Hi Greg, > Sorry I just got around to reviewing the digest auth. code - I have been a > bit busy with the text stuff lately, in case you hadn't noticed. :-) don't worry, you always do a lot of (great) work on Pivot :-)
> In any case, I just checked in an update that consolidates HexUtils into the > MD5 class. As I suspected, most of the methods in that class were not used No problem, you know that usually I add some utility code for future use (and probably never). > anywhere else and were better suited to that class. You will notice that I > added a TODO comment to the MD5 class asking why we comment out the > synchronized initialization block. I am wondering how we know it is safe to > do that. Just a check that I should have remove time ago. > More importantly, there are some design issues with DigestAuthentication > itself. Specifically, in the authenticate() method, you attempt to execute > the query. This is not correct. Oh noooo, sigh ... > The authenticate() method is only meant to > set the appropriate headers on the request itself - it is not allowed to > execute the query. You must have already attempted to access the resource > prior to calling authenticate(). > > See this example: > > http://en.wikipedia.org/wiki/Digest_access_authentication Ok, thanks for the infos. > I see that you have put a lot of work into this feature, and I hope that we > can include it in Pivot 1.4. If you think that you can make the necessary > changes within the next few weeks, we should be in pretty good shape. > Otherwise, let's try to tackle it for 1.4.1 or later. Yes, changing this portion of code requires some (many) time ... I hope to find it in next weeks, but surely for the 1.4.1. I'll tell you of my progress (or not) on this. > Thanks, To you. Byeeee
