hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HTTPCLIENT-1272) HttpClient does not retry failed PROXY authentication when multiple challenges are present
Date Tue, 11 Dec 2012 14:39:21 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oleg Kalnichevski resolved HTTPCLIENT-1272.
-------------------------------------------

    Resolution: Won't Fix

Daz
Actually, when user credentials are not applicable for NTLM authentication (for instance,
when represented by UsernamePasswordCrednentials instead of NTCredentials) the NTLM auth scheme
should fail and HttpClient should pick the next available scheme (BASIC in your case). So,
instead of giving HttpClient incomplete NTCredentials with bogus domain and workstation attributes,
try giving it UsernamePasswordCrednentials and see what happens.

I am going to close this issue as WONTFIX. While it would be permissible to retry authentication
with BASIC scheme in the context of a corporate proxy on a secure corporate network, it would
be pretty irresponsible to automatically send user credentials in clear text to an arbitrary
host after having a more secure scheme failed due to credentials being invalid. I hope you
agree.

Oleg  
                
> HttpClient does not retry failed PROXY authentication when multiple challenges are present
> ------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1272
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1272
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.2
>            Reporter: Daz DeBoer
>
> Similar to HTTPCLIENT-1107, but for Proxy authentication. It appears that subsequent
authentication schemes are not attempted if an earlier scheme fails.
> In our case, a proxy supports Negotiate, NTLM and BASIC authentication. When NTML authentication
fails due to the wrong credentials being supplied, BASIC authentication is never attempted
against the proxy.
> I am a Gradle core developer, and we use HttpClient internally for dependency resolution.
This issue was reported by one of our users.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message