Re: Help: Problems with preemptive authentication and redirects

Mon, 23 Jan 2006 06:26:32 -0800 


Oleg Kalnichevski wrote:

On Sun, 2006-01-22 at 13:09 +0100, Benjamin Pasero wrote:

  

Hi,


I am using HttpClient 3.0 and have a problem with preemptive 
authentication and redirects.


The scenario is as follows:


1. I create a GetMethod with a certain URI, lets say www.foo.com which 
redirects to bar.foo.com

   that requires authentication.


2. I lookup a registry with stored credentials for this URI and find 
Username + Password


3. I call HttpClient.getParams().setAuthenticationPreemptive(true);


4. I create AuthScope and Credentials, asking the GetMethod for Host, 
Port and Realm. For Host

   I am getting "www.foo.com".

5. I call HttpClient.getState().setCredentials(authScope, userPwCreds);

6. I call getMethod.setDoAuthentication(true);


Now, I execute the GetMethod and it gets redirected to "bar.foo.com". 
Thereby the AuthScope
I created preemptively with "www.foo.com" is no longer valid. I get an 
401 error, although

the credentials are correct, just the host is not.


Is there a workaround for avoiding this problem? I tried to supply 
ANY_HOST as value for
the AuthScope but get the exception that NULL is not allowed (though the 
API tells me

that I can supply ANY_HOST if I want to).


    



Try the following auth scope 
HttpClient.getState().setCredentials(AuthScope.ANY, userPwCreds);

if it does not help, post a complete wire/context log of the HTTP
session to this list.

  

Thanks for the hint, that is working perfectly! Are there any side-effects
in using such an authscope? E.g. could it be that some authentication
challenges wont work with supplying ANY as scope?

Regards,
Ben

Oleg


  

Thanks for helping,
Ben

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



    



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



  


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to