HTTP Basic Authentication is unusable
-------------------------------------
Key: XMLRPC-65
URL: http://issues.apache.org/jira/browse/XMLRPC-65
Project: XML-RPC
Type: Bug
Components: Releases, Source
Versions: 2.0
Reporter: Oded Arbel
XmlRpcClient support for HTTP Basic Authentication is unusable.
Apparently while calling XmlRpcClient.setBasicAuthentication() still works, it
is deprecated and there is no simple alternative to use.
The only other option is to create a DefaultXmlRpcTransportFactory, calling
setBasicAuthentication() on it, and the passing it in the constructor to
XmlRpcClient. this is bad for two reasons:
1) the URL has to be specified twice - once in the c'tor of the factory and
once in the c'tor of the client.
2) It doesn't work - DefaultXmlRpcTransportFactory is broken and when using
non-SSL connections, it does not initialize created transports with the basic
authentication information (one reason is probably that the transport's c'tor
that takes encoded basic auth is deprecated and as the factory saves auth
information encoded, it has no way of providing it to the transport).
Currently the only way I can make it work is to subclass
DefaultXmlRpcTransportFactory and implement my own createTransport() call that
calls setBasicAuthentication() on the created transport using externally stored
auth info. This is undocumented and incredibly clanky.
Possible Solutions:
a) undeprecate XmlRpcClient.setBasicAuthentication().
I don't see any reason not to let it work by doing what it currently does when
no factory is supplied. If the user has supplied a factory then either
XmlRpcClient can call setBasicAuthentication() on the factory or createed
transport with the stored credentials (unlike factory, client stores the
unencoded credentials), or it can just do what it currently does in that case
(i.e. nothing) and assume that the provided factory knows how to
setBasicAuthentication() properly
b) Fix DefaultXmlRpcTransportFactory by storing the unencoded credentials and
calling setBasicAuthentination() on the created transport before returning it.
c) undeprecate the XmlRpcTransport c'tor that takes encoded auth info and let
DefaultXmlRpcTransportFactory use that to construct transports.
Also, either a+b or a+c can be implemented.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
