On 02/12/2013 12:22, Michael McMahon wrote:
Okay. I think the best approach is to recognise the userinfo but just
remove it when constructing
URLPermissions thereby effectively ignoring it.
This is what the http protocol handler (and other support classes)
have been doing all the time
since the field is not directly of interest to http itself. That
doesn't prevent higher level software from
using it, as in the case here that provoked the bug report (the Java
GIT client used in netbeans and eclipse)
Michael
I think this makes the most sense. Even more so when you consider
configuring the policy to grant permission to GET or POST to a specific
HTTP URL then this grant is independent of whether of any authentication
that might be required.
-Alan.
