axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davanum Srinivas <>
Subject Re: Issues with Extensibility of CommonsHttpSender/HttpSender
Date Sat, 02 Apr 2005 22:49:40 GMT
+1 from me. Would you be willing to contribute both Axis changes AND
commons http client changes?

-- dims

On Mar 31, 2005 2:44 PM, Matthew-J Watson <> wrote:
> Hi Guys,
> This email is directed towards the developers, but may also be of interest to users.
> I am trying to get an AXIS SOAP client (tried 1.1 and 1.2rc3) to authenticate with a
server which is using the microsoft SPNEGO authorization scheme (similar to basic auth, but
uses kerberos tokens instead) - It works fine from C# etc but I'm trying to write a test harness
in java.
> SPNEGO works like basic auth in:
> client -> server: GET xxx
> server->client: 401 with WWW-Authenticate: Negotiate
> client->server GET xxx with Authorization: Negotiate base64endocdedkerberostoken...
> The classes that do the authorization are the org.apache.axis.transport.http.CommonsHttpSender
and org.apache.axis.transport.http.HttpSender.
> We have plugin classes that extend the commons-httpclient to do client side SPNEGO handling
and so want to use the CommonsHttpSender to make things easier.
> The problem is, we need to HttpClient.getState().setCredentials() with a custom credential
on the client before executing the method. Due to the way this class is written, we have had
to copy the entire class to our own version and modify the methods. If we had a mechanism
for plugging into HttpSender, it would suffer from the same problems. Extending either sender
without completely replacing it is impossible.
> I'd consider submitting a patched version which would be more extensible (i.e. make more
methods and protected ones at that, where at least we'd be able to intercept the HttpClient
before and after the execute was called and set the credentials in a derived class) but I'd
like to get feedback from other developers first who have more experience with the code (I'm
on day 2 now).
> Any opinions?
> Matthew Watson
> --
> This e-mail may contain confidential and/or privileged information. If you are not the
intended recipient (or have received this e-mail in error) please notify the sender immediately
and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material
in this e-mail is strictly forbidden.

Davanum Srinivas -

View raw message