axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Oneal (JIRA)" <j...@apache.org>
Subject [jira] Updated: (AXIS2C-1370) Axis should support libcurl's other auth types (not just basic)
Date Sat, 30 May 2009 20:13:07 GMT

     [ https://issues.apache.org/jira/browse/AXIS2C-1370?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aaron Oneal updated AXIS2C-1370:
--------------------------------

    Attachment:     (was: axis2c-1370.diff)

> Axis should support libcurl's other auth types (not just basic)
> ---------------------------------------------------------------
>
>                 Key: AXIS2C-1370
>                 URL: https://issues.apache.org/jira/browse/AXIS2C-1370
>             Project: Axis2-C
>          Issue Type: Improvement
>          Components: transport/http
>    Affects Versions: 1.6.0
>            Reporter: Aaron Oneal
>         Attachments: axis2c-1370.diff
>
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> Looking over axis2_libcurl_set_auth_options() I see it only allows basic auth.
> if (auth_type && 
>         0 == axutil_strcmp(auth_type, AXIS2_HTTP_AUTH_TYPE_BASIC))
>     {
>         curl_easy_setopt(handler, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
>     }
> else
>     {
>         /* Uses anonymous connection.*/
>     }
> If new schemes can be enabled as easily as mapping Axis options to Libcurl, this would
appear to be an easy fix. Other supported values to be mapped include:
> CURLAUTH_BASIC 
> HTTP Basic authentication. This is the default choice, and the only method that is in
wide-spread use and supported virtually everywhere. This is sending the user name and password
over the network in plain text, easily captured by others. 
> CURLAUTH_DIGEST 
> HTTP Digest authentication. Digest authentication is defined in RFC2617 and is a more
secure way to do authentication over public networks than the regular old-fashioned Basic
method. 
> CURLAUTH_GSSNEGOTIATE 
> HTTP GSS-Negotiate authentication. The GSS-Negotiate (also known as plain "Negotiate")
method was designed by Microsoft and is used in their web applications. It is primarily meant
as a support for Kerberos5 authentication but may be also used along with another authentication
methods. For more information see IETF draft draft-brezak-spnego-http-04.txt. 
> You need to build libcurl with a suitable GSS-API library for this to work. 
> CURLAUTH_NTLM 
> HTTP NTLM authentication. A proprietary protocol invented and used by Microsoft. It uses
a challenge-response and hash concept similar to Digest, to prevent the password from being
eavesdropped. 
> You need to build libcurl with OpenSSL support for this option to work, or build libcurl
on Windows. 
> CURLAUTH_ANY 
> This is a convenience macro that sets all bits and thus makes libcurl pick any it finds
suitable. libcurl will automatically select the one it finds most secure. 
> CURLAUTH_ANYSAFE 
> This is a convenience macro that sets all bits except Basic and thus makes libcurl pick
any it finds suitable. libcurl will automatically select the one it finds most secure. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message