hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thom Nichols <tmnich...@gmail.com>
Subject Re: AuthScheme impl for OAuth
Date Thu, 09 Sep 2010 21:20:21 GMT
I understand how the HTTP request is represented on the wire, but
HttpRequest.getURI() will still hold the full URI (except I'm guessing in
the situation of redirects and auths where > 1 request is made.)  The
original request.getURI() returned the full URI:
http://twitter.com/statuses/update.xml

Looking at the headers, I can get the Host, but not scheme:
   Accept : application/xml, text/xml, application/xhtml+xml
     Content-Length : 91
     Content-Type : application/x-www-form-urlencoded; charset=MacRoman
     *Host : twitter.com:80*
     Connection : Keep-Alive
     Cookie :....
     Cookie2 : ....

So I can _mostly_ reconstruct the request URI.  But I don't think I can
reliably get the scheme.


On Thu, Sep 9, 2010 at 3:10 PM, Asankha C. Perera <asankha@apache.org>wrote:

> Hi Tom
>
>  So I'm trying to implement an AuthScheme for OAuth (actually I'm trying to
>> augment SignPost to work with HttpClient's AuthScheme, but anyway...)
>>
>> The problem I'm running up against is when AuthScheme.authenticate(
>> Credentials, HttpRequest  ) is called.  The problem is, in order for the
>> request to be signed in OAuth, I need to know the entire request URI.  The
>> HttpRequest that's passed into authenticate() only has the path portion of
>> the URI.
>>
>> Code snippet from OAuthScheme.java:
>>     public Header authenticate( Credentials credentials, HttpRequest
>> request
>> ) throws AuthenticationException {
>>         System.out.println( "AuthScheme request: " + request.getURI() );
>>         // ... sign the request
>>     }
>>
>> So, calling getURI on my original request shows:
>> http://twitter.com/statuses/update.xml
>> (get 401 response, authScheme handler kicks in...)
>> from the authenicate method, I get printed:
>> AuthScheme request: /statuses/update.xml
>>
>> I'm guessing this is because the request I'm getting is the 'new' request
>> created after the initial 401 response is returned.  I know the
>> HttpContext
>> holds state information between multiple requests (like redirects and
>> 401s)
>> but I don't have access to that from my AuthScheme instance.  So how can
>> my
>> AuthScheme get the URI from the original request?
>>
>>
> I think you are seeing the right request.. but you only see the request URI
> as your request went out that way. For example:
>
> GET http://twitter.com/statuses/update.xml HTTP/1.1
>
> you issued, got translated as:
>
> GET /statuses/update.xml HTTP/1.1
> Host: twitter.com
>
> You should still be able to get the scheme, method etc from the request, as
> well as the 'Host' header. Can you check if this is correct?
>
> cheers
> asankha
>
> --
> Asankha C. Perera
> AdroitLogic, http://adroitlogic.org
>
> http://esbmagic.blogspot.com
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message