hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adrian Sutton <adr...@intencha.com>
Subject Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Date Mon, 24 Nov 2003 22:05:15 GMT
>> The NTLM headers should only have a lifetime of a
>> single request, we need some way to remove them every time.  We may have
>> to just explicitly remove any NTLM Proxy-Authentication or
>> Authentication headers on every request.
> I agree. I'll try to come up with another try within a few days (most likely
> tomorrow)

You're both absolutely right that NTLM authentication is connection based
rather than request based and the left over authentication headers are
likely causing the problem as they most likely cause the server to go into
"step 3" of authentication but then fail to find the nonce that was sent to
the client in "step 2" because it was removed from cache after the first
"step 3" response.  Thus, the authentication "token" is removed from the
connection and a new challenge is sent.

One way to get around this may be to implement a ConnectionAuthScheme
interface/class that extends AuthScheme and adds callback methods for when a
request is going to be used on an already authenticated connection.
Something like:

reuseConnection(HttpMethod request);

And possibly:

> Oleg

That would provide a good basis for other connection oriented authentication
schemes as well.  Then again, I don't know of any other connection oriented
auth schemes so it may not be worth it.


Adrian Sutton.

Intencha "tomorrow's technology today"
Ph: 38478913 0422236329
Suite 8/29 Oatland Crescent
Holland Park West 4121
Australia QLD

To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org

View raw message