Hi, Thanks for your helpful answers, as usual. :-)
Oleg Kalnichevski wrote:
HttpClient 4.0 can be customized to support preemptive authentication using BASIC or DIGEST schemes. NTLM cannot be used preemptively in principle.
Ok, I was afraid of that. Does that mean that I am forced to use expect/continue with non-repeatable requests?
Second question: when I register credentials with httpclient, I can only set them once. So how can set the correct credentials if I don't yet know the auth type? Or should I use the first request to determine the auth type? Currently there are UsernamePasswordCredentials (for BASIC and DIGEST) and NTCredentials (for NTLM). Or is it possible to *always* just use NTCredentials for the other auth types as well?
Yes, it is. NTCredentials are perfectly valid for non-NTLM authentication schemes.
Ok, that's great. :-) Does it just ignore the domain and workstation parts then?
Currently I'm using the InetAddress.getLocalHost().getCanonicalHostName() to initialize the workstation/hostname, and I'm splitting the supplied into a domain and username (so if the user types DOMAIN\username I split it into the two components). The only thing this might then break is if BASIC or DIGEST is used and it was meant to send the whole DOMAIN\username combination as the user name (I have seen it used that way in real life configurations, i.e., you have to authenticate with BASIC using DOMAIN\username as the user name).
The use of preemptive authentication is discouraged (or at least not promoted). However, one can easily add preemptive authentication capabilities using custom protocol interceptors. See samples above.
Ok, I'll give the interceptors a shot. The reason I want (need?) preemptive authentication is because some proxies do not support expect/continue and I have non-repeatable posts (multi-megabyte size).
Hope this helps
Yes, very much. :-)
Oleg
Regards, Sebastiaan
smime.p7s
Description: S/MIME Cryptographic Signature
