseline in general) works just fine, thanks
for the fixes and hopefully this add will be helpful to others.
Re: basic authentication for NetAccessors
Posted by Alberto Massari <am...@datadirect.com>.
Hi Chris,
thanks for the patch: I have modified it (to match the current coding
style, fix the memory leaks and to remove the line feeds that Base64
adds to the data it encodes) and committed. Please check if the 2.7
baseline works for you.
Thanks
Alberto
At 14.29 05/08/2005 -0700, Chris Knight wrote:
>I wrote:
>
>>Given that the XMLURL type has getUser and getPassword, what about
>>supporting basic authentication in the NetAccessors classes? I have
>>tried a piece of code but I'm not particularly familiar with the memory
>>management and internationalization mechanisms in Xerces so I'm probably
>>writing bad code. ;^>
>
>
>Ok, figgered it out and it works like a charm (I can now specify
>http://user:pass@host:port URL's). Stumbled over some XMLCh vs. char
>* and using the Base64 class (needs better docs, namely that
>Base64::encode returns a UTF-8, null-terminated string with a CRLF
>at the end of it).
>
>Here's the diffs, feel free to incorporate into the official
>distribution. Apologies for not complying with the variable naming,
>indention, etc...I spend far more time with httpd and C modules than
>C++. Note that these diffs are to the 2.6.0 release of
>UnixHTTPURLInputStream.cpp .
>
>If there are any bugs introduced by this code, please correct me.
>(Is there a memory leak? I'm assuming the fMemoryManager is a
>pooling memory manager so I need not worry about freeing what I allocate.)
>
>---diff below---
>
>*** util/NetAccessors/Socket/UnixHTTPURLInputStream.cpp 2004-09-08
>06:56:35.000000000 -0700
>--- /home/xdb/UnixHTTPURLInputStream.cpp 2005-08-05
>14:21:01.000000000 -0700
>***************
>*** 127,132 ****
>--- 127,133 ----
> #include <xercesc/util/TransService.hpp>
> #include <xercesc/util/TranscodingException.hpp>
> #include <xercesc/util/PlatformUtils.hpp>
>+ #include <xercesc/util/Base64.hpp>
> XERCES_CPP_NAMESPACE_BEGIN
>***************
>*** 211,216 ****
>--- 212,219 ----
> const XMLCh* path = urlSource.getPath();
> const XMLCh* fragment = urlSource.getFragment();
> const XMLCh* query = urlSource.getQuery();
>+ const XMLCh* username = urlSource.getUser();
>+ const XMLCh* password = urlSource.getPassword();
> //
> // Convert the hostName to the platform's code page for
> gethostbyname and
>***************
>*** 371,376 ****
>--- 374,399 ----
> }
> strcat(fBuffer, CRLF);
>+ if (username && password)
>+ {
>+ unsigned int len = XMLString::stringLen(username) +
>XMLString::stringLen(password) + 1;
>+ char* userPass = (char *)fMemoryManager->allocate((len +
>1) * sizeof(*userPass));
>+ char* encodedData;
>+
>+ userPass[0] = '\0';
>+ strcat(userPass, XMLString::transcode(username, fMemoryManager));
>+ strcat(userPass, ":");
>+ strcat(userPass, XMLString::transcode(password, fMemoryManager));
>+ encodedData = (char *)Base64::encode((XMLByte *)userPass,
>strlen(userPass), &len, fMemoryManager);
>+
>+ if (encodedData)
>+ {
>+ char *authorization = (char
>*)fMemoryManager->allocate((strlen("Authorization: Basic ") + len +
>3) * sizeof(*authorization));
>+ sprintf(authorization, "Authorization: Basic %s", encodedData);
>+ strcat(fBuffer, authorization);
>+ }
>+ }
>+
> if(httpInfo!=0 && httpInfo->fHeaders!=0)
> strncat(fBuffer,httpInfo->fHeaders,httpInfo->fHeadersLen);
Re: basic authentication for NetAccessors
Posted by Chris Knight <ck...@email.arc.nasa.gov>.
Chris Knight wrote:
> Actually, I believe all code I develop is considered public domain and
> can be included in your codebase without license concern. I can
> verify, if needed.
Confirmed, my curiousity drove me:
http://cendi.dtic.mil/publications/04-8copyright.html#315
Re: basic authentication for NetAccessors
Posted by Alberto Massari <am...@datadirect.com>.
Thanks,
Alberto
At 12.45 09/08/2005 -0700, Chris Knight wrote:
>Alberto Massari wrote:
>
>>Hi Chris,
>>according to the Xerces' charter
>>(http://xerces.apache.org/charter.html, §
>>7.3) we need to ask you some questions in
>>order to clean up any licensing issue:
>>
>>a) What is your name and employer?
>
>National Aeronautics and Space Administration (US Government).
>
>>b) Are you the author of the code being contributed?
>
>Yes.
>
>>c) Do you have the right to grant the copyright
>>and patent licenses for the contribution that
>>are set forth in the ASF v.2.0 license
>>(http://www.apache.org/licenses/LICENSE-2.0)?
>
>Actually, I believe all code I develop is
>considered public domain and can be included in
>your codebase without license concern. I can verify, if needed.
>
>>d) Does your employer have any rights to code
>>that you have written, for example, through
>>your contract for employment? If so, has your
>>employer given you permission to contribute the
>>code on its behalf or waived its rights in the code?
>
>I believe NASA has no rights to the code.
>
>>e) Are you aware of any third-party licenses or
>>other restrictions (such as related patents or
>>trademarks) that could apply to your contribution? If so, what are they?
>
>Nope.
Re: basic authentication for NetAccessors
Posted by Chris Knight <ck...@email.arc.nasa.gov>.
Alberto Massari wrote:
> Hi Chris,
> according to the Xerces' charter
> (http://xerces.apache.org/charter.html, § 7.3) we need to ask you
> some questions in order to clean up any licensing issue:
>
> a) What is your name and employer?
National Aeronautics and Space Administration (US Government).
> b) Are you the author of the code being contributed?
Yes.
> c) Do you have the right to grant the copyright and patent licenses
> for the contribution that are set forth in the ASF v.2.0 license
> (http://www.apache.org/licenses/LICENSE-2.0)?
Actually, I believe all code I develop is considered public domain and
can be included in your codebase without license concern. I can verify,
if needed.
> d) Does your employer have any rights to code that you have written,
> for example, through your contract for employment? If so, has your
> employer given you permission to contribute the code on its behalf or
> waived its rights in the code?
I believe NASA has no rights to the code.
> e) Are you aware of any third-party licenses or other restrictions
> (such as related patents or trademarks) that could apply to your
> contribution? If so, what are they?
Nope.
Re: basic authentication for NetAccessors
Posted by Alberto Massari <am...@datadirect.com>.
At 14.29 05/08/2005 -0700, Chris Knight wrote:
>[...]
>Here's the diffs, feel free to incorporate into
>the official distribution. Apologies for not
>complying with the variable naming, indention,
>etc...I spend far more time with httpd and C
>modules than C++. Note that these diffs are to
>the 2.6.0 release of UnixHTTPURLInputStream.cpp .
Hi Chris,
according to the Xerces' charter
(http://xerces.apache.org/charter.html, §
7.3) we need to ask you some questions in order
to clean up any licensing issue:
a) What is your name and employer?
b) Are you the author of the code being contributed?
c) Do you have the right to grant the copyright
and patent licenses for the contribution that are
set forth in the ASF v.2.0 license
(http://www.apache.org/licenses/LICENSE-2.0)?
d) Does your employer have any rights to code
that you have written, for example, through your
contract for employment? If so, has your employer
given you permission to contribute the code on
its behalf or waived its rights in the code?
e) Are you aware of any third-party licenses or
other restrictions (such as related patents or
trademarks) that could apply to your contribution? If so, what are they?
Thanks,
Alberto
Re: basic authentication for NetAccessors
Posted by Chris Knight <ck...@email.arc.nasa.gov>.
I wrote:
> Given that the XMLURL type has getUser and getPassword, what about
> supporting basic authentication in the NetAccessors classes? I have
> tried a piece of code but I'm not particularly familiar with the memory
> management and internationalization mechanisms in Xerces so I'm probably
> writing bad code. ;^>
Ok, figgered it out and it works like a charm (I can now specify
http://user:pass@host:port URL's). Stumbled over some XMLCh vs. char *
and using the Base64 class (needs better docs, namely that
Base64::encode returns a UTF-8, null-terminated string with a CRLF at
the end of it).
Here's the diffs, feel free to incorporate into the official
distribution. Apologies for not complying with the variable naming,
indention, etc...I spend far more time with httpd and C modules than
C++. Note that these diffs are to the 2.6.0 release of
UnixHTTPURLInputStream.cpp .
If there are any bugs introduced by this code, please correct me. (Is
there a memory leak? I'm assuming the fMemoryManager is a pooling memory
manager so I need not worry about freeing what I allocate.)
---diff below---
*** util/NetAccessors/Socket/UnixHTTPURLInputStream.cpp 2004-09-08
06:56:35.000000000 -0700
--- /home/xdb/UnixHTTPURLInputStream.cpp 2005-08-05
14:21:01.000000000 -0700
***************
*** 127,132 ****
--- 127,133 ----
#include <xercesc/util/TransService.hpp>
#include <xercesc/util/TranscodingException.hpp>
#include <xercesc/util/PlatformUtils.hpp>
+ #include <xercesc/util/Base64.hpp>
XERCES_CPP_NAMESPACE_BEGIN
***************
*** 211,216 ****
--- 212,219 ----
const XMLCh* path = urlSource.getPath();
const XMLCh* fragment = urlSource.getFragment();
const XMLCh* query =
urlSource.getQuery();
+ const XMLCh* username = urlSource.getUser();
+ const XMLCh* password = urlSource.getPassword();
//
// Convert the hostName to the platform's code page for
gethostbyname and
***************
*** 371,376 ****
--- 374,399 ----
}
strcat(fBuffer, CRLF);
+ if (username && password)
+ {
+ unsigned int len = XMLString::stringLen(username) +
XMLString::stringLen(password) + 1;
+ char* userPass = (char *)fMemoryManager->allocate((len + 1) *
sizeof(*userPass));
+ char* encodedData;
+
+ userPass[0] = '\0';
+ strcat(userPass, XMLString::transcode(username, fMemoryManager));
+ strcat(userPass, ":");
+ strcat(userPass, XMLString::transcode(password, fMemoryManager));
+ encodedData = (char *)Base64::encode((XMLByte *)userPass,
strlen(userPass), &len, fMemoryManager);
+
+ if (encodedData)
+ {
+ char *authorization = (char
*)fMemoryManager->allocate((strlen("Authorization: Basic ") + len + 3) *
sizeof(*authorization));
+ sprintf(authorization, "Authorization: Basic %s", encodedData);
+ strcat(fBuffer, authorization);
+ }
+ }
+
if(httpInfo!=0 && httpInfo->fHeaders!=0)
strncat(fBuffer,httpInfo->fHeaders,httpInfo->fHeadersLen);