Authenticator

Note: These pages are being reviewed.

Problems
Authenticator ignores username:password@ part of the URL
Git support needs a way to suppress Authenticator
- Dynamic credentials
Open Questions

NetBeans provide its own java.net.Authenticator implementation and java.net.ProxySelector implementation. The behavior of these subsystem has always been tight closely to their usage in the IDE. Time has come to make it a bit more flexible and allow reuse in other NetBeans Platform based applications.

Problems

Here is list of known problems. With preferrable way of fixing them. In case there are some doubts about the choosen solution, alternative approaches are discussed in following section.

Authenticator ignores username:password@ part of the URL

The current Authenticator implementation ignores any information about the name and password specified as part of the URL.

Resolution: use it.

Git support needs a way to suppress Authenticator

The NetBeans Git support wants to connect to a URL without asking user a question about the credentials. If the connection fails, the git itself wants to handle a fallback query.

Resolution: Add a pair of methods into org.openide.util.NetworkSettings:

public static <R> R suppressAuthenticationDialog(Callable<R> blockOfCode) throws Exception;
public static boolean isAuthenticationDialogSuppressed();

The git module will enter a suppressed mode first, before dealing with the URLs. The Authenticator implementation will find out it is in this mode (while the blockOfCode is running) and will not show any user visible dialogs at all.

The cooperation between NetworkSettings and NetBeans Authenticator is proprietary. If a system is using other Authenticator implementation, it must call isAuthenticationDialogSuppressed().

Dynamic credentials

Most of the proxy and network credentials are currently read from a default NetBeans storage. This may not be ideal for other Platform aplications storing the settings in a different way or computing them dynamically.

Resolution: Abstract the way following values are obtained:

protected abstract String getProxyUserName(URI u);
protected abstract char[] getProxyPassword(URI u);
protected abstract String getProxyHost(URI u);
protected abstract String getProxyPort(URI u);
// possibly:
protected abstract boolean isProxyAuthentication(URI u);

let other application to register other than default implementation which can read the values from whatever source it wants.

Open Questions

Eclipse is solving similar problem. Anyone knows how that is handled? org.eclipse.jgit is not reusing it directly (has no dependency), but somehow the system works together and we should understand how.

The git client library is NetBeans independent and can be shared in other products. Should it use suppressAuthenticationDialog by itself or should each caller wrap their calls into suppressAuthenticationDialog Callable?

NetBeans uses Keyring API for secure storage for user’s passwords. Keyring uses native support in given platform. Consider using Keyring in SPI for dynamic network credentials.