xml-rpc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Megacz <a...@megacz.com>
Subject Re: patch to correct improper handling of HTTP Basic authentication
Date Fri, 23 Aug 2002 20:08:08 GMT

Daniel Rall <dlr@finemaltcoding.com> writes:
> Adam, this is mostly in there now.  I heavily modified your patch.
> Please take a look when you have time and let us know what you think.

Yeah, I took a look at it. You should throw an AuthenticationFailed
excption in XmlRpc.java as soon as it is determined that (user==null
&& handler instanceof AuthenticatedXmlRpcHandler).

As your code is written right now, it is a violation of HTTP for an
AuthenticatedXmlRpcHandler to do anything other than throw an
AuthenticationFailedException if user==null.  By not automatically
throwing the exception, the new structure encourages people to write
broken code.

  - a

-- 
"Cassette tapes are killing the music industry"
                             -- RIAA spokesperson, 1978

Mime
View raw message