hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <ossf...@dubioso.net>
Subject Re: Repeated Proxy-Authorization Challenges
Date Fri, 09 Nov 2007 18:47:04 GMT
Kevin Crosbie wrote:
> Hi,
> 
> I've written an app that makes Post requests using an instance of
> HttpClient.
> My app sometimes talks through a Proxy server using the Digest scheme

IIRC, the 3.1 implementation of the digest scheme is suboptimal
and runs a challenge-response exchange for every request.

Oleg, please correct me if I'm wrong.

> * Does HttpClient support resending of authorization information?

For BASIC auth, yes. I'm not sure about the other schemes.

> * If it does (I assume it does), how does one make this happen?

You have to enable "preemptive authentication". That doesn't work
for DIGEST, because DIGEST requires a server challenge in order
to compute the Authorization header. It should be possible to
store the challenge once it is received and use it to authenticate
future requests, but that's where I believe the implementation
is suboptimal. Additionally, a server may choose to change the
challenge.

> * If the default behaviour is to resend, what could I be doing that
> causes it to not happen.
>   Things that come to mind are:
>      - calling PostMethod.setDoAuthentication(true);

Without that, HttpClient will not authenticate at all.

>      - finishing each post with PostMethod.releaseConnection();

That's a must.

>      - Using a new instance of a PostMethod every time

That's strongly recommended, there is no point in
re-using method instances.

hope that helps,
  Roland


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message