On Tue, 2015-04-07 at 13:23 +0200, Michael Osipov wrote: ...
> > Oh, Holy Mother. WWW-Authenticate in a 200 response? Really? > > Absolutely, it can happen on any response code, at least 2xx and 3xx > because HTTP is crappy for that. ... > I fear that this is not enough because it does not suffice to process > the challenge but after that AuthScheme#authenticate must be called to > continue the context. If you say that #processChallange takes in tokens > from the server and #authenticate responds to the server, I have to > rethink about my code/approach. All current schemes are structured the > way I have written the new code. > HTTP auth is defined as challenge / response based by RFC 2617. Even NTLM respects that. SPNEGO managed to outperform NTLM in terms of craziness. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org
