camel-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Kettelerij (JIRA)" <j...@apache.org>
Subject [jira] [Issue Comment Edited] (CAMEL-4056) Enable preemptive basic authentication by default
Date Thu, 09 Jun 2011 08:39:58 GMT

    [ https://issues.apache.org/jira/browse/CAMEL-4056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13046399#comment-13046399
] 

Richard Kettelerij edited comment on CAMEL-4056 at 6/9/11 8:38 AM:
-------------------------------------------------------------------

Willem, Claus,

Thanks for reporting. I was also thinking about the same, we shouldn't enable preemptive auth
by default since it's a potential security risk (although we already allow authentication
against arbitrary realms and hosts, which might be a bigger security risk). I'll make this
setting non-default asap. Furthermore I'm working on getting it running in {{camel-http4}}.


      was (Author: rkettelerij):
    Willem, Claus,

Thanks for reporting. I was also thinking about the same, we shouldn't enable preemptive auth
by default since it's a potential security risk (although we're already allow authentication
against arbitrary realms and hosts, which might be a bigger security risk). I'll make this
setting non-default asap. Furthermore I'm working on getting it running in {{camel-http4}}.

  
> Enable preemptive basic authentication by default
> -------------------------------------------------
>
>                 Key: CAMEL-4056
>                 URL: https://issues.apache.org/jira/browse/CAMEL-4056
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-http
>    Affects Versions: 2.7.2
>            Reporter: Richard Kettelerij
>            Assignee: Richard Kettelerij
>             Fix For: 2.8.0
>
>
> Currently Camel only sends credentials when a server explicitly prompts for basic authentication.
However there're cases where a URL is available to both authenticated as well as unauthenticated
parties. In that case the {{camel-http}} component won't sent any credentials to the server,
even though the credentials are explicitly provided in the URI or Exchange.
> This can be solved by enabling preemptive authentication in Apache HttpClient. In that
case the credentials will always be provided whether the server asks for it or not. Enabling
this provides a sensible default.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message