hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Getting exception: Unbuffered entity enclosing request can not be repeated
Date Wed, 14 Jul 2004 18:43:48 GMT
On Wed, 2004-07-14 at 18:10, Jennifer Ward wrote:
> On Jul 13, 2004, at 8:03 PM, Michael Becke wrote:
> 
> >
> > Another way to handle this problem is to use the "expect 100 continue" 
> > feature of HTTP.  This feature is disabled in HttpClient by default, 
> > as only a few servers support it correctly.  You can re-enable it by 
> > calling setUseExpectHeader(true) on the post method.
> 
> Yes, Oleg mentioned this a few days ago. It sounds like this feature 
> still causes the request to get sent twice (even though the request 
> body will not get sent if the server cannot receive it). I was hoping 
> for a way to send each request only once (with the correct auth header 
> the first time). 

Jennifer,

This can be done if you are prepared to handle the entire authentication
process manually (actually with HttpClient 3.0 it can be done quite
easily). The question is if it is really worth the trouble. It is
important to understand Digest authentication scheme is more secure
primarily because it involves frequent challenge-response exchanges. The
server generates a nonce which is used by the HTTP clients to produce
the password digest. If the server is configured to change the nonce too
often, that would basically defeat any sort of preemptive authentication
mechanism, in the worst case rendering it even less efficient than
'expect-continue' handshake. If the server is configured to keep the
nonce for too long, that would inevitably make Digest authentication
less secure. It is not impossible to strike a balance between efficiency
and security. The question is whether the performance gains really
justify additional complexity

Oleg


> I'm not having much luck with that though, so I may 
> end up using the "expect 100 continue" feature after all.
> 
> Thanks
> Jen
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message