Ray Krueger wrote:
Unfortunately I just ran out of time - the unit tests took as long to write as the actual implementation! Tomorrow I am working on anonymous user support, remember-me, and (if time permits) config attribute sensitive AuthenticationEntryPoints.Hey! Where's the HttpInvokerRequestExecutor for it! :P I'm making jokes (and no, I'm not gonna write it ha!)
Although I may write the Basic Auth CommonsHttpInvokerRequestExecutor
I did have developing additional user agents in mind when writing the server-side implementation. I put a static method in DigestProcessingFilter to correctly compute the digest from passed arguments. There are also useful header string parsing methods in net.sf.acegisecurity.util.StringSplitUtils. The primary challenge to writing a Digest-aware HttpInvokerRequestExecutor will be figuring out how to stop HttpInvoker aborting when a 401 is returned (a requirement of the protocol to receive the nonce, realm etc), and passing the 401 response to the Digest implementation class so that it can prepare the header and store the nonce, realm etc for future requests.
Cheers Ben
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
