> a class called Base64.java in httpclient which does what
> you need
The Base64 class is currently package-access only, so I can't currently use
it, but it's the perfect choice if they expose it publicly.
> I have sent an email to the commons list...
Any responses?
> I would prefer to have them in the client package...
This was my original choice, but it "contaminated" the WebRequest object as
it is now reliant on the client package. But if it's alright by you, then
it's alright by me. :) I think the authentication subpackage is a good idea
as well.
Any other thoughts on the "context root" requirement in the form
authentication? I could change the wording around and say I need the "login
page" (to detect the redirect) and a "security servlet" (to do the login,
would allow for variations in its location if we found there to ever be
any). Then, you'd create a FormAuthentication object like this:
theRequest.setAuthentication(
new FormAuthentication(
"userid",
"password",
"http://localhost/Sample/login.html";,
"http://localhost/Sample/j_security_check";));
The 4th argument could be optional, the default would be to assume to login
page is at the root of the web app and just remove the "login.html" and
replace with "j_security_check" to get the login servlet.
And finally, any comments on the AbstractHttpClient data flow heading into
the callGetResult method? This is the "the authentication object is
necessary in this call so how does it get there" issue.
Jason
-----Original Message-----
From: Vincent Massol [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 03, 2002 2:23 PM
To: 'Cactus Developers List'
Subject: RE: Adding Authentication To Cactus
> -----Original Message-----
> From: Robertson, Jason [mailto:[EMAIL PROTECTED]]
> Sent: 28 December 2001 16:34
> To: '[EMAIL PROTECTED]'
> Subject: Adding Authentication To Cactus
>
[snip]
>
> Small Issues:
>
> - I didn't use java.security.Principal to hold the userId because it
> didn't
> seem to buy me much. This could easily be changed if necessary.
> - Similarly, commons-httpclient has a UsernamePasswordCredentials
object
> which seems similar to my AbstractAuthentication Object minus the
> configure
> method, but I didn't get the code for it yet and can't verify exactly
what
> is does.
> - Is there a base64Encode method somewhere that I could be using
instead
> of
> pasting my own into the BasicAuthentication class?
There is a class called Base64.java in httpclient which does what you
need. As a matter of fact I am considering moving Cactus to httpclient
for the HTTP connection. I'm just not sure whether to do it before
applying your patch or after ... :-)
It seems also that HttpClient currently does not support Basic or
Form-based authentication. I have sent an email to the commons list to
confirm this and asked whether it would be in-scope to implement it in
HttpClient and then just reuse that in Cactus.
> - I put the Abstract & BasicAuthentication objects in the util
package,
> only
> so I wouldn't have to pull any other package into WebReqeust. If they
> belong
> somewhere more appropriate (and I'm betting they do), let me know.
>
As they are client side, I would prefer to have them in the client
package. They could go in an authorization subpackage though.
-Vincent
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
