hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Becke <be...@u.washington.edu>
Subject Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Date Mon, 24 Nov 2003 19:27:55 GMT
bugzilla@apache.org wrote:

> Agreed. However, that still poses the same problem: how do we tell NTLM
> authentication from all others? I do not see a way around that ugly test for the
> 2.0 branch at least:
> if ("NTLM".equalsIgnoreCase(authscheme.getSchemeName())) {
>   // clean up
> }
> As far as HEAD CVS goes, there are more elegant solutions, which would require
> AuthScheme interface extension, though.
> What are your thoughts?

Hi Oleg,

In HEAD I agree that we have better options.  Most likely we will need 
to extend AuthScheme as you mention to include a flag for 
connection/request based authentication.

As far as 2.0 goes, I think that testing for NTLM is acceptable for now, 
but I think the patch as it is will not handle all cases.  In particular 
I think NTLM proxy and Basic host will fail.  This is because on the 
fourth request, when the proxy has authenticated, 
authscheme.getSchemeName() will return "BASIC", and the NTLM header will 
not be removed.  The NTLM headers should only have a lifetime of a 
single request, we need some way to remove them every time.  We may have 
to just explicitly remove any NTLM Proxy-Authentication or 
Authentication headers on every request.


To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org

View raw message