> Hi Odi,
>
> since the class is named HttpURL (or HttpsURL), I don't
> think we need to bother about non-HTTP URL schemes :-)
Right, that was my first thougt, too. Citing RFC-1738:
While the syntax for the rest of the URL may vary depending on the
particular scheme selected, URL schemes that involve the direct use
of an IP-based protocol to a specified host on the Internet use a
common syntax for the scheme-specific data:
//<user>:<password>@<host>:<port>/<url-path>
>
> Anyway, I like your version with separate constructors
> for escaped and non-escaped authentication data. It
> gives maximum flexibility.
I did not have a look how far the URI class is affected, but for
HttpURL I would say this is not neccessary for the above reason. I
fear too much flexibility here could easily lead to confusion amongst
users.
Ingo
>
> cheers,
> Roland
>
>
>
>
>
> Ortwin Gl=FCck <[EMAIL PROTECTED]>=20
> 08.09.2004 14:27
> Please respond to
> "Commons HttpClient Project"
>
>
> To
> Commons HttpClient Project <[EMAIL PROTECTED]>
> cc
>
> Subject
> Re: DO NOT REPLY [Bug 28728] - HttpUrl does not accept unescaped=20
> passwords
>
>
>
>
>
>
> Thanks again. The problem with that patch is that it assumes that
> userinfo is always a username and password. This may be almost always
> the case for the HTTP scheme. But actually the userinfo part of a URL
> can be *anything*. The actual format of userinfo strongly depends on the
> context (i.e. the authentication scheme). RFC-2396 states: "Some URL
> schemes use the format "user:password" in the userinfo field."
>
> I suggest we provide
>
> public HttpURL(String user, String password, String host, int port,
> String path, String query, String fragment) throws
> URIException
>
> which takes user and password, properly escapes them and joins them
> together with a colon as the delimiter and just feeds them into the
> generic constructor.
>
> We would then not deprecate
> public HttpURL(String userinfo, String host, int port, String path,
> String query, String fragment) throws URIException
>
> but change its contract to require userinfo to be correctly escaped and
> limited to the legal set of characters.
>
> O.
>
> [EMAIL PROTECTED] wrote:
>
> > ------- Additional Comments From [EMAIL PROTECTED] 2004-09-08 12:05=20
> -------
> > Created an attachment (id=3D12670)
> > The same patch im unified diff format (forgot the -u, sorry)
>
> --=20
> =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
> =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
> =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
> NOSE applied intelligence ag
>
> ortwin gl=FCck [www] http://www.nose.ch
> software engineer
> hardturmstrasse 171 [pgp id] 0x81CF3416
> 8005 z=FCrich [office] +41-1-277 57 35
> switzerland [fax] +41-1-277 57 12
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:=20
> [EMAIL PROTECTED]
> For additional commands, e-mail:=20
> [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
