Marcos Scriven created HTTPCLIENT-1599:
------------------------------------------
Summary: Need an alternative to the deprecated
BasicScheme(ChallengeState)
Key: HTTPCLIENT-1599
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1599
Project: HttpComponents HttpClient
Issue Type: Improvement
Components: HttpClient
Affects Versions: 4.3.6
Reporter: Marcos Scriven
Priority: Minor
The documentation for HttpClient 4 mentions the potential security issues
around preemptive authentication.
That notwithstanding, it provides the following solution
(https://hc.apache.org/httpcomponents-client-ga/httpclient/examples/org/apache/http/examples/client/ClientPreemptiveBasicAuthentication.java)
:
{code}
// Create AuthCache instance
AuthCache authCache = new BasicAuthCache();
// Generate BASIC scheme object and add it to the local
// auth cache
BasicScheme basicAuth = new BasicScheme();
authCache.put(target, basicAuth);
// Add AuthCache to the execution context
HttpClientContext localContext = HttpClientContext.create();
localContext.setAuthCache(authCache);
{code}
This works fine, except for proxy authentication. In {{BasicScheme}}, the
authenticate method checks the ChallengeState:
https://github.com/apache/httpclient/blob/trunk/httpclient/src/main/java/org/apache/http/impl/auth/BasicScheme.java#L173
The solution thus would appear to be to set the ChallengeState to {{PROXY}}:
{code}
BasicScheme proxyScheme = new BasicScheme(ChallengeState.PROXY);
{code}
This works, but appears to have been deprecated, and there's no alternative way
to set this without first receiving a proxy auth challenge response.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
