[
https://issues.apache.org/jira/browse/IVY-1280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16403355#comment-16403355
]
Gintas Grigelionis commented on IVY-1280:
-----------------------------------------
AFAICS, preemptive authentication picks a certain scheme in advance. That must
be clearly documented. It is possible to use it with both Basic [1] and Digest
[2] schemes (not NTLM or SPNEGO, though, since they're more complex and involve
challenge-response). The question is then: whether the flag should be boolean
or a string containing a scheme name. As for unit tests, those can be added.
[1] https://tools.ietf.org/html/rfc7616
[2]https://tools.ietf.org/html/rfc7617
> Ivy does not keep track of HTTP session when BASIC authentication is used
> -------------------------------------------------------------------------
>
> Key: IVY-1280
> URL: https://issues.apache.org/jira/browse/IVY-1280
> Project: Ivy
> Issue Type: Improvement
> Components: Core
> Affects Versions: 2.2.0
> Environment: Any
> Reporter: Anders Jacobsson
> Priority: Minor
>
> When publishing through <ant:publish>, each PUT request towards the URL
> resolver (Artifactory, protected with BASIC authentication) seems to be
> duplicated, the first request without any authorization header and the second
> one with. This creates unnecessary network traffic and increases build time.
> Ivy should keep track of any established HTTP session and reuse that one,
> i.e. only the very first request is duplicated.
> I am using Commons HttpClient.
> An alternative would be to expose preemptive authentication so that it is
> configurable. It is less secure but still useful as it would probably mostly
> be used for internal resolvers.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
