hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Asankha C. Perera" <asan...@apache.org>
Subject Re: AuthScheme impl for OAuth
Date Thu, 09 Sep 2010 19:10:35 GMT
Hi Tom
> So I'm trying to implement an AuthScheme for OAuth (actually I'm trying to
> augment SignPost to work with HttpClient's AuthScheme, but anyway...)
>
> The problem I'm running up against is when AuthScheme.authenticate(
> Credentials, HttpRequest  ) is called.  The problem is, in order for the
> request to be signed in OAuth, I need to know the entire request URI.  The
> HttpRequest that's passed into authenticate() only has the path portion of
> the URI.
>
> Code snippet from OAuthScheme.java:
>      public Header authenticate( Credentials credentials, HttpRequest request
> ) throws AuthenticationException {
>          System.out.println( "AuthScheme request: " + request.getURI() );
>          // ... sign the request
>      }
>
> So, calling getURI on my original request shows:
> http://twitter.com/statuses/update.xml
> (get 401 response, authScheme handler kicks in...)
> from the authenicate method, I get printed:
> AuthScheme request: /statuses/update.xml
>
> I'm guessing this is because the request I'm getting is the 'new' request
> created after the initial 401 response is returned.  I know the HttpContext
> holds state information between multiple requests (like redirects and 401s)
> but I don't have access to that from my AuthScheme instance.  So how can my
> AuthScheme get the URI from the original request?
>    
I think you are seeing the right request.. but you only see the request 
URI as your request went out that way. For example:

GET http://twitter.com/statuses/update.xml HTTP/1.1

you issued, got translated as:

GET /statuses/update.xml HTTP/1.1
Host: twitter.com

You should still be able to get the scheme, method etc from the request, 
as well as the 'Host' header. Can you check if this is correct?

cheers
asankha

-- 
Asankha C. Perera
AdroitLogic, http://adroitlogic.org

http://esbmagic.blogspot.com





---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message