cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Schneider Christian <>
Subject Discuss change http authorization handling to be strategy based
Date Mon, 15 Nov 2010 15:26:44 GMT
Hi all,

I am currently working on (Support Spnego/Kerberos
authentication for http transport).
My first attempt was to use implement an AuthSupplier for this case. I thought AuthSupplier
acts as a kind of strategy to implement auth support.

When I digged into the code I found that this is not really true. AuthSupplier seems to be
used only in some cases and much other decisions are done in setHeadersByAuthorizationPolicy,
setBasicAuthHeader, setProxyBasicAuthHeader, authorizationRetransmit. So it would be not so
easy to add another authentication mechanism.

To clean this up I propose to refactor to a strategy based implementation with 3 currently

- BasicAuthStrategy
- DigestAuthStrategy
- SpnegoAuthStrategy

The conduit should do no detailed authentication handling at all. Instead it should delegate
to the strategy to be used and let it do what is needed. Another problem is then of course
how to choose the strategy to be used. We could do it upfront and then only give the conduit
one strategy or we could do it later and give the conduit a
strategy that decides for each case which real stratgy to use.

Any ideas / opinions about this are very much welcome.

Best regards


Christian Schneider
Business Solutions
Handel und Dispatching

Tel : +49-(0)721-63-15482

EnBW Systeme Infrastruktur Support GmbH
Sitz der Gesellschaft: Karlsruhe
Handelsregister: Amtsgericht Mannheim ‑ HRB 108550
Vorsitzender des Aufsichtsrats: Dr. Bernhard Beck
Geschäftsführer: Jochen Adenau, Hans-Günther Meier

View raw message