What do you mean by "eliminating the authentication overhead"? Does this
mean keeping the already Authenticated header and adding it next time
the URL is being invoked? I am using Apache Tomcat Server to host a
couple of protected URLs. One more Basic and other for Digest. I believe
it does the necessary connection management specified by the HTTP
1.0/1.1. For logging I execute the following before I do anything.
log4j-1.2.8 and commons-logging-1.0.2. I do not any other documentation
for logging. If you have a sample code which enables logging even to a
file, please send that to me. I am using JDK1.4 on Sun Solaris without
any container to run the client. So I do not think it is redirecting
stdout or stderr to somewhere else.
System.setProperty("org.apache.commons.logging.simplelog.defaultlog",
"debug");
System.setProperty("org.apache.commons.logging.Log",
"org.apache.commons.logging.impl.SimpleLog");
System.setProperty("org.apache.commons.logging.simplelog.showdatetime",
"true");
System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire",
"debug");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
"trace");
>>> [EMAIL PROTECTED] 6/10/2003 1:36:57 PM >>>
Zulfi,
Only Basic authentication scheme can be used preemptively. If you want
to eliminate the authentication overhead associated with Digest or NTLM
schemes you have to ensure that the HTTP server keeps connections alive
when possible.
Please get logging to work. That should not be too difficult. Please
note that application servers and servlet engines usually redirect
standard output and standard error. If you are unable to figure out what
is going you might want to use Log4j toolkit that allows greater control
over logging (for instance, you can specify a separate log file for a
specific category of events). We will not be able to help you unless we
can see the logs.
Oleg
-----Original Message-----
From: Zulfi Umrani [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 10, 2003 16:27
To: [EMAIL PROTECTED]
Subject: RE: preemptive
By setting realm as null, the pre-emptive authentication worked! But,
it
sends a Basic Authorization header even if the URL is protected by
Digest! For Digest it is still making 2 trips in order to
authenticate.
Which is fine for the first request, but it repeats the same thing for
the second request as well. Is there a way to tell the state, method
or
client what kind of scheme is desired for pre-emptive authentication.
Sorry, no logs here as log did not work.
>>> [EMAIL PROTECTED] 6/10/2003 3:47:32 AM >>>
Zulfi,
Try setting both realm & host to null. That should do the trick
HttpClient hc = new HttpClient();
HttpState state = hc.getState();
state.setAuthenticationPreemptive(true);
// Set default credentials (realm & host are null)
state.setCredentials(null, null,
new UsernamePasswordCredentials("zulfi", "zulfi"));
Folks,
The present convention for setting a default set of credentials is
utterly confusing and needs to be redesigned in 2.1. I believe we
should
be using HttpState#setCredentials(HttpAuthRealm, Credentials) instead
of
HttpState#setCredentials(String, String, Credentials). We should also
provide a static final class to represent the default set of
credentials:
public static final HttpAuthRealm DEFAULT_AUTH_CREDENTIALS = new
HttpAuthRealm(null, null);
The end user code might look similar to that below
state.setCredentials(DEFAULT_AUTH_CREDENTIALS,
new UsernamePasswordCredentials("zulfi", "zulfi"));
Cheers
Oleg
-----Original Message-----
From: Zulfi Umrani [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 10, 2003 00:44
To: [EMAIL PROTECTED]
Subject: preemptive
Tried to use the Preemptive Authentication feature. Could not get it
to
work. I used the HttpState.setAuthenticationPreemptive(true); to set
the
preemptive authentication ON. It still send the first request without
the Authorization header. Code sample is below. Would like to know,
how
to set up the Pre-emptive Authentication.
package test;
import java.io.*;
import java.net.URL;
import org.apache.commons.httpclient.*;
import org.apache.commons.httpclient.methods.*;
import org.apache.commons.httpclient.auth.*;
import org.apache.commons.httpclient.util.*;
public class JCTest {
public static void main(String[] args) throws Exception {
test0();
test0();
return;
}
public static void test0() throws Exception {
System.out.println("running test0");
String urlstr = "http://localhost:9999/services1/test";;
URL url = new URL(urlstr);
HttpClient hc = new HttpClient();
HttpState state = hc.getState();
state.setAuthenticationPreemptive(true);
state.setCredentials("", url.getHost(),
new UsernamePasswordCredentials("zulfi", "zulfi"));
PostMethod post = new PostMethod(urlstr);
post.setDoAuthentication(true);
post.addRequestHeader("Connection", "Keep-Alive");
post.addRequestHeader("Content-Length", ""+msg.length());
post.addRequestHeader("Content-Type", "text/xml;
charset=utf-8");
InputStream reqis = new ByteArrayInputStream(msg.getBytes());
post.setRequestBody(reqis);
HostConfiguration hconfig = new HostConfiguration();
hconfig.setHost(new URI(urlstr));
hc.executeMethod(hconfig, post);
System.out.println(post.getResponseBodyAsString());
System.out.println();
}
private static String msg = "Text Message";
}
Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
