Announcement Announcement Module
Collapse
No announcement yet.
basic authentication using spring only code Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • basic authentication using spring only code

    i've read through the blogs about basic authentication and it seems that the only way for the httpInvoker to have this feature is to utilize the acegi security package.

    is there a way to natively add this feature without having to go thirdparty? my company took a long time to approve the springframework product for commercial use. i know the acegi package shares the same license as spring does, but our legal dept goes absolutely bananas when it comes to thirdparty "opensource" products.. mentally scarred by the whole sco/unix thing i guess.

    thanks

  • #2
    Here's an attempt with a dependency on httpclient (i know, but we fortunately approved the commons httpclient)

    Code:
    public class SimpleAuthExecutor extends CommonsHttpInvokerRequestExecutor {
    
        private String username;
    
        private String password;
    
        private boolean httpClientStateSet = false;
    
        private String realm;
    
        private String host;
    
        private int port;
    
        public void setUsername(String username) {
            this.username = username;
            this.httpClientStateSet = false;
        }
    
        public synchronized void setPassword(String password) {
            this.password = password;
            this.httpClientStateSet = false;
        }
    
        public synchronized void setRealm(String realm) {
            this.realm = realm;
            this.httpClientStateSet = false;
        }
    
        public synchronized void setHost(String host) {
            this.host = host;
            this.httpClientStateSet = false;
        }
    
        public synchronized void setPort(int port) {
            this.port = port;
            this.httpClientStateSet = false;
        }
    
        protected RemoteInvocationResult doExecuteRequest(
                final HttpInvokerClientConfiguration config,
                final ByteArrayOutputStream baos) throws IOException,
                ClassNotFoundException {
            synchronized (this) {
                if (!this.httpClientStateSet) {
                    final HttpClient client = getHttpClient();
                    final URI uri;
                    try {
                        uri = new URI(config.getServiceUrl());
                    } catch (URISyntaxException e) {
                        final IOException ioe = new IOException();
                        ioe.initCause(e);
                        throw ioe;
                    }
                    if (username != null && password != null) {
                        client.getState()
                                .setCredentials(
                                        new AuthScope(host, port, realm),
                                        new UsernamePasswordCredentials(username,
                                                password));
    
                        /*
                         * This is to make HttpClient pick the Basic authentication
                         * scheme over NTLM & Digest
                         */
                        List authPrefs = new ArrayList(3);
                        authPrefs.add(AuthPolicy.BASIC);
                        authPrefs.add(AuthPolicy.NTLM);
                        authPrefs.add(AuthPolicy.DIGEST);
                        client.getParams().setParameter(
                                AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs);
                        client.getParams().setAuthenticationPreemptive(true);
                    } else {
                        throw new NullPointerException(
                                "Username and Password cannot be null");
                    }
                    this.httpClientStateSet = true;
                }
            }
            return super.doExecuteRequest(config, baos);
        }
    }
    I got the idea from Andy's BasicAuthenticationInvokerRequestExecutor in a thread elsewhere..

    This is a bare minimum example of enabling authentication on the commons http client.

    Comment

    Working...
    X