[jboss-jira] [JBoss JIRA] Created: (JBAS-5306) HttpNamingContextFactory doesn't support http basic authentication

HttpNamingContextFactory doesn't support http basic authentication ------------------------------------------------------------------ Key: JBAS-5306 URL: http://jira.jboss.com/jira/browse/JBAS-5306 Project: JBoss Application Server Issue Type: Feature Request Security Level: Public (Everyone can see) Components: Naming Affects Versions: JBossAS-4.2.2.GA Reporter: David Smiley Assigned To: Scott M Stark If I were to secure the http invoker in my JBoss (in accordance with documentation, by using the /invoker/restricted/JNDIFactory/ url", then I would consequently need to supply a username & password to whatever client code is going to do the JNDI lookups. However, the class org.jboss.naming.HttpNamingContextFactory doesn't do any authentication handling whatsoever. It should be examining the principal & credentials and adding the authentication header for basic auth. It does delegate to the JDK's URL handling under the hood, but that code don't support automatic authentication from the url. So for example if I were to do: http://username:password@myserver:8080/invoker/restricted/JNDIFactory then strangely enough, only the username is passed on in a header, no password. I'm contemplating writing my own implementation of HttpNamingContextFactory which uses the efficient apache jakarta commons httpclient library instead. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira