You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rpc-dev@xml.apache.org by Dejan Bosanac <de...@datagate.co.yu> on 2002/12/09 12:33:56 UTC

AuthenticatedXmlRpcHandler improvment

Hi,
I'm new to this list so I'm sorry if my question has already been discussed.

Recently, I had to use Basic authentication with XMLRPC, but I didn't 
like the idea to be bounded only to execute() method. Instead, I wanted 
to be able to call all methods from my class, but just to have basic 
user/pass authentication before. Something like this:

XmlRpcClient xmlrpc = new XmlRpcClient("localhost", rpcPort);
xmlrpc.setBasicAuthentication(rpcUsername, rpcPassword);
xmlrpc.execute("$default.shutdown", new Vector());

To do that I did the following:

1. Made my RPC handler to implements AuthenticatedXmlRpcHandler

2. Implemented execute() method like this:

public Object execute(String method, Vector params, String username, 
String password) throws Exception {
           if (!authenticate(username, password))
           	throw new AuthenticationFailed("Bad username or password 
supplied!");

           Invoker target = new Invoker(this);
           return target.execute(method, params);
}


The execute() method performs authentication and then creates Invoker 
object (I had to use v1.2) to do the rest of the job.

Now, why shouldn't we modify AuthenticatedXmlRpcHandler (or add some new 
interface) to support just authenticate() method to perform some custom 
user authentication and leave the rest of the job to be done in the 
invokeHandler() method of XmlRpcWorker class.

I could implemented it fast if you are interested in such a functionality.

Regards,
Dejan