hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roland Weber" <ROLWE...@de.ibm.com>
Subject Re: Prompting user for authentication?
Date Tue, 30 Sep 2003 06:48:52 GMT
Hello David,

we kind of tried the same approach with OpenCard. It wasn't funny
and never really worked satisfactory. Don't do it in the Http Client.

Instead of using a modified HttpState that interacts with the user,
just disable automatic authentication. Then, the application will get
the 401/407 response code, has full access to all headers, can
determine the type of authentication, and present a suitable user
interface. Then explicitly repeat the request with the authentication


29.09.2003 18:54
Please respond to "Commons HttpClient Project"
        To:     commons-httpclient-dev@jakarta.apache.org
        Subject:        Prompting user for authentication?

I've been working with HttpClient for the past few days and have it just
about working to my liking.  I must say I really like how it's designed!
However there's one bit that still bugs me...authentication of proxy and 
servers (response codes 401 and 407).  Basically, what I'd like to do is
prompt the user for the username/password when I get this response. 

What I've done for the moment is to subclass HttpState and override
getCredentials and getProxyCredentials such that they prompt the user for
the username and password if I don't already have credentials defined for
the realm/host combination.  This seems to work just fine except for NTLM
authentication.  This is because getCredentials doesn't know what scheme 
being used when the request is made.  So I don't know if I should display 
text field for domain or not.  I also don't know if I should be creating
UsernamePasswordCredentials or NTCredentials.

So my question is this:  Is there a better way to go about this?  Is there
something that could be added to HttpClient to support what I want to do?
Perhaps an interface AuthorizationPrompter (or whatever) that can be
registered with one of the library classes? (HttpClient? HttpState?)  Or
perhaps something I could subclass and override?

CONFIDENTIALITY NOTICE This electronic mail transmission and any
accompanying documents contain information belonging to the sender
("Information") that may be confidential and legally privileged.  If you 
not the intended recipient, any disclosure, copying,distribution or action
taken in reliance on the Information is strictly prohibited.  If you have
received the Information in error,please contact the sender by reply email
and destroy all copies of the original email. Thank you. ²

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message