DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18355>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18355 HttpState cannot differentiate credentials for different hosts with same Realm names ------- Additional Comments From [EMAIL PROTECTED] 2003-03-31 19:03 ------- Adrian I have already started working on this bug. However, if you feel like taking the lead, just let me know. Credentials matching algorithm is exactly the sticking point. I have been thinking whether we should make an assumption of an authentication realm being related to just one host or should we assume that it could span across several hosts in a domain? For instance, should myhost.mydomain.com match .mydomain.com when picking credentials for an authentication realm? Let me know what is your take on this. Here's how I see the search order: <code>null</code> host should match any host. <code>null</code> realm should match any realm. We start searching by trying to find an exact match '[EMAIL PROTECTED]'. If that yields no results, '[EMAIL PROTECTED]' should be tried next, followed by '[EMAIL PROTECTED]' if unsuccessful. If none of this results in a match, default credentials '[EMAIL PROTECTED]' should be used. It's not the most elegant or intuitive scheme, but it is the only one I can think of which would allow us to stay backward-compatible. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
