Uploaded image for project: 'XML-RPC'
  1. XML-RPC
  2. XMLRPC-65

HTTP Basic Authentication is unusable

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Won't Fix
    • 2.0
    • None
    • Releases, Source
    • None

    Description

      XmlRpcClient support for HTTP Basic Authentication is unusable.
      Apparently while calling XmlRpcClient.setBasicAuthentication() still works, it is deprecated and there is no simple alternative to use.

      The only other option is to create a DefaultXmlRpcTransportFactory, calling setBasicAuthentication() on it, and the passing it in the constructor to XmlRpcClient. this is bad for two reasons:
      1) the URL has to be specified twice - once in the c'tor of the factory and once in the c'tor of the client.
      2) It doesn't work - DefaultXmlRpcTransportFactory is broken and when using non-SSL connections, it does not initialize created transports with the basic authentication information (one reason is probably that the transport's c'tor that takes encoded basic auth is deprecated and as the factory saves auth information encoded, it has no way of providing it to the transport).

      Currently the only way I can make it work is to subclass DefaultXmlRpcTransportFactory and implement my own createTransport() call that calls setBasicAuthentication() on the created transport using externally stored auth info. This is undocumented and incredibly clanky.

      Possible Solutions:
      a) undeprecate XmlRpcClient.setBasicAuthentication().
      I don't see any reason not to let it work by doing what it currently does when no factory is supplied. If the user has supplied a factory then either XmlRpcClient can call setBasicAuthentication() on the factory or createed transport with the stored credentials (unlike factory, client stores the unencoded credentials), or it can just do what it currently does in that case (i.e. nothing) and assume that the provided factory knows how to setBasicAuthentication() properly
      b) Fix DefaultXmlRpcTransportFactory by storing the unencoded credentials and calling setBasicAuthentination() on the created transport before returning it.
      c) undeprecate the XmlRpcTransport c'tor that takes encoded auth info and let DefaultXmlRpcTransportFactory use that to construct transports.

      Also, either a+b or a+c can be implemented.

      Attachments

        Activity

          People

            Unassigned Unassigned
            guss Oded Arbel
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: