qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-6965) Make preemptive HTTP authentication pluggable
Date Mon, 01 Feb 2016 15:35:40 GMT

    [ https://issues.apache.org/jira/browse/QPID-6965?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15126398#comment-15126398

ASF subversion and git services commented on QPID-6965:

Commit 1727951 from [~k-wall] in branch 'java/trunk'
[ https://svn.apache.org/r1727951 ]

QPID-6965: SSLClientCertPreemptiveAuthenticator - use constant consistently

> Make preemptive HTTP authentication pluggable
> ---------------------------------------------
>                 Key: QPID-6965
>                 URL: https://issues.apache.org/jira/browse/QPID-6965
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Java Broker
>            Reporter: Keith Wall
>            Assignee: Keith Wall
>             Fix For: qpid-java-6.0.1, qpid-java-6.1
> Currently the HTTP module includes the ability to support a preemptive {{Authorization:
Basic-Auth <base64>}} authentication.   (This is one where the client's request includes
the Basic-Auth header providing correctly encoded credentials allowing the client's interaction
with the Broker to be 'single-shot', without the need to separately authenticate a session).
 This is very useful when scripting with tools such as {{curl}}.
> This ability should be generalised so that other types of preemptive authentication can
be supported too.  One example would be a OAUTH's bearer authorization header {{Authorization:
Bearer <token}}.  See [https://tools.ietf.org/html/rfc6750#page-5].

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message