Ray Krueger wrote:
Hey! Where's the HttpInvokerRequestExecutor for it!
:P
I'm making jokes (and no, I'm not gonna write it ha!)
Although I may write the Basic Auth CommonsHttpInvokerRequestExecutor
Unfortunately I just ran out of time - the unit tests took as long to
write as the actual implementation! Tomorrow I am working on anonymous
user support, remember-me, and (if time permits) config attribute
sensitive AuthenticationEntryPoints.
I did have developing additional user agents in mind when writing the
server-side implementation. I put a static method in
DigestProcessingFilter to correctly compute the digest from passed
arguments. There are also useful header string parsing methods in
net.sf.acegisecurity.util.StringSplitUtils. The primary challenge to
writing a Digest-aware HttpInvokerRequestExecutor will be figuring out
how to stop HttpInvoker aborting when a 401 is returned (a requirement
of the protocol to receive the nonce, realm etc), and passing the 401
response to the Digest implementation class so that it can prepare the
header and store the nonce, realm etc for future requests.
Cheers
Ben
---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer