[jira] [Resolved] (HTTPCLIENT-1599) Need an alternative to the deprecated BasicScheme(ChallengeState)

Thu, 15 Jan 2015 08:40:17 -0800 

     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleg Kalnichevski resolved HTTPCLIENT-1599.
-------------------------------------------
    Resolution: Not a Problem

The recommended way to initialize an instance of BasicScheme is by feeding it 
with a simple auth challenge.

{code:java}
BasicScheme basicScheme = new BasicScheme();
basicScheme.processChallenge(
        new BasicHeader(HttpHeaders.PROXY_AUTHENTICATE, "Basic 
realm=\"some-realm\""));
{code}

Oleg

> Need an alternative to the deprecated BasicScheme(ChallengeState)
> -----------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1599
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1599
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpClient
>    Affects Versions: 4.3.6
>            Reporter: Marcos Scriven
>            Priority: Minor
>
> The documentation for HttpClient 4 mentions the potential security issues 
> around preemptive authentication.
> That notwithstanding, it provides the following solution 
> (https://hc.apache.org/httpcomponents-client-ga/httpclient/examples/org/apache/http/examples/client/ClientPreemptiveBasicAuthentication.java)
>  :
> {code}
>          // Create AuthCache instance
>             AuthCache authCache = new BasicAuthCache();
>             // Generate BASIC scheme object and add it to the local
>             // auth cache
>             BasicScheme basicAuth = new BasicScheme();
>             authCache.put(target, basicAuth);
>             // Add AuthCache to the execution context
>             HttpClientContext localContext = HttpClientContext.create();
>             localContext.setAuthCache(authCache);
> {code}
> This works fine, except for proxy authentication. In {{BasicScheme}}, the 
> authenticate method checks the ChallengeState: 
> https://github.com/apache/httpclient/blob/trunk/httpclient/src/main/java/org/apache/http/impl/auth/BasicScheme.java#L173
> The solution thus would appear to be to set the ChallengeState to {{PROXY}}:
> {code}
> BasicScheme proxyScheme = new BasicScheme(ChallengeState.PROXY);
> {code}
> This works, but appears to have been deprecated, and there's no alternative 
> way to set this without first receiving a proxy auth challenge response.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to