ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jochen Wiedmann <>
Subject Re: Authentication in XMLRPC 3
Date Tue, 21 Feb 2006 21:44:08 GMT


it seems I missed this a little bit. Basic authentication is prepared,
but while I think about it, it isn't so easy as I thought.

I have added some methods to the PropertyHandlerMapping. You'll find
them in the SVN version soon. Additionally I have prepared the following
section for the docs, which wou'll find online in the next days and
which hopefully will provide you with the necessary details.


Basic Authentication

  Basic authentication is frequently used to authenticate and authorize
  users. Within Apache XML-RPC, basic authentication is done by the
  The handler receives an instance of
  {{{apidocs/org/apache/xmlrpc/XmlRpcRequest.html}XmlRpcRequest}}. This
  object has a method <<<getConfig()>>>, which returns an instance of


  If you are running within a HTTP server, then the request configuration
  may be casted to an instance of

  This object has methods <<<getBasicUserName()>>>, and
  which provide the necessary details.

  In other words: Your task is to provide your own instance of

  which creates your own handlers. And your own handlers are responsible to
  validate the basic authentication details.

  Here's an example servlet, which overrides the default

  public class MyServlet extends PropertyHandlerMapping {
  	  private boolean isAuthenticated(String pUserName, String pPassword) {
  	      return "foo".equals(pUserName) && "bar".equals(pPassword);
	  protected XmlRpcHandlerMapping newXmlRpcHandlerMapping() throws
XmlRpcException {
	      PropertyHandlerMapping mapping
	          = (PropertyHandlerMapping) super.newXmlRpcHandlerMapping();
	      PropertyHandlerMapping.AuthenticationHandler handler =
	          new PropertyHandlerMapping.AuthenticationHandler(){
		          public boolean isAuthorized(XmlRpcRequest pRequest){
		              XmlRpcHttpRequestConfig config =
		                  (XmlRpcHttpRequestConfig) pRequest.getConfig();
		              return isAuthenticated(config.getBasicUserName(),
	      return mapping;

View raw message