Kalnichevski, Oleg wrote:
While going through the Odi's latest patch, I got hit by an idea. Why on earth do we differentiate between proxy and host credentials? At the end of the day do we care? The distinction between proxies and target hosts is not relevant from the HttpState standpoint as long as credentials can be uniquely identified by realm/host/port. All we need to ability to differentiate credentials by authentication realm, host AND port. I think we would make API much simpler and authentication code much cleaner by deprecating HttpState#get/setProxyCredentials stuff for good.
I thought the same when making the patch. But I am not sure either if we should just treat them the same. Imagine a webserver and a proxy running on the same machine (different ports of course). They are completely different services and as such have different name spaces for their realms. So I thought it's right to treat them separately. But I may be too over-careful.
It's very unlikely for real-world applications to run into problems if we decide to mix the two name spaces. But it's just cleaner (in terms of following the standards) to leave it as it is, even though it makes a small overhead in code. BTW that code-overhead has just been reduced by my patch and has been transformed into a memory overhead :-)
Odi
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
