hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adrian Sutton <adr...@intencha.com>
Subject Re: HTTPClient Ntlm Implementation
Date Sun, 20 Apr 2003 22:41:30 GMT
Update:

It's actually a side effect of no longer taking into account the full 
WWW-Authenticate header to tell what we've authenticated against.  
Previously:
WWW-Authenticate: NTLM

and

WWW-Authenticate: NTLM DDIDLAJSSDKSOOS==

were different, whereas now they are considered the same.   A couple of 
possible fixes:
1. Change HttpMethodBase to detect NTLM and deal with it differently.  
(I don't like this)

2. Change NTLMScheme.getRealm() to return the challenge rather than 
null (realms aren't supported by NTLM).  I don't like this much either 
since it violates the contract for getRealm - the upside being that 
getRealm makes no sense in NTLMScheme anyway.

3. Add a new method to AuthScheme getID() which would return the best 
way to uniquely identify the challenge.  So for basic and digest it 
would return getRealm() but for NTLM it would return the challenge 
string or the message type that was sent.  This seems a little 
excessive but would provide a scheme independant way for HttpMethodBase 
to determine if the auth request had already been attempted which may 
be useful when we add support for pluggable authentication schemes.

Any thoughts on this?  Any better ideas?

Adrian Sutton.

On Monday, April 21, 2003, at 08:20  AM, Adrian Sutton wrote:

> Andre,
> As Mike pointed out, the logs didn't come through but I have managed 
> to reproduce the problem.  It looks like the blame lies at my feet 
> actually. :(  The change to how we detected which realms we'd tried to 
> authenticate against is the culprit.  I'll see what I can do to fix > it.
>
> Thanks for the clear problem description.
>
> Adrian Sutton.


Mime
View raw message