[jira] Created: (AXIS2C-1370) Axis should support libcurl's other auth types (not just basic)

Sat, 30 May 2009 10:36:30 -0700 

Axis should support libcurl's other auth types (not just basic)
---------------------------------------------------------------

                 Key: AXIS2C-1370
                 URL: https://issues.apache.org/jira/browse/AXIS2C-1370
             Project: Axis2-C
          Issue Type: Improvement
          Components: transport/http
    Affects Versions: 1.6.0
            Reporter: Aaron Oneal


Looking over axis2_libcurl_set_auth_options() I see it only allows basic auth.

if (auth_type && 
        0 == axutil_strcmp(auth_type, AXIS2_HTTP_AUTH_TYPE_BASIC))
    {
        curl_easy_setopt(handler, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    }
else
    {
        /* Uses anonymous connection.*/
    }

If new schemes can be enabled as easily as mapping Axis options to Libcurl, 
this would appear to be an easy fix. Other supported values to be mapped 
include:

CURLAUTH_BASIC 

HTTP Basic authentication. This is the default choice, and the only method that 
is in wide-spread use and supported virtually everywhere. This is sending the 
user name and password over the network in plain text, easily captured by 
others. 

CURLAUTH_DIGEST 

HTTP Digest authentication. Digest authentication is defined in RFC2617 and is 
a more secure way to do authentication over public networks than the regular 
old-fashioned Basic method. 

CURLAUTH_GSSNEGOTIATE 

HTTP GSS-Negotiate authentication. The GSS-Negotiate (also known as plain 
"Negotiate") method was designed by Microsoft and is used in their web 
applications. It is primarily meant as a support for Kerberos5 authentication 
but may be also used along with another authentication methods. For more 
information see IETF draft draft-brezak-spnego-http-04.txt. 

You need to build libcurl with a suitable GSS-API library for this to work. 

CURLAUTH_NTLM 

HTTP NTLM authentication. A proprietary protocol invented and used by 
Microsoft. It uses a challenge-response and hash concept similar to Digest, to 
prevent the password from being eavesdropped. 

You need to build libcurl with OpenSSL support for this option to work, or 
build libcurl on Windows. 

CURLAUTH_ANY 

This is a convenience macro that sets all bits and thus makes libcurl pick any 
it finds suitable. libcurl will automatically select the one it finds most 
secure. 

CURLAUTH_ANYSAFE 

This is a convenience macro that sets all bits except Basic and thus makes 
libcurl pick any it finds suitable. libcurl will automatically select the one 
it finds most secure. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to