DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10794>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10794 User interaction for authentication ------- Additional Comments From [EMAIL PROTECTED] 2003-10-01 08:26 ------- Hello David, don't try to guess what the handler will need to know. That's what we did in OpenCard and failed with. It wasn't long until someone required something we hadn't thought of, but the interface was already defined and could not be changed anymore. Your suggestion: public Credentials getCredentials( String realm, String host ); looks pretty much that way too. Even if you add port and authorization scheme and possibly the status code as additional arguments. Rather, define a class that holds such information and can be subclassed for new authorization schemes, should someone choose to invent one. Like: class AuthSpec { attributes: type / host / port / realm / HttpMethod } public Credentials getCredentials(AuthSpec authspec) { if (type unknown) throw UnknownAuthenticationTypeException } I wonder whether host vs. proxy authentication should be distinguished within the AuthSpec object, as a separate boolean flag, or by using two different methods to get credentials for the host or proxy, respectively. The existing class HttpAuthenticator uses distinct methods, and so does HttpState. It's probably best to stick with that decision. regards, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]