Ooops. I forgot to update the site last night. I'm doing so now.
Mike
On Jun 9, 2004, at 6:00 AM, [EMAIL PROTECTED] wrote:
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=29439>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=29439
Credentials ignored if realm specified in preemptive authentication
[EMAIL PROTECTED] changed:
What |Removed |Added
----------------------------------------------------------------------- -----
Severity|Normal |Enhancement
Status|NEW |ASSIGNED
Target Milestone|--- |3.0 Alpha 2
------- Additional Comments From [EMAIL PROTECTED] 2004-06-09 09:59 -------
Philippe,
Just recently we have had a quite few complaints regarding the way preemptive
authentication is handled. The official HttpClient authentication guide has been
revised to clarify the gray areas in the 2.0 API primarily concerning the
prerequisites expected in order to make preemptive authentication functional.
Rather unfortunately the site has not been redeployed yet, so the updated
authentication guide is not available at the moment. You can see the xdoc source
at the following location
http://cvs.apache.org/viewcvs.cgi/jakarta-commons/httpclient/xdocs/ authentication.xml? rev=1.5.2.4&only_with_tag=HTTPCLIENT_2_0_BRANCH&view=markup
But I don't personally think it is defensive enough since it disable preemptive auth and it could result in large performance degradation since you have to repeat (multi-megabytes?) POST requests two times to get through.
Preemptive authentication is not the best answer to this problem. The problem
can be much better addressed by using so called 'expect-continue' handshake. See
ExpectContinueMethod method's javadoc for details.
The entire authentication framework in HttpClient has been completely rewritten
for the 3.0 release. With HttpClient 3.0 one should already get a warning in
case of missing authentication credentials. Furthermore, it also provides a
better API for credentials assignment and retrieval. I will also try to come up
with a better way to assign default credentials. So, stay tuned
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
