hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Johnson <e...@tibco.com>
Subject Re: Make HttpClient pick Basic Auth over NTLM?
Date Thu, 04 Dec 2003 14:31:15 GMT
I'm not sure that HttpClient should do anything different.

According to section 4.6 of RFC 2617, "A user agent MUST choose to use 
the strongest auth- scheme it understands and request credentials from 
the user based upon that challenge."

Since Basic is pretty darn weak, I'd say NTLM wins out every time.  Is 
this a point on which HttpClient should have an option to override the 
RFC mandated behavior?  As somewhat of a fanatic about security, my take 
is that you should be forced to do the right thing, and if you really 
want to, the source is there for you to modify.

-Eric.

anon permutation wrote:

>
> Hi,
>
> I am using a proxy server that supports both NTLM and Basic 
> Authentications.  How do I make HttpClient use Basic Auth. instead of 
> NTLM?  I am using 2.0-rc2.  Following is my code:
>
> --------------------------------------------------------------------------------------------------------------------

>
> HttpClient client = new HttpClient();
> HttpMethod method = null;
>
> client.getState().setProxyCredentials(null, new 
> UsernamePasswordCredentials("user","passwd"));
>
> HostConfiguration hc = client.getHostConfiguration();
> hc.setProxy("10.0.0.2", 80);
>
> method = new GetMethod(url);
> client.executeMethod(method);
> byte[] responseBody = method.getResponseBody();
> -----------------------------------------------------------------------------------------------------------------

>
>
> I am getting this error:
> Credentials cannot be used for NTLM authentication
>
>
> Thanks.
>
> _________________________________________________________________
> Browse styles for all ages, from the latest looks to cozy weekend wear 
> at MSN Shopping.  And check out the beauty products! 
> http://shopping.msn.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: 
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: 
> commons-httpclient-dev-help@jakarta.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message