[ http://issues.apache.org/jira/browse/XMLRPC-65?page=all ]
Jochen Wiedmann closed XMLRPC-65:
---------------------------------
Resolution: Won't Fix
The method is deprecated, because specifying the credentials is transport
specific and XmlRpcClient.setBasicAuthentication binds you to the sun
transport. I have added an FAQ entry, which shows the recommended way to
specify credentials.
> HTTP Basic Authentication is unusable
> -------------------------------------
>
> Key: XMLRPC-65
> URL: http://issues.apache.org/jira/browse/XMLRPC-65
> Project: XML-RPC
> Type: Bug
> Components: Releases, Source
> Versions: 2.0
> Reporter: Oded Arbel
>
> XmlRpcClient support for HTTP Basic Authentication is unusable.
> Apparently while calling XmlRpcClient.setBasicAuthentication() still works,
> it is deprecated and there is no simple alternative to use.
> The only other option is to create a DefaultXmlRpcTransportFactory, calling
> setBasicAuthentication() on it, and the passing it in the constructor to
> XmlRpcClient. this is bad for two reasons:
> 1) the URL has to be specified twice - once in the c'tor of the factory and
> once in the c'tor of the client.
> 2) It doesn't work - DefaultXmlRpcTransportFactory is broken and when using
> non-SSL connections, it does not initialize created transports with the basic
> authentication information (one reason is probably that the transport's c'tor
> that takes encoded basic auth is deprecated and as the factory saves auth
> information encoded, it has no way of providing it to the transport).
> Currently the only way I can make it work is to subclass
> DefaultXmlRpcTransportFactory and implement my own createTransport() call
> that calls setBasicAuthentication() on the created transport using externally
> stored auth info. This is undocumented and incredibly clanky.
> Possible Solutions:
> a) undeprecate XmlRpcClient.setBasicAuthentication().
> I don't see any reason not to let it work by doing what it currently does
> when no factory is supplied. If the user has supplied a factory then either
> XmlRpcClient can call setBasicAuthentication() on the factory or createed
> transport with the stored credentials (unlike factory, client stores the
> unencoded credentials), or it can just do what it currently does in that case
> (i.e. nothing) and assume that the provided factory knows how to
> setBasicAuthentication() properly
> b) Fix DefaultXmlRpcTransportFactory by storing the unencoded credentials and
> calling setBasicAuthentination() on the created transport before returning it.
> c) undeprecate the XmlRpcTransport c'tor that takes encoded auth info and let
> DefaultXmlRpcTransportFactory use that to construct transports.
> Also, either a+b or a+c can be implemented.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
