brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aledsage <...@git.apache.org>
Subject [GitHub] brooklyn-server pull request #790: Adds HttpFeed.preemptiveBasicAuth
Date Fri, 04 Aug 2017 09:45:28 GMT
Github user aledsage commented on a diff in the pull request:

    https://github.com/apache/brooklyn-server/pull/790#discussion_r131352449
  
    --- Diff: core/src/main/java/org/apache/brooklyn/feed/http/HttpFeed.java ---
    @@ -228,6 +235,25 @@ public Builder httpExecutor(HttpExecutor val) {
                 this.httpExecutor = val;
                 return this;
             }
    +        public Map<String, String> buildBaseHeaders() {
    +            if (Boolean.TRUE.equals(preemptiveBasicAuth)) {
    +                Credentials creds = credentials;
    +                if (creds == null) {
    +                    throw new IllegalArgumentException("Must not enable preemptiveBasicAuth
when there are no credentials, in feed for "+baseUri);
    +                }
    +                String username = checkNotNull(creds.getUserPrincipal().getName(), "username");
    --- End diff --
    
    I think we leave the name/password as-is. If we want to trim, or warn on extra white space,
that should be done earlier (e.g. at the level of the config key's validation rules?).
    
    Good point about colon in the username. I'll change it to fail-fast if it has a colon.
    
    For the record, from RFC 7617 section 2:
    ```
    Furthermore, a user-id containing a colon character is invalid, as
       the first colon in a user-pass string separates user-id and password
       from one another; text after the first colon is part of the password.
       User-ids containing colons cannot be encoded in user-pass strings.
    
       Note that many user agents produce user-pass strings without checking
       that user-ids supplied by users do not contain colons; recipients
       will then treat part of the username input as part of the password.
    ```


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message