hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SPNEGO/Kerberos Auth when POST is first request
Date Tue, 20 May 2014 15:13:03 GMT
On Mon, 2014-05-19 at 14:47 -0700, Gregory Chanan wrote:
> Hi Oleg,
> 
> Thanks, that makes sense.  Any equivalent for httpclient 4.2.5?  I use both
> 4.2.5 and 4.3.3.
> 

Unfortunately 4.2 APIs do not provide an equivalent method.

Oleg

> Thanks,
> Greg
> 
> 
> On Wed, May 14, 2014 at 4:10 AM, Oleg Kalnichevski <olegk@apache.org> wrote:
> 
> > On Tue, 2014-05-13 at 17:05 -0700, Gregory Chanan wrote:
> > > I'm using httpclient (4.3.3) in my application with SPNEGO/Kerberos Auth
> > > and everything works well when a GET is the first request to a remote
> > > host.  This is consistent with
> > >
> > http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#spnegowhich
> > > only discusses SPNEGO with GET.
> > >
> > > I run into problems in my application if POST is the first request; there
> > > are a couple of different given the SPNEGO negotiation.  What I've done
> > is
> > > address this at the application level: if a POST is being requested, I
> > > first generate a GET in order to trigger the SPNEGO negotiation, then
> > send
> > > the POST.
> > >
> > > There are a couple of downsides to this approach, though:
> > > 1) It's inefficient because I send the GET each time a POST request is
> > > made, not once per connection.
> > > 2) I have to change the application code everywhere httpclient requests
> > are
> > > made
> > >
> > > Anyone have a suggestion for how to address this?  I was thinking of
> > > implementing by own HttpClientConnectionManager that overrides "connect"
> > > and sends the GET after the connection is established.  That way I
> > address
> > > 1) because I only send the GET once per connection and 2) I can get rid
> > of
> > > the changes in my application code and just use normal HttpClients.
> > >
> > > Thoughts?
> >
> > Gregory,
> >
> > It is a reasonable approach. However, you should overrride
> > #routeComplete method instead of #connect. This will enable you to
> > interact with the connection immediately after its route has been fully
> > established. Otherwise, your connection manager would not work correctly
> > with tunneled connections (for instance, https requests via a proxy).
> >
> > Hope this helps
> >
> > Oleg
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
> >



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message