I have prepared another change for the http auth. The reason why I ask
you guys for feedback again is that this changes the HttpAuthSupplier
interface in an incompatible way.
Is that ok or do we have to first deprecate the interface and add the
new one in parallel?
After this patch practically all auth stuff is moved out of HttpConduit.
Here are the details of the patch:
* Replacing HttpConduit with AuthorizationPolicy in HttpAuthSupplier
interface
=> This eliminates a circular dependency with HttpConduit and
allows to reuse the interface for proxy auth
* removed realm parameter from HttpAuthSupplier
=> The parameter is not necessary as the realm can always be
extracted from the full auth token
* Moving auth stuff into a package http.auth
=> As I change the interface and so loose backwards compatibility
I also sorted the classes
* Add proxyAuthSupplier in Httpcondduit and use it for proxy auth
like authSupplier for serve auth
=> This change makes proxy auth and server auth very similar.
Currently there is no retransmit for 407 reponses but it can
easily added now. All one step authentications should work with
this change already
* Removed HttpBasicAuthSupplier
=> I hope this is ok. I doubt it was used frequently by customers
anyway
https://issues.apache.org/jira/browse/CXF-3216
Best regards
Christian
--
----
http://www.liquid-reality.de
