axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthew-J Watson" <>
Subject Issues with Extensibility of CommonsHttpSender/HttpSender
Date Thu, 31 Mar 2005 08:44:57 GMT
Hi Guys,

This email is directed towards the developers, but may also be of interest to users.

I am trying to get an AXIS SOAP client (tried 1.1 and 1.2rc3) to authenticate with a server
which is using the microsoft SPNEGO authorization scheme (similar to basic auth, but uses
kerberos tokens instead) - It works fine from C# etc but I'm trying to write a test harness
in java.

SPNEGO works like basic auth in:
client -> server: GET xxx
server->client: 401 with WWW-Authenticate: Negotiate
client->server GET xxx with Authorization: Negotiate base64endocdedkerberostoken...

The classes that do the authorization are the org.apache.axis.transport.http.CommonsHttpSender
and org.apache.axis.transport.http.HttpSender.
We have plugin classes that extend the commons-httpclient to do client side SPNEGO handling
and so want to use the CommonsHttpSender to make things easier.

The problem is, we need to HttpClient.getState().setCredentials() with a custom credential
on the client before executing the method. Due to the way this class is written, we have had
to copy the entire class to our own version and modify the methods. If we had a mechanism
for plugging into HttpSender, it would suffer from the same problems. Extending either sender
without completely replacing it is impossible.

I'd consider submitting a patched version which would be more extensible (i.e. make more methods
and protected ones at that, where at least we'd be able to intercept the HttpClient before
and after the execute was called and set the credentials in a derived class) but I'd like
to get feedback from other developers first who have more experience with the code (I'm on
day 2 now).

Any opinions?

Matthew Watson


This e-mail may contain confidential and/or privileged information. If you are not the intended
recipient (or have received this e-mail in error) please notify the sender immediately and
destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material
in this e-mail is strictly forbidden.

View raw message