[jboss-jira] [JBoss JIRA] Created: (JBAS-5306) HttpNamingContextFactory doesn't support http basic authentication

[David Smiley (JIRA)]

HttpNamingContextFactory doesn't support http basic authentication
------------------------------------------------------------------

                 Key: JBAS-5306
                 URL: http://jira.jboss.com/jira/browse/JBAS-5306
             Project: JBoss Application Server
          Issue Type: Feature Request
      Security Level: Public (Everyone can see)
          Components: Naming
    Affects Versions: JBossAS-4.2.2.GA
            Reporter: David Smiley
         Assigned To: Scott M Stark


If I were to secure the http invoker in my JBoss (in accordance with documentation, by using the /invoker/restricted/JNDIFactory/ url", then I would consequently need to supply a username & password to whatever client code is going to do the JNDI lookups.  However, the class org.jboss.naming.HttpNamingContextFactory doesn't do any authentication handling whatsoever.  It should be examining the principal & credentials and adding the authentication header for basic auth.  It does delegate to the JDK's URL handling under the hood, but that code don't support automatic authentication from the url.  So for example if I were to do:   http://username:password@myserver:8080/invoker/restricted/JNDIFactory then strangely enough, only the username is passed on in a header, no password.

I'm contemplating writing my own implementation of HttpNamingContextFactory which uses the efficient apache jakarta commons httpclient library instead.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira