Hi Sandro, This sounds like an impressive piece of work and a good addition to Pivot. One of the things that annoys me about Flex is support for DigestAuthentication - it just seems to delegate to the enclosing browser when running in a web page. Ideally what you want to do is just set a username and password and let it work out the authentication for itself.
Just curious though; HttpClient already supports DigestAuthentication ( http://hc.apache.org/httpclient-3.x/features.html): - Authentication using Basic, Digest and the encrypting NTLM (NT Lan Manager) methods. Wouldn't we be better using HttpClient under the covers (or possibly in a 'pluggable' way to implement this). Or is it too big a library to include in our footprint? Anyway, I believe that taking stuff from other Apache projects is OK since we're all in the same family. :) Cheers, Chris 2009/5/22 Sandro Martini <[email protected]> > Hi to all, > after many problems, a first working implementation is ready (but i > need some time to so more tests, some performance enhancements, and > more important a lot of cleanup and simplifications ...), but I'd like > to ask is it will be possible to do some modifications also in the > Query class (and add an utility method in any subclass, for retrieving > the HTTP method name), let me explain in detail: > > - DigestAuthentication in not possible in a pre-emptive way (like > Basic Authentication), because needs some data from the first > response, so i have to make the call (also if i know that the first > time is will return a 401 error), read authentication hints from the > header, calculate the authentication data, and then retry the > connection with the right data inside (and this concept currently was > not handled nor implemented). > I have already a rough implementation also for this, but maybe someone > has a better idea ... > - now i need to put into responseProperties the authentication hints > from the first response, ok, but for a more general solution, maybe > could help to put into responseProperties other header elements too > (or maybe all). > For example, could help the ability to get the Content-type, the > Content-encoding, etc ... > - i added a method > public abstract String getMethod(); > and put the implementation in any subclass ... this is required for > the DigestAuthentication (by RFC), and could help also in other cases > ... > - i added a public int getStatus() method and moved the related > variable out of the method, could help ... and maybe also a > getMessage() with the returned message could be useful, at least to > have more info when needed > > Some part of the work have been moved out in two utility classes: MD5 > and HexUtils, i put them in the core subproject (could be useful also > in other parts), but maybe they could be moved in the web subproject. > > The test uses my new ByteArraySerializer, to being able to download any > content. > > > Ah, one last thing, some little parts of the code are derived from one > class in Tomcat and one class in HttpClient, i have put these > references in the initial comment of the source, is this enough ? > > > For tests, now it's working with Apache 2.x and mod_digest , if > someone is interested (at least to try) i could send some info to > setup the stuff. Next tests are on Tomcat. But all this Server-side > stuff is not included in sources, is it ok ? > > > What do you think ? > > Next week I'll send the related sources. > > Thanks, > Sandro >
