...
> > > The examples given for preemptive authentication > > > for HttpClient 3 require the preemptive credentials are known in > > > advance. > > > > I do not understand. How exactly do you intend to authenticate > > preemptively without knowing credentials in advance? > > One can observe this in a single firefox 3 window. Firefox asks > on the (first?) unauthorized response possibly filling in the > fields with persisted credentials for and then sends preemptive > authorization headers for requests compatible with the > protection domain. > There is absolutely _nothing_ that prevents you from popping up a dialog asking the user for username and password, initializing BasicAuthScheme and sticking it into the HttpContext. ... > > > > > Also it seems that Authentication-Info headers are not looked > > > at by the HttpClient 4. Presumably this would have to be done by > > > the application in some way. Will this cause problems? > > > > > > > > > > One cannot completely rule out the possibility of this provoking a > > full-scale Martian invasion or accelerating the global warming. > > Otherwise > > > > We _happily_ take patches. You are _very_ welcome to submit a better > > implementation of DIGEST authentication. The existing code has not > been > > worked on since 2003 and could certainly be improved in many ways. > > Thanks, I will keep this in mind. > I do not have a coded patch -- at this point its mind vaporware. > I am also not in a position to contribute at this time but that > may change, for example if one cannot implement this at all which > at this point I do not assume. > I understand IBM employees need to apply for special permissions in order to contribute code to an open-source project Anyways, to sum things up, I _personally_ see very little value in preemptive authentication but will happily take a patch for review from an external contributor. Oleg > > > > Oleg > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
