> Hi Odi, > > since the class is named HttpURL (or HttpsURL), I don't > think we need to bother about non-HTTP URL schemes :-)
Right, that was my first thougt, too. Citing RFC-1738: While the syntax for the rest of the URL may vary depending on the particular scheme selected, URL schemes that involve the direct use of an IP-based protocol to a specified host on the Internet use a common syntax for the scheme-specific data: //<user>:<password>@<host>:<port>/<url-path> > > Anyway, I like your version with separate constructors > for escaped and non-escaped authentication data. It > gives maximum flexibility. I did not have a look how far the URI class is affected, but for HttpURL I would say this is not neccessary for the above reason. I fear too much flexibility here could easily lead to confusion amongst users. Ingo > > cheers, > Roland > > > > > > Ortwin Gl=FCck <[EMAIL PROTECTED]>=20 > 08.09.2004 14:27 > Please respond to > "Commons HttpClient Project" > > > To > Commons HttpClient Project <[EMAIL PROTECTED]> > cc > > Subject > Re: DO NOT REPLY [Bug 28728] - HttpUrl does not accept unescaped=20 > passwords > > > > > > > Thanks again. The problem with that patch is that it assumes that > userinfo is always a username and password. This may be almost always > the case for the HTTP scheme. But actually the userinfo part of a URL > can be *anything*. The actual format of userinfo strongly depends on the > context (i.e. the authentication scheme). RFC-2396 states: "Some URL > schemes use the format "user:password" in the userinfo field." > > I suggest we provide > > public HttpURL(String user, String password, String host, int port, > String path, String query, String fragment) throws > URIException > > which takes user and password, properly escapes them and joins them > together with a colon as the delimiter and just feeds them into the > generic constructor. > > We would then not deprecate > public HttpURL(String userinfo, String host, int port, String path, > String query, String fragment) throws URIException > > but change its contract to require userinfo to be correctly escaped and > limited to the legal set of characters. > > O. > > [EMAIL PROTECTED] wrote: > > > ------- Additional Comments From [EMAIL PROTECTED] 2004-09-08 12:05=20 > ------- > > Created an attachment (id=3D12670) > > The same patch im unified diff format (forgot the -u, sorry) > > --=20 > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F > NOSE applied intelligence ag > > ortwin gl=FCck [www] http://www.nose.ch > software engineer > hardturmstrasse 171 [pgp id] 0x81CF3416 > 8005 z=FCrich [office] +41-1-277 57 35 > switzerland [fax] +41-1-277 57 12 > > --------------------------------------------------------------------- > To unsubscribe, e-mail:=20 > [EMAIL PROTECTED] > For additional commands, e-mail:=20 > [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]