hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kalnichevski, Oleg" <oleg.kalnichev...@bearingpoint.com>
Subject RE: [PATCH] Yet another refactoring of authentication logic "Oops Idid it again"
Date Wed, 24 Mar 2004 10:55:25 GMT

Any objections to committing this patch?


-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: Thursday, March 18, 2004 22:54
To: Jakarta Commons HttpClient mailing list; Vincent Massol
Subject: [PATCH] Yet another refactoring of authentication logic "Oops
Idid it again"


I believe that most of you have already been suspecting that tinkering
with the authentication framework is a sort of Russian traditional
sport. Well, almost ;-)

Prompted by the 2.0 incompatibility discovered by Vincent Massol
<vmassol at pivolis.com> (Specials thanks go to Gump and all the Gump
Meisters) I went over the authentication code one more time and made yet
another series of changes

* I factored out the authentication challenge processing logic from the
HttpMethodDirector to a class of its own. Thanks to that authentication
challenge processing can now be tested separately. Test cases provided.

* HttpMethodDirector no longer intervenes if Authorization &
Proxy-Authorization are set manually by the user. Custom authorization
headers are never overwritten

* Introduced a new class called AuthState that represents the
authentication process state that contains all the authentication
details. Basically it is just a convenience wrapper around the
authentication scheme interface.

* Proxy and host authentication state objects moved to the HTTP method
level, so that they can be queried by the user to find out the details
about authentication that has been performed by the HttpMethodDirector.
With the current implementation all the details of proxy and host
authentication are contained within the HttpMethodDirector instance,
which exists only within the lifetime of HttpClient#executeMethod()
execution. As soon as the method returns, the respective
HttpMethodDirector instance gets GCed along with the authentication

* More test cases

Let me know what you think


PS: I hope this is going to be the last round of changes in the
authentication logic. I can live with it now (until 4.0, of course)

The information in this email is confidential and may be legally privileged.  Access to this
email by anyone other than the intended addressee is unauthorized.  If you are not the intended
recipient of this message, any review, disclosure, copying, distribution, retention, or any
action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. 
If you are not the intended recipient, please reply to or forward a copy of this message to
the sender and delete the message, any attachments, and any copies thereof from your system.

To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org

View raw message