XFire and Http security

> Hi,
>
> I am currently evaluating several http remoting solutions, and
> transport layer security is one of the criteria. I'd like to use
> following modes :
> - Basic (it works)
> - Digest
> - SSL v2 (it works if I add server certificate in my JVM keystore)
> - SSL v3 (ie. client and server certificates)
>
> I know that all of these modes are currently supported by
> commons-httpclient which is used by XFire, but I did not see how to
> directly manage the HttpClient (the common's one). I know that I can
> pass some properties with "client.setProperty(...)" but I don't get
> how it could help me to achieve Digest and SSL authentication.
>
> Thank you,
> Christian
>
>

> If you need to get fancier with your HttpClient, you can manipulate
> the HttpState by doing something like this:
>
> HttpState state = CommonsHttpMessageSender.getHttpState();
> state.setCredentials(....);
>
> fooClient.someOperation();
>
> See the docs for HttpState here:
> http://jakarta.apache.org/commons/httpclient/apidocs/org/apache/commons/httpclient/HttpState.html 
>
>
> This might change in 1.1 slightly, but we'll let you know how to
> migrate when that time comes :-)
> Hope that helps.
> - Dan
>
> Christian Blavier wrote:
>> Hi,
>>
>> I am currently evaluating several http remoting solutions, and
>> transport layer security is one of the criteria. I'd like to use
>> following modes :
>> - Basic (it works)
>> - Digest
>> - SSL v2 (it works if I add server certificate in my JVM keystore)
>> - SSL v3 (ie. client and server certificates)
>>
>> I know that all of these modes are currently supported by
>> commons-httpclient which is used by XFire, but I did not see how to
>> directly manage the HttpClient (the common's one). I know that I can
>> pass some properties with "client.setProperty(...)" but I don't get
>> how it could help me to achieve Digest and SSL authentication.
>>
>> Thank you,
>> Christian
>>
>>
>
>

> I don't see how to obtain HttpState, the getHttpState() method of
> CommonsHttpMessageSender is private (and not static).
> Or maybe should I override the CommonsHttpMessageSender (but I don't
> understand how)
>
>
> Dan Diephouse a écrit :
>> If you need to get fancier with your HttpClient, you can manipulate
>> the HttpState by doing something like this:
>>
>> HttpState state = CommonsHttpMessageSender.getHttpState();
>> state.setCredentials(....);
>>
>> fooClient.someOperation();
>>
>> See the docs for HttpState here:
>> http://jakarta.apache.org/commons/httpclient/apidocs/org/apache/commons/httpclient/HttpState.html 
>>
>>
>> This might change in 1.1 slightly, but we'll let you know how to
>> migrate when that time comes :-)
>> Hope that helps.
>> - Dan
>>
>> Christian Blavier wrote:
>>> Hi,
>>>
>>> I am currently evaluating several http remoting solutions, and
>>> transport layer security is one of the criteria. I'd like to use
>>> following modes :
>>> - Basic (it works)
>>> - Digest
>>> - SSL v2 (it works if I add server certificate in my JVM keystore)
>>> - SSL v3 (ie. client and server certificates)
>>>
>>> I know that all of these modes are currently supported by
>>> commons-httpclient which is used by XFire, but I did not see how to
>>> directly manage the HttpClient (the common's one). I know that I can
>>> pass some properties with "client.setProperty(...)" but I don't get
>>> how it could help me to achieve Digest and SSL authentication.
>>>
>>> Thank you,
>>> Christian
>>>
>>>
>>
>>
>

> Ack. You're right. I'm filed a JIRA for this and aim to have it fixed
> in the 1.1 within a week if you wanted to test it:
>
> http://jira.codehaus.org/browse/XFIRE-292
>
> BTW, digest mode should work too as we've set our credentials scope to
> ANY, so HTTPClient should find the correct one.
>
> - Dan
>
> Christian Blavier wrote:
>
>> I don't see how to obtain HttpState, the getHttpState() method of
>> CommonsHttpMessageSender is private (and not static).
>> Or maybe should I override the CommonsHttpMessageSender (but I don't
>> understand how)
>>
>>
>> Dan Diephouse a écrit :
>>
>>> If you need to get fancier with your HttpClient, you can manipulate
>>> the HttpState by doing something like this:
>>>
>>> HttpState state = CommonsHttpMessageSender.getHttpState();
>>> state.setCredentials(....);
>>>
>>> fooClient.someOperation();
>>>
>>> See the docs for HttpState here:
>>> http://jakarta.apache.org/commons/httpclient/apidocs/org/apache/commons/httpclient/HttpState.html 
>>>
>>>
>>> This might change in 1.1 slightly, but we'll let you know how to
>>> migrate when that time comes :-)
>>> Hope that helps.
>>> - Dan
>>>
>>> Christian Blavier wrote:
>>>
>>>> Hi,
>>>>
>>>> I am currently evaluating several http remoting solutions, and
>>>> transport layer security is one of the criteria. I'd like to use
>>>> following modes :
>>>> - Basic (it works)
>>>> - Digest
>>>> - SSL v2 (it works if I add server certificate in my JVM keystore)
>>>> - SSL v3 (ie. client and server certificates)
>>>>
>>>> I know that all of these modes are currently supported by
>>>> commons-httpclient which is used by XFire, but I did not see how to
>>>> directly manage the HttpClient (the common's one). I know that I
>>>> can pass some properties with "client.setProperty(...)" but I don't
>>>> get how it could help me to achieve Digest and SSL authentication.
>>>>
>>>> Thank you,
>>>> Christian
>>>>
>>>>
>>>
>>>
>>
>
>