hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Crosbie <kcros...@ravenpack.com>
Subject Re: Repeated Proxy-Authorization Challenges
Date Sat, 10 Nov 2007 00:19:32 GMT
Thanks for the reply Roland, I had a look at the source and I was
getting to the same conclusion about Digest not supporting this.
It seems to clean the authorization headers whenever it authorizes...

Roland Weber wrote:
> You have to enable "preemptive authentication".

Preemptive authorization is not really what I'm looking for here.

> That doesn't work
> for DIGEST, because DIGEST requires a server challenge in order
> to compute the Authorization header.

Unless the Authorization Info header tells the client what the next
nonce is, I think the client can send the same information computed
using the original nonce and authorize successfully.   Of course it's
still up to whatever the Proxy Server wants to do here.   It could in
theory force authorization every time by using new nonces.

>  It should be possible to
> store the challenge once it is received and use it to authenticate
> future requests, but that's where I believe the implementation
> is suboptimal. Additionally, a server may choose to change the
> challenge.

I guess I can store the Proxy-Authorization header as a string and set
the header value every time I make a request.

> hope that helps,

That's been a great help!   As I said, I do employ the points that I
suggested may be behind my problem, they seemed like the right way to
use this.

Best Regards,

Kevin Crosbie

To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

View raw message