As I said before, currently only Basic authentication can be used preemptively. As far Digest scheme goes, theoretically it may be possible to preemptively authenticate against a Digest protected resource for which 'nonce', 'nonce count' and 'opaque' values are known. There's no guarantee that a target HTTP server would accept it, though. Currently HttpClient does not provide for Digest scheme preemptive authentication. Feel free to file a feature request for the future releases.
http://jakarta.apache.org/commons/httpclient/issue-tracking.html Alternatively, you could implement preemptive Digest authentication on top of standard HttpClient functionality by using AuthChallengeParser and DigestScheme classes As a side note I would advise you to use 'expect: 100-continue' handshake with your POST requests in order to avoid sending the request body until request is fully authenticated. That should speed things up by quite a bit. See PostMethod#setUseExpectHeader(boolean) Oleg On Tue, 2003-06-10 at 17:34, Zulfi Umrani wrote: > I removed the Log4J from my classpath and could produce debug info. > Attached is the trace I got when authenticating for Diegest on Tomcat. > As per what I understand, Tomcat supports connection reuse. What I would > like to see is that HttpClient store the Authorization header for a URL > and resend it whenever it is invoking the URL again. If the server does > not authenticate, it should re-authenticate the connection/url. Please > let me know if I can set it up that way. Also is there a way to tell > client,state or method about the scheme being used for pre-emptive > authentication? This is so that it sends the right Authorization header > even for the first time. > > Thanks. > > >>> [EMAIL PROTECTED] 6/10/2003 2:17:54 PM >>> > Zulfi > > Both Digest & NTLM authentication schemes are connection oriented. > Every time a new connection is open to a Digest & NTLM protected > resource, the user has to be re-authenticated. Per default HttpClient > does its best to keep connections alive, provided that the server > supports connection reuse, thus eliminating the need to re-authenticate > the user. > > Since you are using Log4J toolkit you have to ensure it's been > configured to log 'httpclient.wire' and 'org.apache.commons.httpclient' > category of events at DEBUG verbosity. Please refer to commons-logging & > Log4J documentation for details > > Oleg > > -----Original Message----- > From: Zulfi Umrani [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 17:03 > To: Kalnichevski, Oleg; [EMAIL PROTECTED] > Subject: RE: preemptive > > > What do you mean by "eliminating the authentication overhead"? Does > this > mean keeping the already Authenticated header and adding it next time > the URL is being invoked? I am using Apache Tomcat Server to host a > couple of protected URLs. One more Basic and other for Digest. I > believe > it does the necessary connection management specified by the HTTP > 1.0/1.1. For logging I execute the following before I do anything. > log4j-1.2.8 and commons-logging-1.0.2. I do not any other > documentation > for logging. If you have a sample code which enables logging even to a > file, please send that to me. I am using JDK1.4 on Sun Solaris > without > any container to run the client. So I do not think it is redirecting > stdout or stderr to somewhere else. > > System.setProperty("org.apache.commons.logging.simplelog.defaultlog", > "debug"); > System.setProperty("org.apache.commons.logging.Log", > "org.apache.commons.logging.impl.SimpleLog"); > System.setProperty("org.apache.commons.logging.simplelog.showdatetime", > "true"); > System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", > "debug"); > System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", > "trace"); > > > >>> [EMAIL PROTECTED] 6/10/2003 1:36:57 PM >>> > Zulfi, > Only Basic authentication scheme can be used preemptively. If you want > to eliminate the authentication overhead associated with Digest or > NTLM > schemes you have to ensure that the HTTP server keeps connections > alive > when possible. > > Please get logging to work. That should not be too difficult. Please > note that application servers and servlet engines usually redirect > standard output and standard error. If you are unable to figure out > what > is going you might want to use Log4j toolkit that allows greater > control > over logging (for instance, you can specify a separate log file for a > specific category of events). We will not be able to help you unless > we > can see the logs. > > Oleg > > -----Original Message----- > From: Zulfi Umrani [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 16:27 > To: [EMAIL PROTECTED] > Subject: RE: preemptive > > > By setting realm as null, the pre-emptive authentication worked! But, > it > sends a Basic Authorization header even if the URL is protected by > Digest! For Digest it is still making 2 trips in order to > authenticate. > Which is fine for the first request, but it repeats the same thing for > the second request as well. Is there a way to tell the state, method > or > client what kind of scheme is desired for pre-emptive authentication. > Sorry, no logs here as log did not work. > > >>> [EMAIL PROTECTED] 6/10/2003 3:47:32 AM >>> > Zulfi, > > Try setting both realm & host to null. That should do the trick > > HttpClient hc = new HttpClient(); > HttpState state = hc.getState(); > state.setAuthenticationPreemptive(true); > // Set default credentials (realm & host are null) > state.setCredentials(null, null, > new UsernamePasswordCredentials("zulfi", "zulfi")); > > > Folks, > > The present convention for setting a default set of credentials is > utterly confusing and needs to be redesigned in 2.1. I believe we > should > be using HttpState#setCredentials(HttpAuthRealm, Credentials) instead > of > HttpState#setCredentials(String, String, Credentials). We should also > provide a static final class to represent the default set of > credentials: > > public static final HttpAuthRealm DEFAULT_AUTH_CREDENTIALS = new > HttpAuthRealm(null, null); > > The end user code might look similar to that below > > state.setCredentials(DEFAULT_AUTH_CREDENTIALS, > new UsernamePasswordCredentials("zulfi", "zulfi")); > > > Cheers > > Oleg > > > -----Original Message----- > From: Zulfi Umrani [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 00:44 > To: [EMAIL PROTECTED] > Subject: preemptive > > > Tried to use the Preemptive Authentication feature. Could not get it > to > work. I used the HttpState.setAuthenticationPreemptive(true); to set > the > preemptive authentication ON. It still send the first request without > the Authorization header. Code sample is below. Would like to know, > how > to set up the Pre-emptive Authentication. > > package test; > > import java.io.*; > import java.net.URL; > > import org.apache.commons.httpclient.*; > import org.apache.commons.httpclient.methods.*; > import org.apache.commons.httpclient.auth.*; > import org.apache.commons.httpclient.util.*; > > public class JCTest { > public static void main(String[] args) throws Exception { > test0(); > test0(); > return; > } > > public static void test0() throws Exception { > System.out.println("running test0"); > > String urlstr = "http://localhost:9999/services1/test";; > URL url = new URL(urlstr); > > HttpClient hc = new HttpClient(); > HttpState state = hc.getState(); > state.setAuthenticationPreemptive(true); > state.setCredentials("", url.getHost(), > new UsernamePasswordCredentials("zulfi", "zulfi")); > > PostMethod post = new PostMethod(urlstr); > post.setDoAuthentication(true); > > post.addRequestHeader("Connection", "Keep-Alive"); > post.addRequestHeader("Content-Length", ""+msg.length()); > post.addRequestHeader("Content-Type", "text/xml; > charset=utf-8"); > > InputStream reqis = new ByteArrayInputStream(msg.getBytes()); > > post.setRequestBody(reqis); > > HostConfiguration hconfig = new HostConfiguration(); > hconfig.setHost(new URI(urlstr)); > > hc.executeMethod(hconfig, post); > > System.out.println(post.getResponseBodyAsString()); > System.out.println(); > > } > > private static String msg = "Text Message"; > > } > > > Thanks. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > ______________________________________________________________________ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
