users@jersey.java.net

Re: [Jersey] Jersey Client and Basic Authentication

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Mon, 25 Aug 2008 14:24:56 +0200

Hi Mike,

This looks good. We would require tests to an authenticated service. I
am guessing such services could be written using embedded Jetty and we
can make them unit tests.

BTW you can do this:

   clientRequest.getMetadata().
     putSingle("Authorization", new String(encoded));

I think having this as a separate contribution would be best as it
depends on the Apache commons.

I agree with Imran that one should avoid having such information in the
URI. We should stick to utilizing HTTP authorization headers.

Extra bonus points for supporting the digest access authentication
scheme [1] :-)

Paul.

[1] http://www.ietf.org/rfc/rfc2617.txt

Mike Jones wrote:
> Hi
>
> I've had as quick go at creating a filter for basic authentication. It
> works well for my tests and uses the Base64 encoder provided with
> commons-codec:
>
> <snip>
> public class BasicAuthenticationClientFilter extends ClientFilter {
>
> public BasicAuthenticationClientFilter(final String username,
> final String password) {
> this.username = username;
> this.password = password;
> }
>
> public ClientResponse handle(ClientRequest clientRequest) throws
> ClientHandlerException {
>
> // encode the password
> byte[] encoded = Base64.encodeBase64((username + ":" +
> password).getBytes());
>
> // add the header
> List<Object> headerValue = new ArrayList<Object>();
> headerValue.add("Basic " + new String(encoded));
> clientRequest.getMetadata().put("Authorization", headerValue);
>
> return getNext().handle(clientRequest);
> }
>
> private String username;
> private String password;
> }
> </snip>
>
> I'd like to make it more robust and useful as a contribution to
> jersey. I need some tests for it and was also wondering if it should
> check for the username and the password in the URI:
> http://mike:secret@localhost/ ? Any thoughts?
>
> Cheers
> Mike
>
> 2008/8/20 Mike Jones <mike.a.jones_at_gmail.com>:
>> Hi Marc
>>
>> That worked a treat for the one test I wrote - I think I'll need to
>> call a Authenticator.setDeault(null) on the tearDown to stop specific
>> the credentials going across more than one test.
>>
>> Paul's idea about the Filter is interesting - I suppose using that you
>> can support conventions like http://mike:secret@example.org/
>>
>> Thanks for the help
>>
>> Cheers
>> Mike
>>
>> 2008/8/20 Marc Hadley <Marc.Hadley_at_sun.com>:
>>> Try adding the following to your code before you use the client API:
>>>
>>> final String username ="...";
>>> final String password ="...";
>>> Authenticator.setDefault(new Authenticator() {
>>> protected PasswordAuthentication getPasswordAuthentication() {
>>> return new PasswordAuthentication (username, password.toCharArray());
>>> }
>>> });
>>>
>>> HTH,
>>> Marc.
>>>
>>> On Aug 20, 2008, at 6:45 AM, Mike Jones wrote:
>>>
>>>> Hello
>>>>
>>>> I'm using Jersey with Spring security and I'm in the process of
>>>> creating some tests that use embedded Jetty and the Jersey client. I
>>>> need to perform some basic authentication with the client - do I need
>>>> to encode the credentials in Base64 myself and add them to the headers
>>>> in the jersey client? Am I missing some nice (and probably obvious)
>>>> helper methods for this?
>>>>
>>>> Cheers
>>>> Mike
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>>>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>>>
>>> ---
>>> Marc Hadley <marc.hadley at sun.com>
>>> CTO Office, Sun Microsystems.
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>>
>>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>

-- 
| ? + ? = To question
----------------\
    Paul Sandoz
         x38109
+33-4-76188109