[
http://issues.apache.org/jira/browse/XMLRPC-102?page=comments#action_12427959 ]
Dave Pederson commented on XMLRPC-102:
--------------------------------------
I have found that the issue in question occurs in the
HttpUtils.parseAuthorization method. The problem is that it never parses the
encoded information which needs to be set in the configuration object passed.
I have found a work-around if anyone is interested (you basically implement
your own parseAuthorization method):
Create two sub-classes. One that extends XmlRpcHttpRequestConfigImpl and
another that extends XmlRpcServlet. Here an example of a class that extends
XmlRpcHttpRequestConfigImpl:
import javax.servlet.http.HttpServletRequest;
import org.apache.ws.commons.util.Base64;
import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
public class MyHttpRqstConfig extends XmlRpcHttpRequestConfigImpl
{
public MyHttpRqstConfig(HttpServletRequest request)
{
setConfig(request);
}
private void setConfig(HttpServletRequest request)
{
parseAuthorization(request.getHeader("Authorization"));
}
private void parseAuthorization(String encoded)
{
if (encoded == null)
{
return;
}
int index = encoded.indexOf(' ');
if (index < 0)
{
return;
}
index++;
String auth = encoded.substring(index, encoded.length());
try
{
byte[] decoded = Base64.decode(auth.toCharArray(), 0,
auth.length());
String str = new String(decoded);
int col = str.indexOf(':');
if (col >= 0)
{
String username = str.substring(0, col);
super.setBasicUserName(username);
String password = str.substring(col+1);
super.setBasicPassword(password);
}
}
catch (Throwable ignore) {}
}
}
Then, override the following method in your servlet implementation:
protected XmlRpcServletServer newXmlRpcServer(ServletConfig pConfig) throws
XmlRpcException
{
return new XmlRpcServletServer()
{
protected XmlRpcHttpRequestConfigImpl newConfig(HttpServletRequest
request)
{
return new MyHttpRqstConfig(request);
}
};
}
Now you can access the username and password from your AuthenticationHandler
class
public boolean isAuthorized(XmlRpcRequest request)
{
MyHttpRqstConfig config = (MyHttpRqstConfig) request.getConfig();
return "foo".equals(config.getBasicUserName()) &&
"bar".equals(config.getBasicPassword());
}
I have tested the above concepts from running a custom XmlRpcServlet within the
ServletWebServer class and from within a Tomcat servlet container. Hope this
helps someone.
> Basic username and password don't get sent to the Servlet
> ---------------------------------------------------------
>
> Key: XMLRPC-102
> URL: http://issues.apache.org/jira/browse/XMLRPC-102
> Project: XML-RPC
> Issue Type: Bug
> Components: Source
> Affects Versions: 3.0rc1
> Environment: Tested issue on Ubutu Linux Dapper Drake x86 and OS X
> 10.4.7 on a MacBook Pro
> Reporter: Dave Pederson
> Priority: Minor
>
> Username and password authentication are not working with the WebServer
> class. An example is to extend PropertyHandlerMapping.AuthenticationHandler
> and implement (here is just an example) the following method:
> public boolean isAuthorized(XmlRpcRequest pRequest)
> {
> if (pRequest.getConfig() instanceof RequestData)
> {
> RequestData data = (RequestData) pRequest.getConfig();
> System.out.println("username = "+data.getBasicUserName());
> System.out.println("password = "+data.getBasicPassword());
> }
> }
> This class is then instantiated and set as the authentication handler in the
> WebServer's PropertyHandlerMapping when the WebServer is created and started.
> Then, on the client side, I set the username and password in the
> configuration as seen below:
> XmlRpcClientConfigImpl config = new XmlRpcClientConfigImpl();
> config.setServerUrl("http://127.0.0.1:8080/xmlrpc";);
> config.setBasicUserName("adst-test");
> config.setBasicPassword("[EMAIL PROTECTED]");
> XmlRpcClient client = new XmlRpcClient();
> client.setConfig(config);
> Object[] params = new Object[]{new Integer(1), new HashMap()};
> Map result = (Map) client.execute("AssignmentService.getAssignees", params);
> The remote method call executes successfully, however, the System.out
> statements always reveals the following on the server:
> username = null
> password = null
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
