hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject [PATCH] Yet another refactoring of authentication logic "Oops I did it again"
Date Thu, 18 Mar 2004 21:54:20 GMT

I believe that most of you have already been suspecting that tinkering
with the authentication framework is a sort of Russian traditional
sport. Well, almost ;-)

Prompted by the 2.0 incompatibility discovered by Vincent Massol
<vmassol at pivolis.com> (Specials thanks go to Gump and all the Gump
Meisters) I went over the authentication code one more time and made yet
another series of changes 

* I factored out the authentication challenge processing logic from the
HttpMethodDirector to a class of its own. Thanks to that authentication
challenge processing can now be tested separately. Test cases provided.

* HttpMethodDirector no longer intervenes if Authorization &
Proxy-Authorization are set manually by the user. Custom authorization
headers are never overwritten

* Introduced a new class called AuthState that represents the
authentication process state that contains all the authentication
details. Basically it is just a convenience wrapper around the
authentication scheme interface.

* Proxy and host authentication state objects moved to the HTTP method
level, so that they can be queried by the user to find out the details
about authentication that has been performed by the HttpMethodDirector.
With the current implementation all the details of proxy and host
authentication are contained within the HttpMethodDirector instance,
which exists only within the lifetime of HttpClient#executeMethod()
execution. As soon as the method returns, the respective
HttpMethodDirector instance gets GCed along with the authentication

* More test cases

Let me know what you think


PS: I hope this is going to be the last round of changes in the
authentication logic. I can live with it now (until 4.0, of course)

View raw message