[jira] Updated: (CXF-3216) Refactor http authentication to make it more flexible and simpler

Fri, 24 Dec 2010 02:15:14 -0800 

     [ 
https://issues.apache.org/jira/browse/CXF-3216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Christian Schneider updated CXF-3216:
-------------------------------------

    Attachment: CXF-3216-2.patch

- Replacing HttpConduit with AuthorizationPolicy in HttpAuthSupplier interface
  => This eliminates a circular dependency with HttpConduit and allows to reuse 
the interface for proxy auth
- removed realm parameter from HttpAuthSupplier
  => The parameter is not necessary as the realm can always be extracted from 
the full auth token
- Moving auth stuff into a package http.auth
  => As I change the interface and so loose backwards compatibility I also 
sorted the classes
- Add proxyAuthSupplier in Httpcondduit and use it for proxy auth like 
authSupplier for serve auth
  => This change makes proxy auth and server auth very similar. Currently there 
is no retransmit for 407 reponses but it can easily added now. All one step 
authentications should work with this change already
- Removed HttpBasicAuthSupplier
 => I hope this is ok. I doubt it was used frequently by customers anyway

After this patch practically all auth stuff is moved out of HttpConduit. The 
bad thing is that HttpAuthSupplier is changed in an incompatible way. Is that 
ok or do we have to first deprecate the interface?


> Refactor http authentication to make it more flexible and simpler
> -----------------------------------------------------------------
>
>                 Key: CXF-3216
>                 URL: https://issues.apache.org/jira/browse/CXF-3216
>             Project: CXF
>          Issue Type: Improvement
>          Components: Transports
>    Affects Versions: 2.3.1
>            Reporter: Christian Schneider
>            Assignee: Christian Schneider
>             Fix For: 2.4
>
>         Attachments: CXF-3216-1.patch, CXF-3216-2.patch
>
>
> The http authentication should be completely based on authSupplier. The 
> HttpConduit should simply delegate to it.
> We should also remove some of the other auth config options besides 
> authorizationPolicy on conduit.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to