Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-5306

HttpNamingContextFactory doesn't support http basic authentication

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Obsolete
    • Major
    • None
    • JBossAS-4.2.2.GA
    • Naming
    • None
    • 0
    • 0% 0%

    Description

      If I were to secure the http invoker in my JBoss (in accordance with documentation, by using the /invoker/restricted/JNDIFactory/ url", then I would consequently need to supply a username & password to whatever client code is going to do the JNDI lookups. However, the class org.jboss.naming.HttpNamingContextFactory doesn't do any authentication handling whatsoever. It should be examining the principal & credentials and adding the authentication header for basic auth. It does delegate to the JDK's URL handling under the hood, but that code don't support automatic authentication from the url. So for example if I were to do: http://username:password@myserver:8080/invoker/restricted/JNDIFactory then strangely enough, only the username is passed on in a header, no password.

      I'm contemplating writing my own implementation of HttpNamingContextFactory which uses the efficient apache jakarta commons httpclient library instead.

      Attachments

        Activity

          People

            starksm64 Scott Stark (Inactive)
            dsmiley_jira David Smiley (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: