#24 Support HTTP Digest authentication scheme

Future Release
open
nobody
5
2013-10-03
2010-08-25
Anonymous
No

We notice that in the current XMLA driver implementation, the HTTP authentication is hardcoded to HTTP Basic.

If the server uses another authentication scheme like HTTP Digest (much more secure as the password itself is not transmitted) Olap4J fails to connect.

There are several ways to support HTTP authentication more widely:
A clean way would be to rely on a full featured HTTP library like Apache HTTPClient. But that would add more jar dependencies to Olap4J.
Another way is to stick with what the JDK provides: the java.net.Authenticator design described in this article: http://download-llnw.oracle.com/javase/6/docs/technotes/guides/net/http-auth.html

Discussion

  • Julian Hyde

    Julian Hyde - 2010-08-27

    I had not heard of java.net.Authenticator before. I like it.

    If an application had multiple olap4j connections (or multiple connections to different XMLA servers via the same olap4j-for-XMLA driver), potentially each of those connections could use a different authenticator. So, we would need to devise a way to pass in the applicable authenticator, but we are not at liberty to add a parameter to the standard DriverManager.getConnection methods.

    I propose that we use a threadlocal, and to the driver add a static method to set it :

    java.net.Authenticator authenticator;
    Properties properties;
    XmlaOlap4jDriver.setThreadAuthenticator(authenticator);
    try {
    // uses the authenticator established for the current thread
    return DriverManager.getConnection(properties);
    } finally {
    XmlaOlap4jDriver.setThreadAuthenticator(null);
    }

    Then people can use one of the standard off-the-shelf authenticators, or write their own if their XMLA server uses a weird authentication protocol.

     
  • Luc Boudreau

    Luc Boudreau - 2010-09-02

    Java Authenticator could be a great add-on to the XML/A driver. I like the idea of SPI-like plugged authentication. This way, users of olap4j can define whatever authentication mechanism they need and olap4j does not have to care nor know the details in order to use them. +1 for me.

     
  • Luc Boudreau

    Luc Boudreau - 2013-10-03
    • Group: --> Future Release
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks