Community
Participate
Working Groups
Build Identifier: 3.6 M6 Using the p2 helper classes to access ecf I am trying to access(HttpClientRetrieveFileTransfer) a file on a web server: https://x.y.com/z However, x.y.com redirects me to login.y.com for authentication, and that's where I'm running into issues, since I don't have an auth scope for that exact domain. Hacking the code I was able to make things work, but I wanted to get this working the nice way, can you guys let me know if there is something I can do to help? Ideally I just did not get it right and there is some way to do this, sorry for the bug then.. :) TIA, Helmut Reproducible: Always
Adding Henrich Kraemer and Henrik Lindberg for comment. There has recently been some work on the authentication for bug 295030 done by Henrich Kraemer, and so I think he may be better able to comment on this issue. Henrik Lindberg implemented the p2 utility classes that use ECF that you seem to be using, and so has more knowledge of those classes than I/others do (or knows who else does).
> Using the p2 helper classes to access ecf I am trying to > access(HttpClientRetrieveFileTransfer) a file on a web server: > https://x.y.com/z > > However, x.y.com redirects me to login.y.com for authentication, and that's > where I'm running into issues, since I don't have an auth scope for that exact > domain. Hacking the code I was able to make things work, but I wanted to get > this working the nice way, can you guys let me know if there is something I can > do to help? Hi Helmut, This appears to be a symptom of the responsibility of the ECF caller to provide credentials while having ECF handle redirects. Without breaking with the paradigm to have ECF caller (here P2) provide credentials, one could have: 1. ECF caller handle redirects so that it can tell user which server actually requires credentials. 2. Teak ECF to not restrict the credentials to the target URL server. I am not sure whether allowing ANY_HOST would be problematic from a security perspective or not. Possibility 1 seems cleaner to me. But the P2 folks should way in here as well. I believe contributions would be welcome to make this all work. What is the hack you mentioned?
(In reply to comment #2) > Hi Helmut, > 1. ECF caller handle redirects so that it can tell user which server actually > requires credentials. > > Possibility 1 seems cleaner to me. But the P2 folks should way in here as well. [Helmut] I agree, this feels better. > > I believe contributions would be welcome to make this all work. [Helmut] I'd be glad to help, just let me know what you'd like to see in terms of API and I can try to implement it... > > What is the hack you mentioned? [Helmut] I changed the HttpClientRetrieveFileTransfer.setupAuthentication method to set up an authscope for "AuthScope.ANY_HOST" instead of just the one host the original request was for, nothing I would consider to be anywhere near a solution ;)
It's been > 3 years since there was traffic on this bug. Also...we've since moved to using httpcomponent/httpclient4 rather than httpclient3 (I'm not sure whether that change affects this issue). I'm inclined to resolve it as worksforme unless there is some specifics of what to add to address original need (assuming original need still exists). If there are objections to resolving as worksforme, please reopen and identify desired path forward.
