...
Currently it is less than straightforward to configure more typical HTTP credentials such as a basic-auth name username and password, due to a lack of abstraction methods in our code to hide some of the gory details of the HttpClient's data model. In particular, some of the methods that need to be called take multiple parameters, which violates the bean convention for a setter. It's possible to invoke more complex methods in Spring, but it takes some extra wiring. We intend to supply some additional code for this in a future release.
Note that some of the older custom schemas such as the metadata configuration schema may support shorthand for supplying nameusername/password credentials, and while these do work, they're deprecated in favor of the more genericĀ httpClientSecurityParameters-ref syntax.
At the moment, it's fairly simple to supply a name username and password that gets used unilaterally with a given component's requests. That is, it's not "scoped" to limit its use to a particular server. This implies that you have a working configuration in place to authenticate the server's certificate so that the password isn't sent inadvertently to a malicious location. An example follows (again, building on the server authentication case):
...