hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Preemptive authentication throws IllegalStateException using ISA proxy server
Date Tue, 18 Nov 2008 13:31:19 GMT
...


> > > The examples given for preemptive authentication
> > > for HttpClient 3 require the preemptive credentials are known in
> > > advance.
> >
> > I do not understand. How exactly do you intend to authenticate
> > preemptively without knowing credentials in advance?
> 
> One can observe this in a single firefox 3 window. Firefox asks
> on the (first?) unauthorized response possibly filling in the
> fields with persisted credentials for and then sends preemptive
> authorization headers for requests compatible with the
> protection domain.
> 

There is absolutely _nothing_ that prevents you from popping up a dialog
asking the user for username and password, initializing BasicAuthScheme
and sticking it into the HttpContext.

...

> >
> > > Also it seems that Authentication-Info headers are not looked
> > > at by the HttpClient 4. Presumably this would have to be done by
> > > the application in some way. Will this cause problems?
> > >
> > >
> >
> > One cannot completely rule out the possibility of this provoking a
> > full-scale Martian invasion or accelerating the global warming.
> > Otherwise
> >
> > We _happily_ take patches. You are _very_ welcome to submit a better
> > implementation of DIGEST authentication. The existing code has not
> been
> > worked on since 2003 and could certainly be improved in many ways.
> 
> Thanks, I will keep this in mind.
> I do not have a coded patch -- at this point its mind vaporware.
> I am also not in a position to contribute at this time but that
> may change, for example if one cannot implement this at all which
> at this point I do not assume.
> 

I understand IBM employees need to apply for special permissions in
order to contribute code to an open-source project

Anyways, to sum things up, I _personally_ see very little value in
preemptive authentication but will happily take a patch for review from
an external contributor.

Oleg 

> >
> > Oleg
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message