hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Progress of HTTPCLIENT-1625/open questions
Date Mon, 06 Apr 2015 16:12:22 GMT
On Mon, 2015-04-06 at 16:26 +0200, Michael Osipov wrote:
> Hi folks,
> I have finally started coding of that issue. While I was able to write a 
> working prototype within an hour authenticating against Apache Tomcat 
> and Apache Web Server, an issue arose I am not really clear about:
> Is a credentials provider always necessary for a target host? 

Yes, it is.

> In other 
> words, do I always need something like this:
> CredentialsProvider p = new BasicCredentialsProvider();
> p.setCredentials(AuthScope.ANY, new 
> UsernamePasswordCredentials("mumu:mumu"));
> builder.setDefaultCredentialsProvider(p);
> Although the credential is by default obtained at runtime?
> I have noticed that authentication is not executed if no cred provider 
> is set and the logs are not very chatty about that.

This whole concept of the auth APIs goes back to the days of HC 2.0 and
it remained virtually unchanged in HC 3.x and HC 4.x. The auth APIs were
primarily designed to work well with standard auth schemes like BASIC
and DIGEST and similar password based auth schemes. Things like Kerberos
and native Windows auth were not properly factored it at that point of
time. We can think of a better abstraction for HC 5, but for now we will
have to live with what we have.


To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message