[jira] Updated: (COCOON3-35) Support access to URLs that require authentication.

Thu, 30 Apr 2009 04:45:04 -0700 

     [ 
https://issues.apache.org/jira/browse/COCOON3-35?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Steven Dolg updated COCOON3-35:
-------------------------------

    Attachment: authentication.patch

I have created a small patch that demonstrates how authentication could be 
integrated into our PipelineComponents (without changing much).

To supply a user and password you have to use the format
    <protocol>://<user>:<password>@<host>:<port>/<url-path>

(See http://tools.ietf.org/html/rfc1738#section-3.1 for details).

Using this for all components basically means changing how the URLConnection is 
obtained.
Not a very interesting task, but easily done.


However there is a downside to this:
Using the sun.misc.BASE64Encoder is potentially dangerous (changes in the API, 
etc.) and will probably not work with JREs from other vendors.
But there is also the "Pipeline does not have external dependencies" policy 
which would be nice to keep up.
Maybe we can introduce an optional dependency for that (like commons-codec).


There is also the java.net.Authenticator, which can basically provide the same 
functionality (without a dependency to sun... classes), however in my tests it 
did not work with redirects.

Maybe someone else has some opinions/experience with that...

> Support access to URLs that require authentication.
> ---------------------------------------------------
>
>                 Key: COCOON3-35
>                 URL: https://issues.apache.org/jira/browse/COCOON3-35
>             Project: Cocoon 3
>          Issue Type: New Feature
>          Components: cocoon-sax, cocoon-stax, cocoon-stringtemplate
>    Affects Versions: 3.0.0-alpha-1
>            Reporter: Steven Dolg
>            Assignee: Cocoon Developers Team
>            Priority: Minor
>             Fix For: 3.0.0-alpha-2
>
>         Attachments: authentication.patch
>
>
> Currently our pipeline components cannot access URLs that require 
> authentication.
> While it is possible to create specialized versions of each component and add 
> authentication there, it shouldn't be too difficult to support this feature 
> in every pipeline component we currently have.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to