hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gerald Turner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HTTPCLIENT-872) Add preemptive authentication
Date Fri, 04 Sep 2009 00:47:57 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12751252#action_12751252

Gerald Turner commented on HTTPCLIENT-872:

I see what you mean — ran some tests and it's apparent that reused connections keep repeating
the authentication handshake, need to cache the Authorization header, worthy of a separate
JIRA, yeah?  Digest is more complicated since it'll need to increment the "nc" value and generate
a new "cnonce" each subsequent request.  I have no idea about NTLM.

With preemptive authentication, do you believe that the "nonce" can be pre-seeded?  Maybe
some servers can be tricked, but that doesn't seem like the way the protocol was intended.

> Add preemptive authentication
> -----------------------------
>                 Key: HTTPCLIENT-872
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-872
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpAuth
>    Affects Versions: 4.0 Final
>            Reporter: Gerald Turner
>            Priority: Trivial
>         Attachments: PreemptiveAuth.patch
> Wishlist request for preemptive authentication to be included in the API, like HttpClient
3.x had.  There is an example ClientPreemptiveBasicAuthentication.java that uses HttpRequestInterceptor
which I had adapted to my application and it works fine.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message