commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gustafson, Vicki" <>
Subject Authentication using HttpClient
Date Wed, 11 Dec 2002 17:17:34 GMT
Is there a way to specify which authentication scheme you would like the client to use if several
schemes are returned in the www-auth header?

I'm performing a simple post using the httpClient.  The server returns a 401 at which point
the httpClient tries to authenticate with the server.  The following header is received:

Attempting to parse authenticate header: 'WWW-Authenticate: Negotiate, NTLM, Basic realm="XXXwhateverXXX"

I need to authenticate using Basic, but the Authenticator class will only try the most secure
scheme:  NTLM.  Is there a setting or parameter I can set to force the httpClient to use Basic?


// determine the most secure request header to add
Header requestHeader = null;
if (challengeMap.containsKey("ntlm")) {
    String challenge = (String) challengeMap.get("ntlm");
    requestHeader = Authenticator.ntlm(challenge, method, state,
} else if (challengeMap.containsKey("digest")) {
    String challenge = (String) challengeMap.get("digest");
    String realm = parseRealmFromChallenge(challenge);
    requestHeader = Authenticator.digest(realm, method, state,
} else if (challengeMap.containsKey("basic")) {
    String challenge = (String) challengeMap.get("basic");
    String realm = parseRealmFromChallenge(challenge);
    requestHeader = Authenticator.basic(realm, state, responseHeader);
} else if (challengeMap.size() == 0) {
    throw new HttpException("No authentication scheme found in '"
    + authenticateHeader + "'");
} else {
    throw new UnsupportedOperationException(
    "Requested authentication scheme " + challengeMap.keySet()
    + " is unsupported");

View raw message