On Wed, 2008-08-20 at 11:44 +0200, Sebastiaan van Erk wrote: > Hi, > > Unfortunately the HEAD option is not very stable either. The nonce is > usable only once as well, so in the next post it is no good anymore. > However, if I set the nonce preemptively using the request/response > interceptor method ISA will say 407 but httpclient will not try again, > which will mean that due to the response interceptor the new DIGEST auth > has been saved and it will work for the next POST. > > I don't really understand why httpclient does retry the request when > there is no auth preemptively set, but does not retry the request when > there is. > > Also I'm afraid this solution is very brittle: if the HTTP target > requires any kind of digest authentication I'm sure this will completely > fail. >
I am not sure I understand the problem. Could you please post wire logs of both sessions? > The only thing I can really think of is to somehow make the POST > repeatable (buffer it?). Is the value of isRepeatable() allowed to > change? No, but you can decorate the entity with a buffering wrapper similar to the BufferedHttpEntity. Hope this helps Oleg > I.e. it is repeatable as long as we're in the first 4096 bytes > of the stream (the buffer), but after that, it is no more? I can't > buffer multimegabytes, but as long as I can buffer the enough to handle > the authentication, it should do the trick... > > Regards, > Sebastiaan > > Sebastiaan van Erk wrote: > > Just as I replied to this message, I noticed that I had not tried the > > HEAD option which you suggested. > > > > I tried it, and it does in fact work with DIGEST. > > > > Thanks! > > > > Regards, > > Sebastiaan > > > > Sebastiaan van Erk wrote: > >> Hi, > >> > >> I'm still trying to get different types of authentication to work, > >> this time I'm testing with Microsoft ISA Server 2006 (which seems > >> pretty broken). I got basic to work with a ResponseInterceptor to pick > >> of the auth from a successful small request preceding a large request, > >> and then using preemptive from then on the large POSTS. However, I'm > >> having trouble with DIGEST. > >> > >>>> Oleg Kalnichevski wrote: > >>>> > >>>>> HttpClient 4.0 can be customized to support preemptive > >>>>> authentication using BASIC or DIGEST schemes. NTLM cannot be used > >>>>> preemptively in principle. > >> > >> Just to clarify my understanding: DIGEST can only be used preemptively > >> when the server accepts the reuse of a previously used nonce right? > >> That is, if the proxy server requires a new DIGEST challenge/response > >> every request, then preemptive DIGEST auth will (by definition) fail? > >> > >>>> Ok, I was afraid of that. Does that mean that I am forced to use > >>>> expect/continue with non-repeatable requests? > >>>> > >>> I am afraid so. Another alternative would be to execute a GET or a HEAD > >>> request to make sure credentials are OK before executing a POST with a > >>> large entity. The good thing about NTLM authentication scheme is that > >>> one has only to authenticate once. NTLM authentication is connection > >>> based. A persistent HTTP connection will retain its NTLM context as long > >>> as it remains open. > >> > >> Ok, I'm testing with MS ISA 2006 as mentioned above. It seems to be > >> very broken: when doing expect/continue it will *ALWAYS* respond 100 > >> Continue when doing a POST, only to fail with a 407 the second you > >> start sending data. This breaks non-repeatable POSTS with DIGEST > >> authentication, and I can't use the preemptive DIGEST using > >> authentication from a previous request, since ISA requires a new > >> challenge/response on the every request (even in the same connection). > >> > >>>>> The use of preemptive authentication is discouraged (or at least > >>>>> not promoted). However, one can easily add preemptive > >>>>> authentication capabilities using custom protocol interceptors. See > >>>>> samples above. > >>>> > >>>> Ok, I'll give the interceptors a shot. The reason I want (need?) > >>>> preemptive authentication is because some proxies do not support > >>>> expect/continue and I have non-repeatable posts (multi-megabyte size). > >>>> > >>> An HTTP GET or HEAD preceding a POST with a large content entity is the > >>> way to go. > >> > >> This works with NTLM (connection based), but not with DIGEST (at least > >> on ISA). Do you have any ideas how to go about it with DIGEST? > >> > >> Regards, > >> Sebastiaan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
