[
https://issues.apache.org/jira/browse/CXF-435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daniel Kulp closed CXF-435.
---------------------------
Resolution: Fixed
Fix Version/s: 2.0.1
> Involve application in trust evaulation on 401 via callback
> -----------------------------------------------------------
>
> Key: CXF-435
> URL: https://issues.apache.org/jira/browse/CXF-435
> Project: CXF
> Issue Type: Sub-task
> Components: Transports
> Reporter: Eoghan Glynn
> Assignee: Eoghan Glynn
> Fix For: 2.0.1
>
>
> Allow the application to specify a spring-loaded callback class to be
> notified when a 401 challenge is received.
> This callback would be passed any relevant information that can be gleaned
> from the URLConnection, i.e.:
> - for HTTP: just the IP address of the challenging peer
> - for HTTPS: the server cert & principal, ciphersuite etc.
> The callback participates in the trust evaluation by deciding whether or not
> to hand out the basic auth creds over this connection, and also to provide
> those creds dynamically (e.g. by prompting the user) if not explicitly
> configured.
> However the callback cannot cause a renegotiation of the TLS handshake (to
> use for example stronger crypto) as the underlying SSLSocket is not available
> via the HttpsURLConnection interface, so SSLSocket.startHandshake() cannot be
> called.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
