Authenticator
NetBeans provide its own
java.net.Authenticator
implementation and java.net.ProxySelector
implementation. The behavior of these subsystem has always been tight closely
to their usage in the IDE. Time has come to make it a bit more flexible and
allow reuse in other NetBeans Platform based
applications.
Problems
Here is list of known problems. With preferrable way of fixing them. In case there are some doubts about the choosen solution, alternative approaches are discussed in following section.
Authenticator ignores username:password@ part of the URL
The current Authenticator implementation ignores any information about the name and password specified as part of the URL.
Resolution: use it.
Git support needs a way to suppress Authenticator
The NetBeans Git support wants to connect to
a URL without asking user a question about the credentials. If the connection
fails, the git
itself wants to handle a fallback query.
Resolution: Add a pair of methods into org.openide.util.NetworkSettings:
public static <R> R suppressAuthenticationDialog(Callable<R> blockOfCode) throws Exception;
public static boolean isAuthenticationDialogSuppressed();
The git
module will enter a suppressed mode first, before dealing with the
URLs. The Authenticator
implementation will find out it is in this mode
(while the blockOfCode is running) and will not show any user visible dialogs
at all.
The cooperation between NetworkSettings and
NetBeans Authenticator is proprietary. If a
system is using other Authenticator implementation, it must call
isAuthenticationDialogSuppressed() .
|
Dynamic credentials
Most of the proxy and network credentials are currently read from a default NetBeans storage. This may not be ideal for other Platform aplications storing the settings in a different way or computing them dynamically.
Resolution: Abstract the way following values are obtained:
protected abstract String getProxyUserName(URI u);
protected abstract char[] getProxyPassword(URI u);
protected abstract String getProxyHost(URI u);
protected abstract String getProxyPort(URI u);
// possibly:
protected abstract boolean isProxyAuthentication(URI u);
let other application to register other than default implementation which can read the values from whatever source it wants.
Open Questions
Eclipse is solving similar problem. Anyone knows how that is handled? org.eclipse.jgit is not reusing it directly (has no dependency), but somehow the system works together and we should understand how.
The git client library is NetBeans independent and can be shared in other products. Should it use suppressAuthenticationDialog by itself or should each caller wrap their calls into suppressAuthenticationDialog Callable?
NetBeans uses Keyring API for secure storage for user’s passwords. Keyring uses native support in given platform. Consider using Keyring in SPI for dynamic network credentials.