Return-Path: X-Original-To: apmail-hc-httpclient-users-archive@www.apache.org Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E6B1D1189D for ; Wed, 14 May 2014 11:11:18 +0000 (UTC) Received: (qmail 51406 invoked by uid 500); 14 May 2014 11:11:13 -0000 Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org Received: (qmail 51362 invoked by uid 500); 14 May 2014 11:11:13 -0000 Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpClient User Discussion" Delivered-To: mailing list httpclient-users@hc.apache.org Received: (qmail 51354 invoked by uid 99); 14 May 2014 11:11:13 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 14 May 2014 11:11:13 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [5.148.180.21] (HELO kalnich2.nine.ch) (5.148.180.21) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 14 May 2014 11:11:07 +0000 Received: from [192.168.42.101] (unknown [213.55.184.218]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by kalnich2.nine.ch (Postfix) with ESMTPSA id 771BD160222 for ; Wed, 14 May 2014 11:10:44 +0000 (UTC) Message-ID: <1400065801.8913.12.camel@ubuntu> Subject: Re: SPNEGO/Kerberos Auth when POST is first request From: Oleg Kalnichevski To: HttpClient User Discussion In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Date: Wed, 14 May 2014 13:10:01 +0200 Mime-Version: 1.0 X-Mailer: Evolution 3.10.4-0ubuntu1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On Tue, 2014-05-13 at 17:05 -0700, Gregory Chanan wrote: > I'm using httpclient (4.3.3) in my application with SPNEGO/Kerberos Auth > and everything works well when a GET is the first request to a remote > host. This is consistent with > http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#spnegowhich > only discusses SPNEGO with GET. > > I run into problems in my application if POST is the first request; there > are a couple of different given the SPNEGO negotiation. What I've done is > address this at the application level: if a POST is being requested, I > first generate a GET in order to trigger the SPNEGO negotiation, then send > the POST. > > There are a couple of downsides to this approach, though: > 1) It's inefficient because I send the GET each time a POST request is > made, not once per connection. > 2) I have to change the application code everywhere httpclient requests are > made > > Anyone have a suggestion for how to address this? I was thinking of > implementing by own HttpClientConnectionManager that overrides "connect" > and sends the GET after the connection is established. That way I address > 1) because I only send the GET once per connection and 2) I can get rid of > the changes in my application code and just use normal HttpClients. > > Thoughts? Gregory, It is a reasonable approach. However, you should overrride #routeComplete method instead of #connect. This will enable you to interact with the connection immediately after its route has been fully established. Otherwise, your connection manager would not work correctly with tunneled connections (for instance, https requests via a proxy). Hope this helps Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org For additional commands, e-mail: httpclient-users-help@hc.apache.org