hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kalnichevski, Oleg" <oleg.kalnichev...@bearingpoint.com>
Subject RE: Having some problems with "expect 100 continue"
Date Thu, 15 Jul 2004 08:09:23 GMT

Jennifer,

(1) Are you using SSL?
(2) What's the JRE version you are using?
(3) What web server you are targeting?
(4) Are you going through a proxy?

Oleg

-----Original Message-----
From: Jennifer Ward [mailto:jenniferw@apple.com]
Sent: Thursday, July 15, 2004 1:49
To: Commons HttpClient Project
Subject: Having some problems with "expect 100 continue"


All,

I'm now calling setUseExpectHeader(true) for my putMethod. However, I'm
running into a few problems.

First, when putting a 1 character text file (Content-Length: 3) it
doesn't authorize and eventually I get the 'Maximum redirects (100)
exceeded' exception.

If I take a slightly larger text file (Content-Length: 7), then all is
fine. However, I do get the INFO message:

Jul 14, 2004 4:40:33 PM org.apache.commons.httpclient.HttpMethodBase
processRequest
INFO: Recoverable exception caught when processing request

If I try to put a 1MB mpg file, the request appears to hang with:

Jul 14, 2004 4:41:44 PM org.apache.commons.httpclient.HttpMethodBase
writeRequest
INFO: 100 (continue) read timeout. Resume sending the request

Any suggestions? I did try this with the latest build of HttpClient
also and had similar results.

Thanks,
Jen



On Jul 14, 2004, at 11:43 AM, Oleg Kalnichevski wrote:

> On Wed, 2004-07-14 at 18:10, Jennifer Ward wrote:
>> On Jul 13, 2004, at 8:03 PM, Michael Becke wrote:
>>
>>>
>>> Another way to handle this problem is to use the "expect 100
>>> continue"
>>> feature of HTTP.  This feature is disabled in HttpClient by default,
>>> as only a few servers support it correctly.  You can re-enable it by
>>> calling setUseExpectHeader(true) on the post method.
>>
>> Yes, Oleg mentioned this a few days ago. It sounds like this feature
>> still causes the request to get sent twice (even though the request
>> body will not get sent if the server cannot receive it). I was hoping
>> for a way to send each request only once (with the correct auth header
>> the first time).
>
> Jennifer,
>
> This can be done if you are prepared to handle the entire
> authentication
> process manually (actually with HttpClient 3.0 it can be done quite
> easily). The question is if it is really worth the trouble. It is
> important to understand Digest authentication scheme is more secure
> primarily because it involves frequent challenge-response exchanges.
> The
> server generates a nonce which is used by the HTTP clients to produce
> the password digest. If the server is configured to change the nonce
> too
> often, that would basically defeat any sort of preemptive
> authentication
> mechanism, in the worst case rendering it even less efficient than
> 'expect-continue' handshake. If the server is configured to keep the
> nonce for too long, that would inevitably make Digest authentication
> less secure. It is not impossible to strike a balance between
> efficiency
> and security. The question is whether the performance gains really
> justify additional complexity
>
> Oleg
>
>
>> I'm not having much luck with that though, so I may
>> end up using the "expect 100 continue" feature after all.
>>
>> Thanks
>> Jen
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> commons-httpclient-dev-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail:
>> commons-httpclient-dev-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> commons-httpclient-dev-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


***************************************************************************************************
The information in this email is confidential and may be legally privileged.  Access to this
email by anyone other than the intended addressee is unauthorized.  If you are not the intended
recipient of this message, any review, disclosure, copying, distribution, retention, or any
action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. 
If you are not the intended recipient, please reply to or forward a copy of this message to
the sender and delete the message, any attachments, and any copies thereof from your system.
***************************************************************************************************

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message