DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18355>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18355

HttpState cannot differentiate credentials for different hosts with same Realm names





------- Additional Comments From [EMAIL PROTECTED]  2003-03-31 08:25 -------
Oleg,
Were you working on this or should I take a look at it?  I already have some 
code for this that could be fairly easily updated to the current HttpClient.

One question that remains for me is what the new search order should be.  The 
two most obvious answers to me are:

1. Expect to always get a realm and a host or null for both and just provide 
backwards compatibility for setting just the realm.  The search order would 
then be:
a. realm & host
b. realm
c. null

2. Provide maximum flexibility.  I'd imagine the search order to then be:
a. realm & host
b. host
c. realm
d. null
Though the order of searching for host and realm is quite arbitrary, I've 
generally found that people know what host they are connecting to better than 
they know the realm.  Also, there is the security consideration of sending the 
credentials to the wrong host.  I don't have any particular preference for the 
order though.

Sorry if I missed part of the discussion of this on-list.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to