commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Dever <>
Subject Re: [HttpClient][Request] Ability to debranch some logic
Date Mon, 05 Aug 2002 12:39:41 GMT
> > So I am guessing that somewhere you are setting the correct
> authentication
> > credentials for the realm that you are making the request on because
> you
> > are
> > getting a 200-OK response.  So if you want to get a 401, dont set any
> > valid
> > credentials.
> Hum. That's strange. I have checked again my code and I don't see any
> authentication/credentials being set up at all ...

If you are requesting a protected resource, and receiving 200-OK from the
server, then the credentials must have been set somewhere.  Either the default
credentials in the State, at the construction of the Client or for a particular

> Question: What is preemptive authentication?

Typically the authenitcate header is not sent by the client unless there is a
specific authenticate request by the server.  But the spec allows for, and
clients generally implement, sending authentication credentials preemptively, in
anticipation of a authentication request by the server.  The client makes this
decision based on some rules, like only sending the credentials to paths that
are below the path that the credential was initillay set for.  The point of this
is to minimize the number of unneeded authentication exchanges.

There is a property that controls this behaviour,
httpclient.authentication.preemptive, which is off by default.

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message