hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Migowski <chrismf...@gmail.com>
Subject Re: Preemptive authentication examples wrong
Date Wed, 24 Aug 2011 06:51:52 GMT
My sincere apologies,

you are right, for some strange reasons I had httpclient 4.0.1 as well
in the classpath which did not have the mentioned field/method which
caused my errors.

Still: forcing the users to implement that code snippet every time
they need to use preemptive auth is just this: forcing the user to do
unnecessary stuff because you want to.
You can and have put an explicit statement about why preemptive auth
should be used carefully or best not used in the documentation
everywhere (with javadoc its even available "during programming"), and
this for sure will raise awareness at the users side, but the code to
be implemented does not show at all that preemptive auth is not
advised, it is just a PITA and this indicates a certain mindset of

There are valid usecases for preemptive auth, I for example needed it
as a workaround for a bug in the server side program I want to
communicate with (if you are interested:
http://www.redmine.org/issues/9099 )


On Tue, Aug 23, 2011 at 2:43 PM, Oleg Kalnichevski <olegk@apache.org> wrote:
> On Tue, 2011-08-23 at 14:09 +0200, Christian Migowski wrote:
>> Hi,
>> I need to use preeemptive authentication and was very frustrated to see
>> that the simple client.getParams().setAuthenticationPreemptive(true);
>> of older versions
>> was replaced by a block of not understandable code in the tutorial that
>> everyone now needs to implement in his code every time he needs this
>> functionality - very wrong way in my opinion.
> When using preemptive authentication (especially indiscriminately like
> the old versions of HttpClient used to do) one better understand the
> security implications of their actions. If you do not understand what
> you are doing, do not use preemptive authentication.
>> I am writing now because the examples posted under
>> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authenticati
>> on.html and
>> http://hc.apache.org/httpcomponents-client-ga/httpclient/examples/org/ap
>> ache/http/examples/client/ClientPreemptiveBasicAuthentication.java
>> are not working with the latest HttpClient 4.1.2 -
>> ClientContext.AUTH_CACHE and EntityUtils.consume are not available :(
> you are wrong
> http://hc.apache.org/httpcomponents-core-ga/httpcore/apidocs/org/apache/http/util/EntityUtils.html#consume%28org.apache.http.HttpEntity%29
> http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/client/protocol/ClientContext.html#AUTH_CACHE
> Oleg
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org

To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

View raw message