URL Generator and Basic Authentication

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

URL Generator and Basic Authentication

Stephen Bayliss
I've been trying to use the URL generator, on an SSL connection, using
basic authentication.

I've got over the hurdles of installing a certificate etc, but it seems
that the oxf:url-generator doesn't handle the standard URL format for
basic authentication, ie

https://myuserid:mypassword@...

So far the only way I can get it to work is by including a header of the
format
<header>
        <name>Authorization</name>
        <value>Basic some-base-64-encoded-stuff</value>
</header>

in the config input of the processor; where some-base-64-encoded-stuff
is the string myuserid:mypassword base-64 encoded.

Am I missing something obvious?

Steve




--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: URL Generator and Basic Authentication

Alessandro  Vernet
Administrator
Hi Stephen,

We do a standard url.openConnection() in Java, and it looks like Java
does not handle the username and password encoded in the URL. Using
headers instead, as you suggest, seems like a solution. Is it an
acceptable solution in your case?

Otherwise, the URL Generator would have to be modified to handle the
username/password in the URL and pass that information to the URL
connection in a way that it understands.

Alex

On 12/13/05, Stephen Bayliss <[hidden email]> wrote:

> I've been trying to use the URL generator, on an SSL connection, using
> basic authentication.
>
> I've got over the hurdles of installing a certificate etc, but it seems
> that the oxf:url-generator doesn't handle the standard URL format for
> basic authentication, ie
>
> https://myuserid:mypassword@...
>
> So far the only way I can get it to work is by including a header of the
> format
> <header>
>         <name>Authorization</name>
>         <value>Basic some-base-64-encoded-stuff</value>
> </header>
>
> in the config input of the processor; where some-base-64-encoded-stuff
> is the string myuserid:mypassword base-64 encoded.
>
> Am I missing something obvious?
>
> Steve
>
>
>
>
>
> --
> You receive this message as a subscriber of the [hidden email] mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>
>
>

--
Blog (XML, Web apps, Open Source): http://www.orbeon.com/blog/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
Reply | Threaded
Open this post in threaded view
|

RE: URL Generator and Basic Authentication

Stephen Bayliss
In reply to this post by Stephen Bayliss
Hi Alex
It's an acceptable work-around for now, though obviously introduces
complexity due to the need to base-64-encode the user name and password.
I've got a utility pipeline to do base-64 encoding (or might even just
store the already-encoded values in my app config file).

Therefore longer term it would be nice for the URL generator to either
(a) handle the URL-syntax for user name and password
(http://user:password@...) or
(b) have extra nodes in the config input to specify (plain text) user
name and password, to avoid the need to base-64 encode.

Steve

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of
Alessandro Vernet
Sent: 14 December 2005 04:18
To: [hidden email]
Subject: Re: [ops-users] URL Generator and Basic Authentication

Hi Stephen,

We do a standard url.openConnection() in Java, and it looks like Java
does not handle the username and password encoded in the URL. Using
headers instead, as you suggest, seems like a solution. Is it an
acceptable solution in your case?

Otherwise, the URL Generator would have to be modified to handle the
username/password in the URL and pass that information to the URL
connection in a way that it understands.

Alex

On 12/13/05, Stephen Bayliss <[hidden email]> wrote:
> I've been trying to use the URL generator, on an SSL connection, using
> basic authentication.
>
> I've got over the hurdles of installing a certificate etc, but it
seems
> that the oxf:url-generator doesn't handle the standard URL format for
> basic authentication, ie
>
> https://myuserid:mypassword@...
>
> So far the only way I can get it to work is by including a header of
the

> format
> <header>
>         <name>Authorization</name>
>         <value>Basic some-base-64-encoded-stuff</value>
> </header>
>
> in the config input of the processor; where some-base-64-encoded-stuff
> is the string myuserid:mypassword base-64 encoded.
>
> Am I missing something obvious?
>
> Steve
>
>
>
>
>
> --
> You receive this message as a subscriber of the
[hidden email] mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> ObjectWeb mailing lists service home page:
http://www.objectweb.org/wws
>
>
>


--
Blog (XML, Web apps, Open Source): http://www.orbeon.com/blog/





--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: URL Generator and Basic Authentication

Erik Bruchez
Administrator
RFE entered:

http://forge.objectweb.org/tracker/index.php?func=detail&aid=304384&group_id=168&atid=350210

Any taker? This shouldn't be too hard to do.

-Erik

Stephen Bayliss wrote:

> Hi Alex
> It's an acceptable work-around for now, though obviously introduces
> complexity due to the need to base-64-encode the user name and password.
> I've got a utility pipeline to do base-64 encoding (or might even just
> store the already-encoded values in my app config file).
>
> Therefore longer term it would be nice for the URL generator to either
> (a) handle the URL-syntax for user name and password
> (http://user:password@...) or
> (b) have extra nodes in the config input to specify (plain text) user
> name and password, to avoid the need to base-64 encode.
>
> Steve
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of
> Alessandro Vernet
> Sent: 14 December 2005 04:18
> To: [hidden email]
> Subject: Re: [ops-users] URL Generator and Basic Authentication
>
> Hi Stephen,
>
> We do a standard url.openConnection() in Java, and it looks like Java
> does not handle the username and password encoded in the URL. Using
> headers instead, as you suggest, seems like a solution. Is it an
> acceptable solution in your case?
>
> Otherwise, the URL Generator would have to be modified to handle the
> username/password in the URL and pass that information to the URL
> connection in a way that it understands.
>
> Alex
>
> On 12/13/05, Stephen Bayliss <[hidden email]> wrote:
>
>>I've been trying to use the URL generator, on an SSL connection, using
>>basic authentication.
>>
>>I've got over the hurdles of installing a certificate etc, but it
>
> seems
>
>>that the oxf:url-generator doesn't handle the standard URL format for
>>basic authentication, ie
>>
>>https://myuserid:mypassword@...
>>
>>So far the only way I can get it to work is by including a header of
>
> the
>
>>format
>><header>
>>        <name>Authorization</name>
>>        <value>Basic some-base-64-encoded-stuff</value>
>></header>
>>
>>in the config input of the processor; where some-base-64-encoded-stuff
>>is the string myuserid:mypassword base-64 encoded.
>>
>>Am I missing something obvious?
>>
>>Steve


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws