I am trying to use custom authentication with the Slide library, which itself relies on the httpclient library (I am using the latest 3.x release candidate to use the newer authentication APIs). Suffice it to say I must supply a custom opaque string in the Authorization HTTP header. I have run into some problems. Here's what I did:
* I implemented a custom AuthScheme and I register it in AuthPolicy.registerAuthScheme
* My authentication type is more or less orthogonol to the application protocol, so I created a CredentialsProvider which can obtain my opaque credentials, so I don't have to pollute application code with local customizations.
I have tried these steps both on an instance of HttpClient, and also with the DefaultParams* singletons:
* I insert my authscheme name as the FIRST item in the priority list of authschemes
* I register my credentials provider
There are two problems I have found, one in http client, one in Slide. First, it seems that CredentialsProvider ONLY is called upon a challenge from the server (HttpMethodDirector, 'promptForCredentials'), and never pre-emptively, even if I setAuthenticationPreemptive(true). My expectation would be that if I set preemptive authentication than my registered CredentialsProvider should be called prior to the request being made. Our custom auth doesn't use an HTTP challenge, so the creds are required to be there to begin with.
In addition, it seems that the HTTP Method implementations of Slide use a default AuthState (in HttpMethodBase). Apparently it uses BASIC auth as the default scheme, and does not pick up the global defaults (I tried registering my parameters on the DefaultParams* singleton after discovering this, to see if they would be picked up, but they are not).
I think the first quick fix is to update HttpMethodDirector so it uses CredentialsProvider preemptively (if one is defined, and setAuthenticationPreemptive is set).
I'm not sure how to handle the second problem because I am not thoroughly familiar with the design decisions and abstractions behind HttpClient and expected usage. I would think either the Slide WebdavResource should expose the HttpClient with the real AuthState it will use (I know I can get HttpClient through WebdavSession.getSessionInstance... but it appears the default AuthState in the Method "overrides" anything I set), or have the default authstate inherit global defaults (perhaps lazily).
Thanks for any feedback, clarifications, or advice,
Aaron Hamid CIT/ATA Cornell University
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
