hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SPNEGO/Kerberos Auth when POST is first request
Date Wed, 14 May 2014 11:10:01 GMT
On Tue, 2014-05-13 at 17:05 -0700, Gregory Chanan wrote:
> I'm using httpclient (4.3.3) in my application with SPNEGO/Kerberos Auth
> and everything works well when a GET is the first request to a remote
> host.  This is consistent with
> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#spnegowhich
> only discusses SPNEGO with GET.
> 
> I run into problems in my application if POST is the first request; there
> are a couple of different given the SPNEGO negotiation.  What I've done is
> address this at the application level: if a POST is being requested, I
> first generate a GET in order to trigger the SPNEGO negotiation, then send
> the POST.
> 
> There are a couple of downsides to this approach, though:
> 1) It's inefficient because I send the GET each time a POST request is
> made, not once per connection.
> 2) I have to change the application code everywhere httpclient requests are
> made
> 
> Anyone have a suggestion for how to address this?  I was thinking of
> implementing by own HttpClientConnectionManager that overrides "connect"
> and sends the GET after the connection is established.  That way I address
> 1) because I only send the GET once per connection and 2) I can get rid of
> the changes in my application code and just use normal HttpClients.
> 
> Thoughts?

Gregory,

It is a reasonable approach. However, you should overrride
#routeComplete method instead of #connect. This will enable you to
interact with the connection immediately after its route has been fully
established. Otherwise, your connection manager would not work correctly
with tunneled connections (for instance, https requests via a proxy). 

Hope this helps

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message