[
https://issues.apache.org/jira/browse/CXF-3216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christian Schneider updated CXF-3216:
-------------------------------------
Attachment: CXF-3216-1.patch
I have now refactored the authentication of the http transport so the basic
auth is now supported by DefaultBasicAuthSupplier. Spnego is now also
supported using a SpnegoAuthSupplier.
Basic, Digest and Spnego / Kerberos auth can now be configured by simply
setting the AuthType in the AuthorizationPolicy. The HttpConduit then creates a
HttpAuthSupplier on the fly if none is configured explicitly. Still an
AuthoriationPolicy on the message overrides the AuthorizationPolicy on the
Conduit.
I have also added a system test for DigestAuthSupplier as I changed the code
and wanted to make sure it really works against a jetty insstance.
There are some possible compatibility issues with my patch:
- The first thing is that the HttpAuthSupplier is cached so it is created only
once. If you later change the Authtype the supplier will stay the same. This
can be solved by deleting the authSupplier so it is recreated.
- The HttpAuthsupplier now overrides the AuthorizationPolicy on the message.
Before the AuthorizationPolicy on the message would override the AuthSupplier.
I donĀ“t think anyone really would use this
- If the message content is to be cached is now only determined by calling the
requiresRequestCaching method on the authsupplier. Before the authSupplier was
also asked for premptiveAuthentication. If this did not return null the message
was also cached. I think this is not necessary as the authsupplier can still
decide if caching is needed.
- Currently you can set authType and authorization on the authorizationPolicy.
This is then used to directly create the authorization header. This is used by
the old spnego interceptor I added recently. I removed this feature as it is
only really usable in an interceptor and it can be done better by creating a
custom authSupplier
Additionally I would like to remove the feature of setting an
AuthorizationPolicy on the message. This would allow us to make the
authsuppliers independent of conduit and message in the future.
I also would like to introduce an authSupplier for proxy auth and handling of
407 responses so we can support multi phase authentications with a proxy.
> Refactor http authentication to make it more flexible and simpler
> -----------------------------------------------------------------
>
> Key: CXF-3216
> URL: https://issues.apache.org/jira/browse/CXF-3216
> Project: CXF
> Issue Type: Improvement
> Components: Transports
> Affects Versions: 2.3.1
> Reporter: Christian Schneider
> Assignee: Christian Schneider
> Attachments: CXF-3216-1.patch
>
>
> The http authentication should be completely based on authSupplier. The
> HttpConduit should simply delegate to it.
> We should also remove some of the other auth config options besides
> authorizationPolicy on conduit.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
