On Fri, 11 Oct 2024 09:09:47 GMT, Michael McMahon <micha...@openjdk.org> wrote:
>> Hi, >> >> I closed https://github.com/openjdk/jdk/pull/21249 and am continuing the >> review on this PR. >> >> This fix relaxes the constraints on user set authentication headers. >> Currently, any user set authentication headers are filtered out, if the >> HttpClient has an Authenticator set. The reason being that the authenticator >> is expected to manage authentication. With this fix, it will be possible to >> use pre-emptive authentication through user set headers, even if an >> authenticator is set. The expected use case is where the authenticator would >> manage either proxy or server authentication and the user set headers would >> manage server authentication if the authenticator is managing proxy (or vice >> versa). >> >> A CSR will be filed to document this change. >> >> Thanks, >> Michael > > Michael McMahon has updated the pull request incrementally with three > additional commits since the last revision: > > - Update src/java.net.http/share/classes/jdk/internal/net/http/Stream.java > > Co-authored-by: Daniel Jelinski <djelins...@gmail.com> > - Update > src/java.net.http/share/classes/jdk/internal/net/http/AuthenticationFilter.java > > Co-authored-by: Daniel Jelinski <djelins...@gmail.com> > - Update > src/java.net.http/share/classes/jdk/internal/net/http/AuthenticationFilter.java > > Co-authored-by: Daniel Jelinski <djelins...@gmail.com> src/java.net.http/share/classes/java/net/http/HttpClient.java line 418: > 416: * the {@link Authenticator} will not be invoked for the > corresponding > 417: * authentication. > 418: * Reading this makes me wonder if this should be normative, as in part of the spec rather than a note for developers using the API. Has that been discussed? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/21408#discussion_r1798106962
