On Sun, 29 Sep 2024 16:46:06 GMT, Michael McMahon <[email protected]> wrote:
> This fix relaxes the constraints on user set authentication headers.
> Currently, any user set authentication headers are filtered out, if the
> HttpClient has an Authenticator set. The reason being that the authenticator
> is expected to manage authentication. With this fix, it will be possible to
> use pre-emptive authentication through user set headers, even if an
> authenticator is set. The expected use case is where the authenticator would
> manage either proxy or server authentication and the user set headers would
> manage server authentication if the authenticator is managing proxy (or vice
> versa).
> If the pre-emptive authentication fails, then this behavior is disabled on
> further retries and it would be up to the authenticator to provide the right
> credentials then.
>
> Thanks,
> Michael
src/java.net.http/share/classes/jdk/internal/net/http/common/Utils.java line
233:
> 231:
> 232: || req.tryUserSetAuthorization();
> 233: */
Shouldn't this commented code be removed?
test/jdk/java/net/httpclient/UserAuthWithAuthenticator.java line 212:
> 210:
> 211: public String baseURL() {
> 212: return "http://127.0.0.1:"; + getPort();
Should use `URIBuilder` here to deal with possible IPv6-only envs
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21249#discussion_r1781095329
PR Review Comment: https://git.openjdk.org/jdk/pull/21249#discussion_r1781099321
