Return-Path: Mailing-List: contact commons-user-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list commons-user@jakarta.apache.org Received: (qmail 23420 invoked by uid 98); 11 Dec 2002 23:32:24 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) Received: (qmail 23381 invoked from network); 11 Dec 2002 23:32:22 -0000 Received: from daedalus.apache.org (HELO apache.org) (63.251.56.142) by nagoya.betaversion.org with SMTP; 11 Dec 2002 23:32:22 -0000 Received: (qmail 9711 invoked by uid 500); 11 Dec 2002 23:31:07 -0000 Received: (qmail 9694 invoked from network); 11 Dec 2002 23:31:06 -0000 Received: from unknown (HELO BIGCOW.intraephox.ephox.com) (202.138.204.102) by daedalus.apache.org with SMTP; 11 Dec 2002 23:31:06 -0000 Received: by BIGCOW.intraephox.ephox.com with Internet Mail Service (5.5.2653.19) id ; Thu, 12 Dec 2002 09:30:40 +1000 Message-ID: <0AC2D75550100F4DBDB025D4D05611887703AB@BIGCOW.intraephox.ephox.com> From: Adrian Sutton To: 'Jakarta Commons Users List' Subject: RE: [HttpClient] Authentication using Basic Date: Thu, 12 Dec 2002 09:30:32 +1000 X-MS-TNEF-Correlator: <0AC2D75550100F4DBDB025D4D05611887703AB@BIGCOW.intraephox.ephox.com> MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C2A16D.4C6D8BB0" X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N ------_=_NextPart_000_01C2A16D.4C6D8BB0 Content-Type: text/plain; charset="iso-8859-1" Currently there isn't, however we probably should be more intelligent about falling back to other authentication schemes based on the type of credentials provided. Having said this I'm not sure it conforms to the HTTP spec strictly (which states that the client must use the strongest authentication scheme it supports, there's a grey area here because if your application doesn't provide a dialog or similar for the user to enter NTLM credentials it can only support basic or digest authentication, despite HTTPClient supporting NTLM). What I'd like to see happen is: When NTLM authentication is requested as top priority but only UsernamePasswordCredentials are available instead of NTLMCredentials we fall back to one of the other schemes. In general this would mean that: if an authentication scheme is requested and a credentials object of the wrong type is provided, HTTPClient should assume (probably optionally or only in non-strict mode) that the requested authentication scheme is not supported and fall through to other options. Achieving this would require a reasonably amount of refactoring of the Authenticator class but shouldn't be impossible. Unfortunately I don't have time to do it myself at the moment but I'd be happy to help out if you felt like doing it, otherwise logging an enhancement bug in Bugzilla would be a good way to record this request until someone has time to actually implement it. Adrian Sutton, Software Engineer Ephox Corporation www.ephox.com -----Original Message----- From: Gustafson, Vicki [mailto:vicki.gustafson@us.didata.com] Sent: Thursday, 12 December 2002 5:03 AM To: Jakarta Commons Users List Subject: [HttpClient] Authentication using Basic sorry forgot the project specificaiton.... Is there a way to specify which authentication scheme you would like the client to use if several schemes are returned in the www-auth header? I'm performing a simple post using the httpClient. The server returns a 401 at which point the httpClient tries to authenticate with the server. The following header is received: Attempting to parse authenticate header: 'WWW-Authenticate: Negotiate, NTLM, Basic realm="XXXwhateverXXX" I need to authenticate using Basic, but the Authenticator class will only try the most secure scheme: NTLM. Is there a setting or parameter I can set to force the httpClient to use Basic? thanks, Vicki // determine the most secure request header to add Header requestHeader = null; if (challengeMap.containsKey("ntlm")) { String challenge = (String) challengeMap.get("ntlm"); requestHeader = Authenticator.ntlm(challenge, method, state, responseHeader); } else if (challengeMap.containsKey("digest")) { String challenge = (String) challengeMap.get("digest"); String realm = parseRealmFromChallenge(challenge); requestHeader = Authenticator.digest(realm, method, state, responseHeader); } else if (challengeMap.containsKey("basic")) { String challenge = (String) challengeMap.get("basic"); String realm = parseRealmFromChallenge(challenge); requestHeader = Authenticator.basic(realm, state, responseHeader); } else if (challengeMap.size() == 0) { throw new HttpException("No authentication scheme found in '" + authenticateHeader + "'"); } else { throw new UnsupportedOperationException( "Requested authentication scheme " + challengeMap.keySet() + " is unsupported"); } -- To unsubscribe, e-mail: For additional commands, e-mail: -- To unsubscribe, e-mail: For additional commands, e-mail: ------_=_NextPart_000_01C2A16D.4C6D8BB0 Content-Type: application/ms-tnef Content-Transfer-Encoding: base64 eJ8+IikXAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy b3NvZnQgTWFpbC5Ob3RlADEIAQWAAwAOAAAA0gcMAAwACQAeACAABAA8AQEggAMADgAAANIHDAAM AAkAHgAnAAQAQwEBCYABACEAAAA1NEZFOEFEMkI2QTk1NjQ4QjI2Qjk0QzAwNTIxRUQ5QgBEBwEE gAEALAAAAFJFOiBbSHR0cENsaWVudF0gQXV0aGVudGljYXRpb24gdXNpbmcgQmFzaWMA0A8BDYAE AAIAAAACAAIAAQOQBgD0DQAAMAAAAAMACVkBAAAAAgFxAAEAAAAWAAAAAcKhbUwigBdAAb8aRXWX epBWf6DwRwAAAwDeP69vAAADADYAAAAAAAMAB4AIIAYAAAAAAMAAAAAAAABGAAAAAFKFAAC2dAEA HgAJgAggBgAAAAAAwAAAAAAAAEYAAAAAVIUAAAEAAAAEAAAAOS4wAAsAEYAIIAYAAAAAAMAAAAAA AABGAAAAAAaFAAAAAAAAAwASgAggBgAAAAAAwAAAAAAAAEYAAAAAAYUAAAAAAAALAACACCAGAAAA AADAAAAAAAAARgAAAAADhQAAAAAAAAsAG4AIIAYAAAAAAMAAAAAAAABGAAAAAA6FAAAAAAAAAwAC gAggBgAAAAAAwAAAAAAAAEYAAAAAEIUAAAAAAAADAByACCAGAAAAAADAAAAAAAAARgAAAAARhQAA AAAAAAMAHoAIIAYAAAAAAMAAAAAAAABGAAAAABiFAAAAAAAAAgEJEAEAAACHCAAAgwgAAP4QAABM WkZ1SaJ50wMACgByY3BnMTI14jIDQ3RleAVBAQMB9/8KgAKkA+QHEwKAD/MAUARWPwhVB7IRJQ5R AwECAGNo4QrAc2V0MgYABsMRJfYzBEYTtzASLBEzCO8J97Y7GB8OMDURIgxgYwBQ8wsJAWQzNhZQ C6YSIAhwgxggAjBseSB0aASQBGUgBABuJ3QsIGBob3dldhKBHoAgWnADYGIBoB1hcx5gdfBsZCBi HdAEYB3CAjCgZWxsaWcdMSABoJsIYAVAZgdAIOBuZyAAxQDQax2AbyBvHZIhQO8hgB2gAjAN4GEj cAIgH5D9E9BlB4IfQBQQH/Aj0R2RiR2AeXAd0G9mIAUAnwmAI1IHQAQgHxF2aQEAwGQuICBIYSbA IgEecwtwH/AdkAQAIEkn+G0gbiKwH5AIcB3RBUDlBaBuAhBybQQgIoElErBIVFRQH5AlcGMfkMp0 BRBjHVIodygQE9C/KuEjoAeRHZAjoCUDYyDg6SESbXUq8CAtcCUxJSH/KvECICEALYEjHyQiKRIo 0LRwcBfBcx5AHZMnBCDcYSAJwR1wCsBlMYAdo88gECOQLbIGkCB5CGEhQOcwgCDgI5VkbweQHhEm hnUxcWQHMW8iEAWxAJBt/wMQCsEpgSUDLbE2sSKQHTHxEoJUTE0lyykiA5ECIP8fcjB0JHIN4DXS NXAujwIg3x5AAQAqoCkgKjRDLQQwZXMh8jfyKS4KogqECoBX7yxyKFAf8CDgayUxIpAUEN8d0BPg MIAJ8B3hOj6MQNHvN/Mu3SghGCBxClAq8CSx+ySQInFwHwEjwAUQJVAgAEshgTlzVTchbmEHgFDn JJAD4AWwZEMl6THxIUC+dgtwC2ACYCByRAFhJMG/JbA38kbqHuEhsiIobiWD7yUSIrQkBScRSQOg IQEEkP8HQCf0RqAf0geAA5EsYkEr3zMRA5Eu3y/kQ5tuRDEly90fMGoFkEVxS4R3LlIlRL8oISaW HkA8yh+0RnF1MAH+KB8XRJAjsiHBV8EFwDlzcwuAKIFuLSr0IDEBACn/LFhDuVAfUSUolDCDUgVK Y/MdkANgdWcr0CKHV+RMoH0+ikET0AiQJ2NNmUOyaf9HskOhJJBYIR9iRjAIYCEhfyWhGCAhsCsw RPEiAUt1Qf9bmAWxLPBGcUVDH6Q0kiARtwdwMJAEEGlIQScRVSly7nRjoCwRHWFJNEE0khPgPx6g HYAHcSJyNFApEm15/RQQbE+xLJQEYAeAISFFUr8/kiARQJIdcSKQHaBsRKD/IXIzFCGgIMAFQD/T NFAh8r8pIB5AIrMD8R3QNaFnIfLnA5EJ8BPgbmMkMWwTb2H1A6BCXsB6AxALYE3VIBHtMYFvBHAe 0GFtMxggBaH/J+VDtS2gI2EDIGLwB4BLMu8T4CnBaiVkQXVYQ2eRSFC3a/MpIGAMZAchA6BTIYBr IoA8EVMloHRz0B3BRZciAAuACeByPoRFcB5gungSIXIwkSOjPoR3fRDULmV7si4FoG0+ij6Eui1/ Ak8FEHCRTWFNB5AvJ7AhAH8DPoRGA2E6IFpHLXFhA9A8AlYN4Gu4aSBbAMADECKAOibAqYIxLmeB dkAtcC41cOpkI6BhfaJdPoQGYAIwqYFAVGgIcHOEQHkeQPkOICBEBZAkMCAQBcAB0EIwFEA1OjAz EMBNhT6EVILQIEphawrAewGQEiFtBGAGMUXiBCBMNQQAdITVdVNjgUBbSPUCQHA9BF1lOiPCLXAh 8vZCOlJ97wpi8B0QHXApgf9zgCyUHxFTcyqiBpAjgSkg7QIgLpDRPopJLEIdsnKx/3PkkAQdcCuU W48v425CTeT/P9QsyCKBMtUUEB6hTWEkBv9HohggaLAEoCSxWRFT830Q3i2T0jIxSNAEkD+RGyhh /SVwcimCcKM2AnfRHwBnwP8tkmE0QHGLBycRhZAuEQSQxx6imLQxYjQwMWtSK5T/MJAgkZ2dHYAI gSnDk9lUEf8pIF7hnseehQIQINAecCHyV5pEQ3RxYGkeoGRBK0H/AkAkMFfxVGIikAqxLcGiu1Oa RIFAJ1eqEC1lSWX/gUAHwI8BBzAOsB5AN/IeQIONA2KybG09IlitEO8rkCwRHqGtESKRGyiACeD/ J+GinYypHkBFUmUPZhUD8H9KgTlzKwAdcyAxLYEUEGP/KOIkBIFAN+NMspHoFBE90/8FsQqxRjE3 smlAOTIUESJyfymBcWChL5bkjQOaqyxhbp5rMNA+hIITPoovLzwxfzexnBEt1LPqdQalhXbyZLsL MT6iSKWUQ7XAtT0ogPcf0AJwT0coE9Eg0AnwIQCeTTOQfaECMAtxc0sxwEQoIh1BbSIpWjBc7wAA PpMnICcgUysBIgHDF73B8SjF9FowwxshAHTElu/CZcWywS6xiy7EssMIHkD/t0EeYFWBK/O7tcmk KqBf0eZlwLTJJlx9N4AmYDLz/8MPxBg61MT/xg/HH8gp0gbfyTnTZayjwfGoU1KssoECfkPQdtBY yS/KP8tGOtQov6yjzK/Nv87Pz9/Q7yI6Q//Sb9N/1I/IKeM11s/X39jv/9n/2w/KzjpD3XbedN9v 4H9b4YwAkHrq0FowPcIAMD/jrF6CB+BLQAfgivJFePdxYFfzxJBOopsviQIQY6DtmSMnrfXkQiui q8C1+FB+IveQ8E7zL/QzaGBdV0/vm7Ejo/TI5+gi6cBbDy9rbiL4QeGbP/B5BmDIoCn/97oA4Cgh Y6BdV/npfkyHtv0Dc2IkAEUAIBAeQIBAgoK5tQEgPIKFfbGJAi03EtMIsAZoQGqIZC4zkErA9R2g Lo7hPoClZfHAISkg/1gTKUGI8FIxMNEHJgfPCNL/bYIJzwrXBO8F/wcPCB8JL38PfwtPDF8Tfw5/ Fg8+1X0BHNAAHgBwAAEAAAAoAAAAW0h0dHBDbGllbnRdIEF1dGhlbnRpY2F0aW9uIHVzaW5nIEJh c2ljAAMAJgAAAAAAAwAuAAAAAAALAAIAAQAAAB4AQhABAAAARQAAADwwQUMyRDc1NTUwMTAwRjRE QkRCMDI1RDREMDU2MTE4ODZBMDI1NEBCSUdDT1cuaW50cmFlcGhveC5lcGhveC5jb20+AAAAAAMA /T/kBAAAQAA5ALCLbUxtocIBAwDxPwkEAAAeADFAAQAAAAcAAABBRFJJQU4AAAMAGkAAAAAAHgAw QAEAAAAHAAAAQURSSUFOAAADABlAAAAAAAsA8hABAAAAAwCAEP////8CAUcAAQAAACwAAABjPVVT O2E9IDtwPUVwaG94O2w9QklHQ09XLTAyMTIxMTIzMzAzMlotNzkxAAIB+T8BAAAASwAAAAAAAADc p0DIwEIQGrS5CAArL+GCAQAAAAAAAAAvTz1FUEhPWC9PVT1JTlRSQUVQSE9YL0NOPVJFQ0lQSUVO VFMvQ049QURSSUFOAAAeAPg/AQAAAA4AAABBZHJpYW4gU3V0dG9uAAAAHgA4QAEAAAAHAAAAQURS SUFOAAACAfs/AQAAAEsAAAAAAAAA3KdAyMBCEBq0uQgAKy/hggEAAAAAAAAAL089RVBIT1gvT1U9 SU5UUkFFUEhPWC9DTj1SRUNJUElFTlRTL0NOPUFEUklBTgAAHgD6PwEAAAAOAAAAQWRyaWFuIFN1 dHRvbgAAAB4AOUABAAAABwAAAEFEUklBTgAAQAAHMLM3a0xtocIBQAAIMNyQsVBtocIBHgA9AAEA AAAFAAAAUkU6IAAAAAAeAB0OAQAAACgAAABbSHR0cENsaWVudF0gQXV0aGVudGljYXRpb24gdXNp bmcgQmFzaWMAHgA1EAEAAABFAAAAPDBBQzJENzU1NTAxMDBGNERCREIwMjVENEQwNTYxMTg4Nzcw M0FCQEJJR0NPVy5pbnRyYWVwaG94LmVwaG94LmNvbT4AAAAACwApAAAAAAALACMAAAAAAAMABhCG kyLTAwAHEB0MAAADABAQAAAAAAMAERABAAAAHgAIEAEAAABlAAAAQ1VSUkVOVExZVEhFUkVJU05U LEhPV0VWRVJXRVBST0JBQkxZU0hPVUxEQkVNT1JFSU5URUxMSUdFTlRBQk9VVEZBTExJTkdCQUNL VE9PVEhFUkFVVEhFTlRJQ0FUSU9OU0NIRQAAAAACAX8AAQAAAEUAAAA8MEFDMkQ3NTU1MDEwMEY0 REJEQjAyNUQ0RDA1NjExODg3NzAzQUJAQklHQ09XLmludHJhZXBob3guZXBob3guY29tPgAAAABK NQ== ------_=_NextPart_000_01C2A16D.4C6D8BB0--