cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian Schneider (JIRA)" <>
Subject [jira] Updated: (CXF-3216) Refactor http authentication to make it more flexible and simpler
Date Fri, 24 Dec 2010 10:14:46 GMT


Christian Schneider updated CXF-3216:

    Attachment: CXF-3216-2.patch

- Replacing HttpConduit with AuthorizationPolicy in HttpAuthSupplier interface
  => This eliminates a circular dependency with HttpConduit and allows to reuse the interface
for proxy auth
- removed realm parameter from HttpAuthSupplier
  => The parameter is not necessary as the realm can always be extracted from the full
auth token
- Moving auth stuff into a package http.auth
  => As I change the interface and so loose backwards compatibility I also sorted the classes
- Add proxyAuthSupplier in Httpcondduit and use it for proxy auth like authSupplier for serve
  => This change makes proxy auth and server auth very similar. Currently there is no retransmit
for 407 reponses but it can easily added now. All one step authentications should work with
this change already
- Removed HttpBasicAuthSupplier
 => I hope this is ok. I doubt it was used frequently by customers anyway

After this patch practically all auth stuff is moved out of HttpConduit. The bad thing is
that HttpAuthSupplier is changed in an incompatible way. Is that ok or do we have to first
deprecate the interface?

> Refactor http authentication to make it more flexible and simpler
> -----------------------------------------------------------------
>                 Key: CXF-3216
>                 URL:
>             Project: CXF
>          Issue Type: Improvement
>          Components: Transports
>    Affects Versions: 2.3.1
>            Reporter: Christian Schneider
>            Assignee: Christian Schneider
>             Fix For: 2.4
>         Attachments: CXF-3216-1.patch, CXF-3216-2.patch
> The http authentication should be completely based on authSupplier. The HttpConduit should
simply delegate to it.
> We should also remove some of the other auth config options besides authorizationPolicy
on conduit.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message