hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Progress of HTTPCLIENT-1625/open questions
Date Tue, 07 Apr 2015 12:05:21 GMT
On Tue, 2015-04-07 at 13:23 +0200, Michael Osipov wrote:

...

> > Oh, Holy Mother. WWW-Authenticate in a 200 response? Really?
> 
> Absolutely, it can happen on any response code, at least 2xx and 3xx 
> because HTTP is crappy for that. 

...

> I fear that this is not enough because it does not suffice to process 
> the challenge but after that AuthScheme#authenticate must be called to 
> continue the context. If you say that #processChallange takes in tokens 
> from the server and #authenticate responds to the server, I have to 
> rethink about my code/approach. All current schemes are structured the 
> way I have written the new code.
> 

HTTP auth is defined as challenge / response based by RFC 2617. Even
NTLM respects that. SPNEGO managed to outperform NTLM in terms of
craziness.    

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message