On Fri, 11 Oct 2024 09:09:47 GMT, Michael McMahon <micha...@openjdk.org> wrote:
>> Hi, >> >> I closed https://github.com/openjdk/jdk/pull/21249 and am continuing the >> review on this PR. >> >> This fix relaxes the constraints on user set authentication headers. >> Currently, any user set authentication headers are filtered out, if the >> HttpClient has an Authenticator set. The reason being that the authenticator >> is expected to manage authentication. With this fix, it will be possible to >> use pre-emptive authentication through user set headers, even if an >> authenticator is set. The expected use case is where the authenticator would >> manage either proxy or server authentication and the user set headers would >> manage server authentication if the authenticator is managing proxy (or vice >> versa). >> >> A CSR will be filed to document this change. >> >> Thanks, >> Michael > > Michael McMahon has updated the pull request incrementally with three > additional commits since the last revision: > > - Update src/java.net.http/share/classes/jdk/internal/net/http/Stream.java > > Co-authored-by: Daniel Jelinski <djelins...@gmail.com> > - Update > src/java.net.http/share/classes/jdk/internal/net/http/AuthenticationFilter.java > > Co-authored-by: Daniel Jelinski <djelins...@gmail.com> > - Update > src/java.net.http/share/classes/jdk/internal/net/http/AuthenticationFilter.java > > Co-authored-by: Daniel Jelinski <djelins...@gmail.com> It would be good to have HTTP/2 covered too since there are changes in HTTP/2 Stream.java. Otherwise the fix looks good! ------------- PR Review: https://git.openjdk.org/jdk/pull/21408#pullrequestreview-2362726133
