Hello John,
digest authentication requires a challenge from the server.
It is simply not possible to authenticate the first request
preemptively, because HttpClient doesn't know the challenge
yet. Once the challenge has been received, preemptive
authentication can be used for subsequent requests.
The paragraph in RFC 2617 to which you referred starts with
"The client response to a WWW-Authenticate challenge...",
which implies that there is a challenge to respond to.
You can try to enable the expect-continue handshake.
The request should then be rejected by the server before
the POST data has been transferred. The rejecting reply
includes the challenge, which can then be used to retry
the POST request with the appropriate authentication.
Or you can try a GET request prior to the POST request.
hope that helps,
Roland
"Jesus M. Salvo Jr." <[EMAIL PROTECTED]>
27.10.2004 07:05
Please respond to
"HttpClient Project"
To
[EMAIL PROTECTED]
cc
Subject
pre-emptive authentication for digest authentication
The target server that I am POSTing to requires digest authentication.
I was trying out:
httpClient.getState().setAuthenticationPreemptive(true);
However, it turns out that HttpClient was first trying out Basic
authentication before using Digest authentication.
Which makes sense I guess since I have not really told it what
authentication method to use first.
Is there a way to force HttpClient to firsty try digest authentication
... or to try any specific authentication method first ?
Section 3.3 ( third paragraph ) of RFC 2617 also allows pre-emptively
sending the Authorization header for digest authentication.
John
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
