[Bug 25430] Recording Controller to populate HTTP Authorisation Mgr

Wed, 05 Nov 2014 03:14:13 -0800 

https://issues.apache.org/bugzilla/show_bug.cgi?id=25430

--- Comment #5 from Dzmitry Kashlach <[email protected]> ---
Created attachment 32190
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=32190&action=edit
bug_25430_1.patch

> getAuthorization should be named differently as it in fact removes from 
> Headers the one named HTTPConstants.HEADER_AUTHORIZATION) once it has handled 
> the creation of Auth Manager. 

It extracts Authentication header from subconfigs and constructs Authentication
object for further adding to Authentication Manager. Removing header is
side-effect, not the main sense of this method. May be, it worth breaking it
into two methods, but I have no clear idea about it.

> AFAIU You code makes hypothesis that Authorization is Basic while it can be 
> Digest. So you need to adapt code to handle this case, it would make it even 
> smarter :-)

Yes, agree. How about such code?
authorization.setMechanism(authType.equals("Basic")|authType.equals("Digest")?
                                AuthManager.Mechanism.BASIC_DIGEST:
                                AuthManager.Mechanism.KERBEROS);

> In AuthManager#addAuth , can you explain what removeMatchingAuthorizations 
> exactly does
It iterates over Authorization objects in Authorization Manager and remove
Authorization, which has the same fields as auth. I took this approach from
Cookie Manager. I’ve reviewed this part and made changes. Now authentication
object added only in case, if there is no the same one in manager.

public void addAuth(Authorization newAuthorization) {
        boolean alreadyExists=false;
        PropertyIterator iter = getAuthObjects().iterator();
        while (iter.hasNext()) {
            Authorization authorization = (Authorization)
iter.next().getObjectValue();
            if (authorization == null) {
                continue;
            }
            if (match(authorization,newAuthorization)) {
                if (log.isDebugEnabled()) {
                    log.debug("Found the same Authorization object = " +
newAuthorization.toString());
                }
                alreadyExists=true;
            }
        }
        if(!alreadyExists){
            getAuthObjects().addItem(newAuthorization);
        }
    }

Also added more comments to patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to