Re: Authentication in XMLRPC 3

Tue, 21 Feb 2006 13:44:33 -0800 

Hi,

it seems I missed this a little bit. Basic authentication is prepared,
but while I think about it, it isn't so easy as I thought.

I have added some methods to the PropertyHandlerMapping. You'll find
them in the SVN version soon. Additionally I have prepared the following
section for the docs, which wou'll find online in the next days and
which hopefully will provide you with the necessary details.

Jochen


Basic Authentication

  Basic authentication is frequently used to authenticate and authorize
  users. Within Apache XML-RPC, basic authentication is done by the
  {{{apidocs/org/apache/xmlrpc/XmlRpcHandler.html}XmlRpcHandler}}.
  The handler receives an instance of
  {{{apidocs/org/apache/xmlrpc/XmlRpcRequest.html}XmlRpcRequest}}. This
  object has a method <<<getConfig()>>>, which returns an instance of

{{{apidocs/org/apache/xmlrpc/XmlRpcRequestConfig.html}XmlRpcRequestConfig}}.

  If you are running within a HTTP server, then the request configuration
  may be casted to an instance of

{{{apidocs/org/apache/xmlrpc/common/XmlRpcHttpRequestConfig.html}XmlRpcHttpRequestConfig}}.
  This object has methods <<<getBasicUserName()>>>, and
<<<getBasicPassword()>>>,
  which provide the necessary details.

  In other words: Your task is to provide your own instance of

{{{apidocs/org/apache/xmlrpc/server/XmlRpcHandlerMapping.html}XmlRpcHandlerMapping}},
  which creates your own handlers. And your own handlers are responsible to
  validate the basic authentication details.

  Here's an example servlet, which overrides the default

{{{apidocs/org/apache/xmlrpc/server/PropertyHandlerMapping.html}PropertyHandlerMapping}}.
-----------------------------------------------------------------------------------
  public class MyServlet extends PropertyHandlerMapping {
          private boolean isAuthenticated(String pUserName, String pPassword) {
              return "foo".equals(pUserName) && "bar".equals(pPassword);
          }
          protected XmlRpcHandlerMapping newXmlRpcHandlerMapping() throws
XmlRpcException {
              PropertyHandlerMapping mapping
                  = (PropertyHandlerMapping) super.newXmlRpcHandlerMapping();
              PropertyHandlerMapping.AuthenticationHandler handler =
                  new PropertyHandlerMapping.AuthenticationHandler(){
                          public boolean isAuthorized(XmlRpcRequest pRequest){
                              XmlRpcHttpRequestConfig config =
                                  (XmlRpcHttpRequestConfig) 
pRequest.getConfig();
                              return isAuthenticated(config.getBasicUserName(),
                                  config.getBasicPassword());
                          };
                  };
              mapping.setAuthenticationHandler(handler);
              return mapping;
          }
  }
-----------------------------------------------------------------------------------

Reply via email to