------- Additional Comments From [EMAIL PROTECTED] 2004-01-29 12:54 -------
Odi, I think it is a better approach. I especially like the idea to abstract away all the credentials persistence/retrieval logic. There's one catch, though. The patch in its current form simply does not attempt to provide any recovery mechanism for authentication failures, leaving the user without any possibility to re-authenticate if given credentials are invalid. I believe there has to be a way to discard the existing credentials and prompt the user for new ones, which basically brings us back to my patch, albeit without global CredentialsPrompter.
If you like I can take your patch as a starting point and add missing functionality from mine.
Thanks for the flowers Oleg :-)
Look at the patch as an architecture sketch. Feel free to add what's missing. I guess this affects the HttpMethodDirector and/or Authenticator only. Sorry I was not aware of that feature, also there should be a test case that tests if the re-authentication works properly. Also I guess I forgot to provide a HttpState::setProxyCredentialsProvider method and JavaDoc may still be erronous.
What I don't like that much at the moment is the hack of creating a temporary BasicAuthScheme inside the now deprecated methods. But I think we can easily live with that.
Odi
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
