From users-return-27318-archive-asf-public=cust-asf.ponee.io@subversion.apache.org Thu Jul 19 15:01:20 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 8957D180630 for ; Thu, 19 Jul 2018 15:01:19 +0200 (CEST) Received: (qmail 14072 invoked by uid 500); 19 Jul 2018 13:01:18 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 14056 invoked by uid 99); 19 Jul 2018 13:01:17 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Jul 2018 13:01:17 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 4B1D1CB792 for ; Thu, 19 Jul 2018 13:01:17 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.888 X-Spam-Level: * X-Spam-Status: No, score=1.888 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id Bu_CJXbf405t for ; Thu, 19 Jul 2018 13:01:16 +0000 (UTC) Received: from mail-oi0-f43.google.com (mail-oi0-f43.google.com [209.85.218.43]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 1CCFC5F244 for ; Thu, 19 Jul 2018 13:01:16 +0000 (UTC) Received: by mail-oi0-f43.google.com with SMTP id k12-v6so15329028oiw.8 for ; Thu, 19 Jul 2018 06:01:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=o3qIpSZS8GSUQ97bdsr+byoTtUeWEOPfs8TSbvfXmIA=; b=kpnK6Xp6U43ZXQpxNSSZbZr00GuoY4qh3OPaDqM7DIQgaxxXiEZ0GZv9vvCTahpLTq AlsXu5nUjdrc7uFJCOND9qGByqL1Gsp8oD9RJSIhcSXIsyuoSm6R7vLnm6ju3c3U8Wcb CFIIr1i7wSDU3e0hBO3ubtscB8lYt2YcfNh/oQwZkNCif7rCf+soZ9zzqLfYwcV4Y6ds H+nzqBo/qo5reFNB76Rhs8YEjX1xiv4IKzR59ee1MMfTcr5hCg2K/7b7KBE8tVWDpR5c Gx8ljTBnYExH5j5gjLen7wiCtYaUhyFBKMcXsz30VhTtyNiiCttYDx67gpC5lIdKsvKS DeFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=o3qIpSZS8GSUQ97bdsr+byoTtUeWEOPfs8TSbvfXmIA=; b=XWJqAOVR+b2/nnAW0daEP9WzN7USctRPn5V36cv/EV5/0ZDnR2bu7lu+b2tcd9uLpW JW1dfEGGpZWXvbQDfq+Me/wNsGjjPA0jiw3Pvb/s7U5dXny90oRcEvIv8GK/vQGKa9np DIfJoNAxYQTRL9HRo48qyJ8QJ7S4hnVLNio+VlWAwhiDze20W+oprbWgG5b5E0k5xy4f RfkoZzerTsc9/XMOjZ4n4BKqYlMe9xexMkdhav7oNG3r2JOXV8S2uSqz2T3LDFQFnzjt c+OF2KKvujSqNv0dUIIggqUFtbD5inZhiRdBYMfvQyqA5JlbK6Q0OcqGq/lcwfJIir0G MRPg== X-Gm-Message-State: AOUpUlFBT7GePAuB1J7iV4zAKlVfldIqzRhkGMt9/9wyIzpTJzJ053SQ V0Q3+AtBJ4rL/t5/kTccJyiYCRylY9quoC4VFlk= X-Google-Smtp-Source: AAOMgpeT6btlapzeZi2Dq3Ywcz14nCmo7AjsyyhIMmTBYfGJ3zBB9QcxISB3sRZ8cknyIr56E6+L0+znarw+HN7Yy0E= X-Received: by 2002:aca:ba57:: with SMTP id k84-v6mr9791297oif.10.1532005274508; Thu, 19 Jul 2018 06:01:14 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Felix E." Date: Thu, 19 Jul 2018 15:01:02 +0200 Message-ID: Subject: Re: Http authentication To: Johan Corveleyn Cc: Subversion Content-Type: multipart/alternative; boundary="0000000000002e7f71057159c65c" --0000000000002e7f71057159c65c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I understand that the very first request shouldn't contain any auth header. But If a svn function is called multiple times(for the same host etc.) and there was already a successful authentication, it should be possible to add the auth header to the following requests instead of waiting for a auth required response. At least I hoped so. Felix Johan Corveleyn schrieb am Do., 19. Juli 2018, 14:10: > On Thu, Jul 19, 2018 at 12:15 PM, Felix E. wrote: > > > > > > On 2018/07/18 14:45:38, Branko =C4=8Cibej wrote: > >> On 18.07.2018 15:38, Essig Felix wrote:> > >> >> > >> > Hi,> > >> >> > >> > > > >> >> > >> > I have a question about the http authentication when using the> > >> > subversion api 1.8.13.> > >> >> > >> > For example using the =E2=80=9Asvn_client_list3=E2=80=98 function:> > >> >> > >> > Everytime this function is called the first http request does not> > >> > contain any Authorization header which leads to a =E2=80=9A401 Autho= rization> > >> > Required=E2=80=98 response.> > >> >> > >> > In my opinion this leads to an unnecessary delay when the function i= s> > >> > called multiple times and the same credentials could be used.> > >> >> > >> > > > >> >> > >> > When calling this function the svn_client_ctx_t contains an> > >> > svn_auth_baton_t with set default username and default password> > >> > parameters.> > >> >> > >> > > > >> >> > >> > Now to my actual question:> > >> >> > >> > Can this behaviour somehow be changed or is it just designed to work= > > >> > this way? I also know that the version I=E2=80=99m using is not the = newest > one> > >> > so if you think an upgrade to a newer version could lead to some> > >> > performance improvement please let me know.> > >> >> > >> > >> You can either modify the auth baton or create your own. See> > >> svn_cmdline_create_auth_baton2 in include/svn_cmdline.h and> > >> subversion/libsvn_subr/cmdline.c.> > >> > >> -- Brane> > >> > >> > > > > Thanks for your answer. > > But what exactly do you mean? > > As I said the default parameters are set. > > There is also no callback to any auth provider so the default values > seem to > > work. But only after a auth required response. > > The http client should include the auth header already in the first > request. > > I think the client can not assume (without sending a first request) > that authentication will be required. Some servers offer anonymous > access, some require authentication for "write", but allow anonymous > reads, and some require authentication for both read and write > requests. It depends on the servers-side configuration. > > -- > Johan > --0000000000002e7f71057159c65c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I understand that the very first request shouldn't co= ntain any auth header. But If a svn function is called multiple times(for t= he same host etc.) and there was already a successful authentication, it sh= ould be possible to add the auth header to the following requests instead o= f waiting for a auth required response. At least I hoped so.

Felix

Johan Corveleyn <jcorvel@gmail.com> schrieb am Do., 19. Juli 2018, 14:10:
On Thu, Jul 19, 2018 at 12:15 PM, Felix E. = <felixessig@gmail.com> wrote:
>
>
> On 2018/07/18 14:45:38, Branko =C4=8Cibej <b...@apache.org> wro= te:
>> On 18.07.2018 15:38, Essig Felix wrote:>
>> >>
>> > Hi,>
>> >>
>> >=C2=A0 >
>> >>
>> > I have a question about the http authentication when using th= e>
>> > subversion api 1.8.13.>
>> >>
>> > For example using the =E2=80=9Asvn_client_list3=E2=80=98 func= tion:>
>> >>
>> > Everytime this function is called the first http request does= not>
>> > contain any Authorization header which leads to a =E2=80=9A40= 1 Authorization>
>> > Required=E2=80=98 response.>
>> >>
>> > In my opinion this leads to an unnecessary delay when the fun= ction is>
>> > called multiple times and the same credentials could be used.= >
>> >>
>> >=C2=A0 >
>> >>
>> > When calling this function the svn_client_ctx_t contains an&g= t;
>> > svn_auth_baton_t with set default username and default passwo= rd>
>> > parameters.>
>> >>
>> >=C2=A0 >
>> >>
>> > Now to my actual question:>
>> >>
>> > Can this behaviour somehow be changed or is it just designed = to work>
>> > this way? I also know that the version I=E2=80=99m using is n= ot the newest one>
>> > so if you think an upgrade to a newer version could lead to s= ome>
>> > performance improvement please let me know.>
>> >>
>>
>> You can either modify the auth baton or create your own. See> >> svn_cmdline_create_auth_baton2 in include/svn_cmdline.h and> >> subversion/libsvn_subr/cmdline.c.>
>>
>> -- Brane>
>>
>>
>
> Thanks for your answer.
> But what exactly do you mean?
> As I said the default parameters are set.
> There is also no callback to any auth provider so the default values s= eem to
> work. But only after a auth required response.
> The http client should include the auth header already in the first re= quest.

I think the client can not assume (without sending a first request)
that authentication will be required. Some servers offer anonymous
access, some require authentication for "write", but allow anonym= ous
reads, and some require authentication for both read and write
requests. It depends on the servers-side configuration.

--
Johan
--0000000000002e7f71057159c65c--