Hi all,
As discussed offline with Thilina,
<!-- Authenticator Configurations for java.net.Authenticator -->
<NetworkAuthenticatorConfig>
<Credential>
<!--
the pattern that would match a subset of URLs for which
this credential
would be used
-->
<Pattern>.*</Pattern>
<!--
the type of the network connection. Allowed values are:
1. server
2. proxy
-->
<Type>server</Type>
<!-- the username used to log in to server/proxy -->
<Username>name</Username>
<!-- the password used to log in to server/proxy -->
<Password>password</Password>
</Credential>
<Credential>
<!--
the pattern that would match a subset of URLs for which
this credential
would be used
-->
<Pattern>.*</Pattern>
<!--
the type of the network connection. Allowed values are:
1. server
2. proxy
-->
<Type>proxy</Type>
<!-- the username used to log in to server/proxy -->
<Username>name</Username>
<!-- the password used to log in to server/proxy -->
<Password>password</Password>
</Credential>
</NetworkAuthenticatorConfig>
is what we agreed to add. NetworkAuthenticatorConfig makes it much clearer
that it applies to NetworkAuthenticator, compared to AuthenticatorConfig
which would give one a feeling that its for all authenticators.
Thanks,
Senaka.
On Wed, Sep 7, 2011 at 1:35 PM, Senaka Fernando <[email protected]> wrote:
> Hi Thilina/Prabath,
>
> On Wed, Sep 7, 2011 at 12:26 PM, Senaka Fernando <[email protected]> wrote:
>
>>
>>
>> On Wed, Sep 7, 2011 at 12:17 PM, Thilina Buddhika <[email protected]>wrote:
>>
>>>
>>>
>>> On Wed, Sep 7, 2011 at 11:51 AM, Senaka Fernando <[email protected]>wrote:
>>>
>>>> That's a choice we need to make; but this still is an Authenticator
>>>> (which is an extension of the standard java.net.Authenticator - a part of
>>>> JAAS). Realizing that we had a special authenticator configuration file, I
>>>> thought it'd be more appropriate to place it there (compared to
>>>> carbon.xml).
>>>>
>>>> Our authenticators help external entities (users, systems) log into our
>>>> server, and this authenticator helps our server log into external entities
>>>> (systems - servers, proxies), which is the difference.
>>>>
>>>
>>> Exactly. That is why I said it is not correct to place them in the same
>>> file. The location you picked is correct (carbon.xml). But the configuration
>>> element should be renamed.
>>>
>>
>> But, won't calling this something other than authenticator be wrong. This
>> is an authenticator (at least Java defines it as such) - so why rename? If
>> we do that, we'd be saying Foo is where you define the
>> java.net.Authenticator. So why not Foo == Authenticator (which makes it
>> obvious)?
>>
>> IMHO, I think we defining our own world is not the best option, when it
>> comes to some standard practice.
>>
>
> Ok, what if we add the following to carbon.xml?
>
>
> <!-- Authenticator Configurations for java.net.Authenticator -->
> <NetworkAuthenticator>
>
> <Credential>
> <!--
> the pattern that would match a subset of URLs for which
> this credential
>
> would be used
> -->
> <Pattern>.*</Pattern>
> <!--
> the type of the network connection. Allowed values are:
>
> 1. server
> 2. proxy
> -->
> <Type>server</Type>
> <!-- the username used to log in to server/proxy -->
> <Username>name</Username>
> <!-- the password used to log in to server/proxy -->
> <Password>password</Password>
> </Credential>
> <Credential>
> <!--
> the pattern that would match a subset of URLs for which
> this credential
>
> would be used
> -->
> <Pattern>.*</Pattern>
> <!--
> the type of the network connection. Allowed values are:
>
> 1. server
> 2. proxy
> -->
> <Type>proxy</Type>
> <!-- the username used to log in to server/proxy -->
> <Username>name</Username>
> <!-- the password used to log in to server/proxy -->
> <Password>password</Password>
> </Credential>
> </NetworkAuthenticator>
>
> Thanks,
> Senaka.
>
>>
>> Thanks,
>> Senaka.
>>
>>
>>> Thanks,
>>> Thilina
>>>
>>>
>>>>
>>>> Thanks,
>>>> Senaka.
>>>>
>>>>
>>>> On Wed, Sep 7, 2011 at 10:59 AM, Thilina Buddhika <[email protected]>wrote:
>>>>
>>>>> But authenticators.xml is for Carbon Authenticators. And this is for a
>>>>> different purpose. So having them in a single file does not make sense to
>>>>> me.
>>>>
>>>>
>>>>> Thanks,
>>>>> Thilina
>>>>>
>>>>> On Wed, Sep 7, 2011 at 10:42 AM, Senaka Fernando <[email protected]>wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> On Wed, Sep 7, 2011 at 12:46 AM, Thilina Buddhika
>>>>>> <[email protected]>wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Sep 7, 2011 at 12:43 AM, Thilina Buddhika <[email protected]
>>>>>>> > wrote:
>>>>>>>
>>>>>>>> Hi Senaka,
>>>>>>>>
>>>>>>>> I have to agree with Prabath. We already have a configuration
>>>>>>>> similar to the following in the authenticators.xml file inside
>>>>>>>> conf/advanced.
>>>>>>>>
>>>>>>>> <Authenticators xmlns="
>>>>>>>> http://wso2.org/projects/carbon/authenticators.xml";>
>>>>>>>>
>>>>>>>> <!-- Authenticator Configurations for TokenUIAuthenticator -->
>>>>>>>> <Authenticator name="TokenUIAuthenticator" disabled="true">
>>>>>>>> <Priority>5</Priority>
>>>>>>>> </Authenticator>
>>>>>>>>
>>>>>>>> .....
>>>>>>>>
>>>>>>>> </Authenticators>
>>>>>>>>
>>>>>>>> So having defined the same element Authenticator in the carbon.xml
>>>>>>>> for a different reason may confuse the user.
>>>>>>>>
>>>>>>>> AFAIK, this is used when some Carbon code is acting as a client to
>>>>>>>> access a remote resource. In the configurations you have shared, you
>>>>>>>> are
>>>>>>>> passing a set of configurations to the authenticators, not the
>>>>>>>> information
>>>>>>>> about authenticator itself. So how about using something like
>>>>>>>> ClientAuthenticationConfiguration instead of Authenticator ?
>>>>>>>>
>>>>>>>
>>>>>>> s/ClientAuthenticationConfiguration/AuthenticationConfiguration
>>>>>>>
>>>>>>
>>>>>> Actually, this is used to construct an extension of
>>>>>> java.net.Authenticator, [1] for carbon. But, these are actually
>>>>>> credentials,
>>>>>> so may be we can use the name you suggest. But, I have a better plan, how
>>>>>> about adding the following to authenticators.xml?
>>>>>>
>>>>>> <!-- Authenticator Configurations for java.net.Authenticator -->
>>>>>> <Authenticator name="JavaNetworkAuthenticator">
>>>>>> <Credential>
>>>>>> <!--
>>>>>> the pattern that would match a subset of URLs for
>>>>>> which this credential
>>>>>>
>>>>>> would be used
>>>>>> -->
>>>>>> <Pattern>.*</Pattern>
>>>>>> <!--
>>>>>> the type of the network connection. Allowed values
>>>>>> are:
>>>>>>
>>>>>> 1. server
>>>>>> 2. proxy
>>>>>> -->
>>>>>> <Type>server</Type>
>>>>>> <!-- the username used to log in to server/proxy -->
>>>>>> <Username>name</Username>
>>>>>> <!-- the password used to log in to server/proxy -->
>>>>>> <Password>password</Password>
>>>>>> </Credential>
>>>>>> <Credential>
>>>>>> <!--
>>>>>> the pattern that would match a subset of URLs for
>>>>>> which this credential
>>>>>>
>>>>>> would be used
>>>>>> -->
>>>>>> <Pattern>.*</Pattern>
>>>>>> <!--
>>>>>> the type of the network connection. Allowed values
>>>>>> are:
>>>>>>
>>>>>> 1. server
>>>>>> 2. proxy
>>>>>> -->
>>>>>> <Type>proxy</Type>
>>>>>> <!-- the username used to log in to server/proxy -->
>>>>>> <Username>name</Username>
>>>>>> <!-- the password used to log in to server/proxy -->
>>>>>> <Password>password</Password>
>>>>>> </Credential>
>>>>>> </Authenticator>
>>>>>>
>>>>>> [1]
>>>>>> http://download.oracle.com/javase/1.5.0/docs/api/java/net/Authenticator.html
>>>>>>
>>>>>> Thanks,
>>>>>> Senaka.
>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Thilina
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Thilina
>>>>>>>>
>>>>>>>> On Tue, Sep 6, 2011 at 11:58 AM, Senaka Fernando
>>>>>>>> <[email protected]>wrote:
>>>>>>>>
>>>>>>>>> Hi Prabath,
>>>>>>>>>
>>>>>>>>> On Tue, Sep 6, 2011 at 7:56 AM, Prabath Siriwardena <
>>>>>>>>> [email protected]> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Senaka,
>>>>>>>>>>
>>>>>>>>>> On Tue, Sep 6, 2011 at 1:47 AM, Senaka Fernando <[email protected]>
>>>>>>>>>> wrote:
>>>>>>>>>> > I've given this the name because this is standard Java
>>>>>>>>>> terminology. What we
>>>>>>>>>> > are implementing is an extension of java.net.Authenticator.
>>>>>>>>>> Giving this some
>>>>>>>>>> > other name would confuse somebody. Also having said that,
>>>>>>>>>> Authenticator in
>>>>>>>>>> > the java world is something that provides credentials for
>>>>>>>>>> authentication.
>>>>>>>>>> > But the CarbonAuthenticator IIRC is not doing quite that, making
>>>>>>>>>> the latter
>>>>>>>>>> > inconsistent. But, since we have been having it for a while, I'm
>>>>>>>>>> not sure
>>>>>>>>>> > what's the correct choice here. Anyway, giving this some other
>>>>>>>>>> name does not
>>>>>>>>>> > sound the correct thing to do.
>>>>>>>>>>
>>>>>>>>>> Even carbon authenticators take different type of credentials...
>>>>>>>>>> and
>>>>>>>>>> this seems more like a proxy proxy configuration..
>>>>>>>>>>
>>>>>>>>>> This is the configuration [1] already used for axis2.
>>>>>>>>>>
>>>>>>>>>> <parameter name="PROXY"
>>>>>>>>>> proxy_host="proxy_host_name"
>>>>>>>>>> proxy_port="proxy_host_port"
>>>>>>>>>> locked="true>userName:domain:passWord</parameter>
>>>>>>>>>>
>>>>>>>>>> >
>>>>>>>>>> > According to my understanding, with regard to proxy
>>>>>>>>>> configuration in Axis2,
>>>>>>>>>> > that's only if the server is fronted by a proxy while lies
>>>>>>>>>> between client
>>>>>>>>>> > and server (ex:- Apache2 mod_proxy). This fix is to allow the
>>>>>>>>>> server to
>>>>>>>>>> > access resources that lie behind multiple proxies (ex:- to
>>>>>>>>>> access WSDL
>>>>>>>>>> > behind URL 1 you need proxy settings 1, and to access WSDL
>>>>>>>>>> behind URL 2 you
>>>>>>>>>> > need proxy settings 2). So, what you have in Axis2 is
>>>>>>>>>> client-oriented (i.e.
>>>>>>>>>> > for fixing WSDL URLs appropriately and all), and what we have
>>>>>>>>>> introduced in
>>>>>>>>>> > here is server-oriented.
>>>>>>>>>>
>>>>>>>>>> IIUC in your scenario Carbon server is trying to access a resource
>>>>>>>>>> behind a proxy and you need to authenticate to the proxy..
>>>>>>>>>> Shouldn't
>>>>>>>>>> this the same at the axis2 client end.. but this doesn't have
>>>>>>>>>> multiple
>>>>>>>>>> proxy support as you mentioned. In either case shouldn't this
>>>>>>>>>> something to be in axis2.xml..? [not in carbon.xml]
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> This is not a transport-level thing that applies only to
>>>>>>>>> webservices. Axis2 is a webservices engine and this goes beyond that.
>>>>>>>>> For
>>>>>>>>> example, new URL("foo") call inside Java code, or accessing some
>>>>>>>>> resource
>>>>>>>>> through a web application is covered by this implementation. Also,
>>>>>>>>> this is
>>>>>>>>> not only for a proxy, but you can use it to access resources stored
>>>>>>>>> on a
>>>>>>>>> webserver that requires Basic, Digest, NTLM or SPNEGO authentication.
>>>>>>>>> If we
>>>>>>>>> introduce this into Axis2, it would be doing something additional
>>>>>>>>> (i.e.
>>>>>>>>> beyond its scope). What Axis2 has right now is sufficient for its
>>>>>>>>> use-cases,
>>>>>>>>> and this is something beyond that.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Senaka.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Thanks & regards,
>>>>>>>>>> -Prabath
>>>>>>>>>>
>>>>>>>>>> [1]: http://wso2.org/library/161
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Carbon-dev mailing list
>>>>>>>>>> [email protected]
>>>>>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> *Senaka Fernando*
>>>>>>>>> Product Manager - WSO2 Governance Registry;
>>>>>>>>> Associate Technical Lead; WSO2 Inc.; http://wso2.com*
>>>>>>>>> Member; Apache Software Foundation; http://apache.org
>>>>>>>>>
>>>>>>>>> E-mail: senaka AT wso2.com
>>>>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
>>>>>>>>> Linked-In: http://linkedin.com/in/senakafernando
>>>>>>>>>
>>>>>>>>> *Lean . Enterprise . Middleware
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Carbon-dev mailing list
>>>>>>>>> [email protected]
>>>>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Thilina Buddhika
>>>>>>>>
>>>>>>>> Associate Technical Lead
>>>>>>>> WSO2 Inc. ; http://wso2.com
>>>>>>>> lean . enterprise . middleware
>>>>>>>>
>>>>>>>> phone : +94 77 44 88 727
>>>>>>>> blog : http://blog.thilinamb.com
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Thilina Buddhika
>>>>>>> Associate Technical Lead
>>>>>>> WSO2 Inc. ; http://wso2.com
>>>>>>> lean . enterprise . middleware
>>>>>>>
>>>>>>> phone : +94 77 44 88 727
>>>>>>> blog : http://blog.thilinamb.com
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Carbon-dev mailing list
>>>>>>> [email protected]
>>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Senaka Fernando*
>>>>>> Product Manager - WSO2 Governance Registry;
>>>>>> Associate Technical Lead; WSO2 Inc.; http://wso2.com*
>>>>>> Member; Apache Software Foundation; http://apache.org
>>>>>>
>>>>>> E-mail: senaka AT wso2.com
>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
>>>>>> Linked-In: http://linkedin.com/in/senakafernando
>>>>>>
>>>>>> *Lean . Enterprise . Middleware
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Architecture mailing list
>>>>>> [email protected]
>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Thilina Buddhika
>>>>> Associate Technical Lead
>>>>> WSO2 Inc. ; http://wso2.com
>>>>> lean . enterprise . middleware
>>>>>
>>>>> phone : +94 77 44 88 727
>>>>> blog : http://blog.thilinamb.com
>>>>>
>>>>> _______________________________________________
>>>>> Architecture mailing list
>>>>> [email protected]
>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Senaka Fernando*
>>>> Product Manager - WSO2 Governance Registry;
>>>> Associate Technical Lead; WSO2 Inc.; http://wso2.com*
>>>> Member; Apache Software Foundation; http://apache.org
>>>>
>>>> E-mail: senaka AT wso2.com
>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
>>>> Linked-In: http://linkedin.com/in/senakafernando
>>>>
>>>> *Lean . Enterprise . Middleware
>>>>
>>>>
>>>> _______________________________________________
>>>> Carbon-dev mailing list
>>>> [email protected]
>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Thilina Buddhika
>>> Associate Technical Lead
>>> WSO2 Inc. ; http://wso2.com
>>> lean . enterprise . middleware
>>>
>>> phone : +94 77 44 88 727
>>> blog : http://blog.thilinamb.com
>>>
>>> _______________________________________________
>>> Architecture mailing list
>>> [email protected]
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> *Senaka Fernando*
>> Product Manager - WSO2 Governance Registry;
>> Associate Technical Lead; WSO2 Inc.; http://wso2.com*
>> Member; Apache Software Foundation; http://apache.org
>>
>> E-mail: senaka AT wso2.com
>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
>> Linked-In: http://linkedin.com/in/senakafernando
>>
>> *Lean . Enterprise . Middleware
>>
>>
>
>
> --
> *Senaka Fernando*
> Product Manager - WSO2 Governance Registry;
> Associate Technical Lead; WSO2 Inc.; http://wso2.com*
> Member; Apache Software Foundation; http://apache.org
>
> E-mail: senaka AT wso2.com
> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
> Linked-In: http://linkedin.com/in/senakafernando
>
> *Lean . Enterprise . Middleware
>
>
--
*Senaka Fernando*
Product Manager - WSO2 Governance Registry;
Associate Technical Lead; WSO2 Inc.; http://wso2.com*
Member; Apache Software Foundation; http://apache.org
E-mail: senaka AT wso2.com
**P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
Linked-In: http://linkedin.com/in/senakafernando
*Lean . Enterprise . Middleware
_______________________________________________
Carbon-dev mailing list
[email protected]
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
