hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SPNEGO/Kerberos Auth when POST is first request
Date Wed, 23 Jul 2014 11:56:48 GMT
On Tue, 2014-07-22 at 17:13 -0700, Gregory Chanan wrote:
> Thanks, Oleg.
> 
> Just to check, why would it not work for me to override
> ManagedClientConnection.tunnelTarget (
> http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ManagedClientConnection.html#tunnelTarget(boolean,
> org.apache.http.params.HttpParams) in 4.2.x?  The documentation seems to
> indicate that the route (including immediate proxies) has been completed at
> this point.
> 

I should probably work as well. I may have been wrong.

Oleg

> Thanks,
> Greg
> 
> 
> On Tue, May 20, 2014 at 8:13 AM, Oleg Kalnichevski <olegk@apache.org> wrote:
> 
> > On Mon, 2014-05-19 at 14:47 -0700, Gregory Chanan wrote:
> > > Hi Oleg,
> > >
> > > Thanks, that makes sense.  Any equivalent for httpclient 4.2.5?  I use
> > both
> > > 4.2.5 and 4.3.3.
> > >
> >
> > Unfortunately 4.2 APIs do not provide an equivalent method.
> >
> > Oleg
> >
> > > Thanks,
> > > Greg
> > >
> > >
> > > On Wed, May 14, 2014 at 4:10 AM, Oleg Kalnichevski <olegk@apache.org>
> > wrote:
> > >
> > > > On Tue, 2014-05-13 at 17:05 -0700, Gregory Chanan wrote:
> > > > > I'm using httpclient (4.3.3) in my application with SPNEGO/Kerberos
> > Auth
> > > > > and everything works well when a GET is the first request to a remote
> > > > > host.  This is consistent with
> > > > >
> > > >
> > http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#spnegowhich
> > > > > only discusses SPNEGO with GET.
> > > > >
> > > > > I run into problems in my application if POST is the first request;
> > there
> > > > > are a couple of different given the SPNEGO negotiation.  What I've
> > done
> > > > is
> > > > > address this at the application level: if a POST is being requested,
> > I
> > > > > first generate a GET in order to trigger the SPNEGO negotiation,
then
> > > > send
> > > > > the POST.
> > > > >
> > > > > There are a couple of downsides to this approach, though:
> > > > > 1) It's inefficient because I send the GET each time a POST request
> > is
> > > > > made, not once per connection.
> > > > > 2) I have to change the application code everywhere httpclient
> > requests
> > > > are
> > > > > made
> > > > >
> > > > > Anyone have a suggestion for how to address this?  I was thinking
of
> > > > > implementing by own HttpClientConnectionManager that overrides
> > "connect"
> > > > > and sends the GET after the connection is established.  That way
I
> > > > address
> > > > > 1) because I only send the GET once per connection and 2) I can get
> > rid
> > > > of
> > > > > the changes in my application code and just use normal HttpClients.
> > > > >
> > > > > Thoughts?
> > > >
> > > > Gregory,
> > > >
> > > > It is a reasonable approach. However, you should overrride
> > > > #routeComplete method instead of #connect. This will enable you to
> > > > interact with the connection immediately after its route has been fully
> > > > established. Otherwise, your connection manager would not work
> > correctly
> > > > with tunneled connections (for instance, https requests via a proxy).
> > > >
> > > > Hope this helps
> > > >
> > > > Oleg
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > > >
> > > >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
> >



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message