hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adrian Sutton <adrian.sut...@ephox.com>
Subject RE: Let's face it: HttpClient API is more complex that it could h ave been
Date Thu, 12 Dec 2002 23:08:08 GMT
Hi all,
Couple of quick notes here:

>But really the HttpClient code have improved quite a bit since the time I
>used it when we had HttpMultiClient and HttpClient. Except for the
>HostConfiguration thing, which had me scratching my head why the additional
>layer of indirection (why not set the host and port directly?)

I think the ability to set a default host/port would be quite useful for
some people so it probably should be preserved.  However, we should add
functionality to the methods so that they can take a URL or a path and if a
URL is provided then the host and port will be used.  This then removes the
need for the Url* methods as they would have been integrated.

>Also, the NTCredentials and UsernamePasswordCredentials classes -- seems
>like they're not related at all except thru the 'shell' interface

Actually, NTCredentials extends UsernamePasswordCredentials.  You can (and I
do) use NTCredentials for all credentials with HttpClient.

>What would be very useful is a way to determine the authentication method
>i.e. if it is NTLM or Basic or Digest.

Agreed.  I looked at this once before but wound up giving up on it, not sure
why...  I've wound up just looking at the authentication headers from
outside of HttpClient to find out what authentication method was used.  eg:

        String realm =

        boolean isNTLM = (realm != null &&
realm.toLowerCase().indexOf("ntlm") >= 0);

While I think of it there probably should be a way to get the realm back out
as well instead of having to parse it yourself.  Having looked at this
again, I think the reason I gave up was because Authenticator is entirely
static, not thread safe and already has a return value.  Taking all that
into account, I can't see a good way to get values back out of it other than
the returned value (boolean indicating whether or not a header was added).
The one way I can think of is passing the details back into the HttpMethod
which is passed into the Authenticator.  That would make sense as the user
already has a handle to the HttpMethod and could easily extract the info out
of it.  Any comments?  Better ways of doing it?

Adrian Sutton, Software Engineer
Ephox Corporation

View raw message