Deprecate WebView#{get,set}HttpAuthUsernamePassword

Deprecate these methods and move them to WebViewDatabase.

BUG: 31318603
Test: N/A
Change-Id: Ie4613e8de9c6120fa1d21263b15ef2467c6ccdef

1 files changed, 52 insertions, 4 deletions

diff --git a/core/java/android/webkit/WebViewDatabase.java b/core/java/android/webkit/WebViewDatabase.java
index cc2c6cc34803..87d3c7b32abb 100644
--- a/core/java/android/webkit/WebViewDatabase.java
+++ b/core/java/android/webkit/WebViewDatabase.java
@@ -65,8 +65,8 @@ public abstract class WebViewDatabase {
      * Gets whether there are any saved credentials for HTTP authentication.
      *
      * @return whether there are any saved credentials
-     * @see WebView#getHttpAuthUsernamePassword
-     * @see WebView#setHttpAuthUsernamePassword
+     * @see #getHttpAuthUsernamePassword
+     * @see #setHttpAuthUsernamePassword
      * @see #clearHttpAuthUsernamePassword
      */
     public abstract boolean hasHttpAuthUsernamePassword();
@@ -83,13 +83,61 @@ public abstract class WebViewDatabase {
      * mechanism should be implemented by the Web site designer (such as server sending a HTTP 401
      * for invalidating credentials).
      *
-     * @see WebView#getHttpAuthUsernamePassword
-     * @see WebView#setHttpAuthUsernamePassword
+     * @see #getHttpAuthUsernamePassword
+     * @see #setHttpAuthUsernamePassword
      * @see #hasHttpAuthUsernamePassword
      */
     public abstract void clearHttpAuthUsernamePassword();
 
     /**
+     * Stores HTTP authentication credentials for a given host and realm to the {@link WebViewDatabase}
+     * instance.
+     * <p>
+     * To use HTTP authentication, the embedder application has to implement
+     * {@link WebViewClient#onReceivedHttpAuthRequest}, and call {@link HttpAuthHandler#proceed}
+     * with the correct username and password.
+     * <p>
+     * The embedder app can get the username and password any way it chooses, and does not have to
+     * use {@link WebViewDatabase}.
+     * <p>
+     * Notes:
+     * <li>
+     * {@link WebViewDatabase} is provided only as a convenience to store and retrieve http
+     * authentication credentials. WebView does not read from it during HTTP authentication.
+     * </li>
+     * <li>
+     * WebView does not provide a special mechanism to clear HTTP authentication credentials for
+     * implementing client logout. The client logout mechanism should be implemented by the Web site
+     * designer (such as server sending a HTTP 401 for invalidating credentials).
+     * </li>
+     *
+     * @param host the host to which the credentials apply
+     * @param realm the realm to which the credentials apply
+     * @param username the username
+     * @param password the password
+     * @see #getHttpAuthUsernamePassword
+     * @see #hasHttpAuthUsernamePassword
+     * @see #clearHttpAuthUsernamePassword
+     */
+    public abstract void setHttpAuthUsernamePassword(String host, String realm,
+            String username, String password);
+
+   /**
+     * Retrieves HTTP authentication credentials for a given host and realm from the {@link
+     * WebViewDatabase} instance.
+     *
+     * @param host the host to which the credentials apply
+     * @param realm the realm to which the credentials apply
+     * @return the credentials as a String array, if found. The first element
+     *         is the username and the second element is the password. Null if
+     *         no credentials are found.
+     * @see #setHttpAuthUsernamePassword
+     * @see #hasHttpAuthUsernamePassword
+     * @see #clearHttpAuthUsernamePassword
+     */
+    public abstract String[] getHttpAuthUsernamePassword(String host, String realm);
+
+    /**
      * Gets whether there is any saved data for web forms.
      *
      * @return whether there is any saved data for web forms