Dear Eric,

in a project we needed an Apache Webserver authentication via URL. 

The project is a content management system based on the Tamino
XML-Server. Documents can be presented either in HTML or in 
PDF format, this is where FOP comes in the place.

Due to security issues we protected an URL-path with Basic Authentication.
This lead to HTTP 401 errors when trying to get image files into the
FOP process by an HttpRequest.

We added some lines of code to the following classes from the 
package org.apache.fop.image:
BmpImage 
JimiImage 
JAIImage 
JpegImage 
GifImage 
FopImageFactory

We replaced the invocation of the methods URL.getContent() and
URL.openStream() by this code (with slight differences in either
class):

<!--------- snip ------------>

java.net.URLConnection urlCon = this.m_href.openConnection(); 
String userpass = this.m_href.getUserInfo(); 
String auth = "Basic " + new 
             sun.misc.BASE64Encoder().encode(userpass.getBytes()); 
urlCon.setRequestProperty("Authorization", auth); 
ImageProducer ip = (ImageProducer)urlCon.getContent();

<!--------- snap ------------>

We made a straight forward approch with hard encoding of our 
user/password requirements. You should of course better replace
this by invocation of the URL-method getUserInfo() which returns
a colon seperated string "user:password". Maybe you still have
to check whether it is null or not.

Thanks for your good work in the ASF, we hope this info is
helpful for your work!

with best regards

Marko Petersen
Malte Schnack

PS: If you need the amended source files pls contact either
Marko (mp@bitset.de) or me (ms@bitset.de)