hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 18355] - HttpState cannot differentiate credentials for different hosts with same Realm names
Date Mon, 31 Mar 2003 19:03:19 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18355>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18355

HttpState cannot differentiate credentials for different hosts with same Realm names





------- Additional Comments From olegk@apache.org  2003-03-31 19:03 -------
Adrian

I have already started working on this bug. However, if you feel like taking the
lead, just let me know. 

Credentials matching algorithm is exactly the sticking point. I have been
thinking whether we should make an assumption of an authentication realm being
related to just one host or should we assume that it could span across several
hosts in a domain? For instance, should myhost.mydomain.com match .mydomain.com
when picking credentials for an authentication realm? Let me know what is your
take on this.

Here's how I see the search order: 

<code>null</code> host should match any host. <code>null</code> realm
should
match any realm. 

We start searching by trying to find an exact match 'realm@host'. If that yields
no results, 'null@host' should be tried next, followed by 'realm@null' if
unsuccessful. If none of this results in a match, default credentials
'null@null' should be used.

It's not the most elegant or intuitive scheme, but it is the only one I can
think of which would allow us to stay backward-compatible. 

Oleg

Mime
View raw message