hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HTTPCLIENT-872) Add preemptive authentication
Date Fri, 04 Sep 2009 09:01:57 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12751373#action_12751373
] 

Oleg Kalnichevski commented on HTTPCLIENT-872:
----------------------------------------------

> need to cache the Authorization header, worthy of a separate JIRA, yeah?

I think it might as easy as just caching AuthScheme instance. This looks like a related issue
to me, but feel free to open a separate JIRA for it.

> With preemptive authentication, do you believe that the "nonce" can be pre-seeded? Maybe
some servers can be tricked, but that doesn't 
> seem like the way the protocol was intended.

It is certainly feasible, though a bad idea from the security standpoint. However, some people
did express interest in having such a possibility. Anyways, reusing the "nonce" between requests
within a session does seem reasonable.

Oleg



> Add preemptive authentication
> -----------------------------
>
>                 Key: HTTPCLIENT-872
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-872
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpAuth
>    Affects Versions: 4.0 Final
>            Reporter: Gerald Turner
>            Priority: Trivial
>         Attachments: PreemptiveAuth.patch
>
>
> Wishlist request for preemptive authentication to be included in the API, like HttpClient
3.x had.  There is an example ClientPreemptiveBasicAuthentication.java that uses HttpRequestInterceptor
which I had adapted to my application and it works fine.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message