-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Oleg Kalnichevski wrote:
> On Wed, 2006-09-13 at 16:26 +0530, Saminda Abeyruwan wrote:
> Oleg Kalnichevski wrote:
>>>> On Wed, 2006-09-13 at 10:08 +0530, Saminda Abeyruwan wrote:
>>>> Hi Devs,
>>>>
>>>> I'm Saminda Abeyruwan, Axis2 committer, design and contributed to the
>>>> http/https transport in Axis2. In the process I've been able to
>>>> contribute to Basic and NTLM Auth based on the sample you guys have put
>>>> on the site. But we do (Axis2) handle Basic and NTLM separately. Thus,
>>>> we configure httpclient manually to do basic or NTLM auth. IMHO This is
>>>> wrong. I've been found that this switch is automatically handled by
>>>> commons-httpclient-3.0.
>>>>
>>>> I would kindly asked, how could i write a codebase to support auth
>>>> without knowing what auth mechanism commons-httpclient uses. I tried
>>>> mayer times to grasp this idea and did some research. But i still need
>>>> some help. Commons-httpclient is a powerful tool, and Axis2 really want
>>>> to explore its capacity.
>>>>
>>>>
>>>>> Hi Saminda,
>>>>> HttpClient is designed to automatically select an authentication scheme
>>>>> based on the challenge returned by the target server. It is always the
>>>>> server side of HTTP that determines what kind of authentication
>>>>> mechanism should be used. In those cases when the target server supports
>>>>> multiple authentication schemes HttpClient makes an effort to select the
>>>>> most secure one. The default auth scheme order of preference is NTLM,
>>>>> Digest, Basic. In other words per default HttpClient will always pick
>>>>> NTLM over Basic given a choice. One can set a different order of
>>>>> preference if so is desired. For instance, if you want to make sure
>>>>> HttpClient does not use Basic auth at all, just exclude Basic from the
>>>>> order of preference.
>>>>> If you need more details, just let me know.
>>>>> Hope this helps somewhat.
>>>>> Oleg
> Hi Oleg,
>
> Thank you for the quick response. Based on the
> InteractiveAuthenticationExample sample, I've written my own credential
> provider to provide either UsernamePasswordCredentials or NTCredentials.
>
> What would be the based way to set the AuthScop, and where should I set
> it, if I'm using the following.
> ....
> HttpClient client = new HttpClient();
> client.getParams().setParameter(
> CredentialsProvider.PROVIDER, new MyCredentialProvider());
> GetMethod httpget = new GetMethod("http://foo.com";);
> httpget.setDoAuthentication(true);
> try {
> // execute the GET
> int status = client.executeMethod(httpget);
> // print the status and response
> System.out.println(httpget.getStatusLine().toString());
> System.out.println(httpget.getResponseBodyAsString());
> } finally {
> // release any connection resources used by the method
> httpget.releaseConnection();
> }
> ....
>
> Thank you
>
> Saminda
>
>
>> Saminda,
>
>> You no longer have to specify an auth scope when using a custom
>> credentials provider. HttpClient will automatically add credentials to
>> the HttpState based on the authentication context.
>
>> Be _EXTRA_ careful when implementing a custom credentials provider,
>> though. HttpClient makes no provisions to check whether the same
>> credentials have been tried already. It is a responsibility of the
>> custom credentials provider to keep track of authentication attempts and
>> to ensure that credentials known to be invalid are not retried. Do make
>> sure that your credentials provider can gracefully handle invalid
>> credentials.
>
>> I would go as far as advise against using CredentialProvider interface
>> unless you are not trying to implement an interactive authentication
>> dialog of some sort.
>
>> Oleg
Hi Oleg
Thank you very much for the response.
My custom credential provider is as follows,
===========================================================================
import org.apache.commons.httpclient.auth.*;
import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.NTCredentials;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.io.IOException;
/*
*
*/
public class HTTPCredentialProvider implements CredentialsProvider {
private static Log log =
LogFactory.getLog(HTTPCredentialProvider.class);
private String host;
private String realm;
private String username;
private String password;
public HTTPCredentialProvider(String host, String realm, String
username, String password) {
this.host = host;
this.realm = realm;
this.username = username;
this.password = password;
}
public Credentials getCredentials(AuthScheme authscheme, String
string, int i, boolean b)
throws CredentialsNotAvailableException {
if (authscheme == null) {
return null;
}
try {
if (authscheme instanceof NTLMScheme) {
log.debug("NTLM Authentication authentication");
if (username == null || password == null || host == null
|| realm == null) {
throw new CredentialsNotAvailableException(
"user or password or host or realm cannot be
Null");
}
return new NTCredentials(username, password, host, realm);
} else if (authscheme instanceof RFC2617Scheme) {
log.debug(host + " : " + " requires authentication with
the realm '"
+ authscheme.getRealm() + "'");
return new UsernamePasswordCredentials(username, password);
} else {
throw new CredentialsNotAvailableException("Unsupported
authentication scheme: " +
authscheme.getSchemeName());
}
} catch (IOException e) {
throw new CredentialsNotAvailableException(e.getMessage(), e);
}
}
}
==========================================================================
Axis2 just need to work with NTLM, Digest and Basic Auth. Would the
above custom credential class satisfy the necessary requirement as you
mentioned. Is there any improvement i should do.
Clients of Axis2, just say "Turn on Auth", and set host,..etc, where
they set to HTTPCredentialProvider internally and httpclient magically
do the auth. Is this the correct way to handle this situation.
Saminda
>
>>>>
>>>> Please do help me on this.
>>>>
>>>> Looking forward to hearing from you.
>>>>
>>>> Saminda
>>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>>
- ---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFCA1DYmklbLuW6wYRAhslAJ933HFsDmBHh/85h1H/Tui/+Qb9zwCgtZ4C
3W1ENt4dXTEHuRx7x+kRUT0=
=od2a
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
