diff options
| -rw-r--r-- | core/java/android/webkit/WebView.java | 28 | ||||
| -rw-r--r-- | core/java/android/webkit/WebViewDatabase.java | 13 |
2 files changed, 33 insertions, 8 deletions
diff --git a/core/java/android/webkit/WebView.java b/core/java/android/webkit/WebView.java index f54edf14bbe1..3a8551954266 100644 --- a/core/java/android/webkit/WebView.java +++ b/core/java/android/webkit/WebView.java @@ -740,9 +740,26 @@ public class WebView extends AbsoluteLayout } /** - * Stores HTTP authentication credentials for a given host and realm. This - * method is intended to be used with - * {@link WebViewClient#onReceivedHttpAuthRequest}. + * Stores HTTP authentication credentials for a given host and realm to the {@link WebViewDatabase} + * instance. + * <p> + * To use HTTP authentication, the embedder application has to implement + * {@link WebViewClient#onReceivedHttpAuthRequest}, and call {@link HttpAuthHandler#proceed} + * with the correct username and password. + * <p> + * The embedder app can get the username and password any way it chooses, and does not have to + * use {@link WebViewDatabase}. + * <p> + * Notes: + * <li> + * {@link WebViewDatabase} is provided only as a convenience to store and retrieve http + * authentication credentials. WebView does not read from it during HTTP authentication. + * </li> + * <li> + * WebView does not provide a special mechanism to clear HTTP authentication credentials for + * implementing client logout. The client logout mechanism should be implemented by the Web site + * designer (such as server sending a HTTP 401 for invalidating credentials). + * </li> * * @param host the host to which the credentials apply * @param realm the realm to which the credentials apply @@ -759,9 +776,8 @@ public class WebView extends AbsoluteLayout } /** - * Retrieves HTTP authentication credentials for a given host and realm. - * This method is intended to be used with - * {@link WebViewClient#onReceivedHttpAuthRequest}. + * Retrieves HTTP authentication credentials for a given host and realm from the {@link + * WebViewDatabase} instance. * * @param host the host to which the credentials apply * @param realm the realm to which the credentials apply diff --git a/core/java/android/webkit/WebViewDatabase.java b/core/java/android/webkit/WebViewDatabase.java index cdff41685b80..cc2c6cc34803 100644 --- a/core/java/android/webkit/WebViewDatabase.java +++ b/core/java/android/webkit/WebViewDatabase.java @@ -44,7 +44,7 @@ public abstract class WebViewDatabase { * * @return true if there are any saved username/password pairs * @see WebView#savePassword - * @see #clearUsernamePassworda + * @see #clearUsernamePassword * @deprecated Saving passwords in WebView will not be supported in future versions. */ @Deprecated @@ -72,7 +72,16 @@ public abstract class WebViewDatabase { public abstract boolean hasHttpAuthUsernamePassword(); /** - * Clears any saved credentials for HTTP authentication. + * Clears any saved credentials for HTTP authentication. This method only clears the username + * and password stored in WebViewDatabase instance. The username and password are not read from + * the {@link WebViewDatabase} during {@link WebViewClient#onReceivedHttpAuthRequest}. It is up + * to the app to do this or not. + * <p> + * The username and password used for http authentication might be cached in the network stack + * itself, and are not cleared when this method is called. WebView does not provide a special + * mechanism to clear HTTP authentication for implementing client logout. The client logout + * mechanism should be implemented by the Web site designer (such as server sending a HTTP 401 + * for invalidating credentials). * * @see WebView#getHttpAuthUsernamePassword * @see WebView#setHttpAuthUsernamePassword |