xml-rpc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Evers" <aev...@redwood.nl>
Subject Re: recent patches
Date Sat, 14 Sep 2002 11:27:13 GMT
> Now say I want to actually encrypt the XML-RPC request by the Kerberos
> session key, which is obtained through the contextual info I pass.  Now
>  you see a catch-22: I cannot encrypt the XML-RPC request if it
> contains  the contextual info because the contextual info is needed to
> decrypt  the request in the first place!  So the only option is some
> mechanism  which passes the contextual information _outside of the
> spec_.  This is  an example where despite how well designed the spec is
> itself, there  still needs to be a provision by the library designers
> for scenarios they  cannot predict...interceptors allows that
> flexibility.

This all really occurs outside of the XML-RPC framework. What you are
proposing is similar to the WebServer or SecureWebServer classes. They
handle decoding HTTP and getting the appropriate information to set up
the InputStream for the XmlRpc* classes to use.

You can simply extend/replace WebServer with KerberosWebServer, and
pull the information you need out from the headers. Put this information
into a custom XmlRpcContext (eg. KerberosContext) object, decrypt the
request and pass it in as a ByteArrayInputStream or similar, along
with the custom XmlRpcContext and to the XML-RPC framework. If you
handlers implement ContextXmlRpcHandler you will be able to get the
context out. Your handlers can then cast the contect back to
KerberosContext to get the ticket out. On the client side you would
need to modify one of the XmlRpcClient classes to add in the extra
header that you need.

The XmlRpcContext interface as it stands at the moment is probably
not perfect for this, but close.

Interceptors are one way to approach this problem. However, a few small
changes in WebServer and XmlRpcClient would achieve the same thing,
without needing interceptors in the core XML-RPC processing code.

Andrew.



Mime
View raw message