Hello David, we kind of tried the same approach with OpenCard. It wasn't funny and never really worked satisfactory. Don't do it in the Http Client.
Instead of using a modified HttpState that interacts with the user, just disable automatic authentication. Then, the application will get the 401/407 response code, has full access to all headers, can determine the type of authentication, and present a suitable user interface. Then explicitly repeat the request with the authentication information. regards, Roland [EMAIL PROTECTED] 29.09.2003 18:54 Please respond to "Commons HttpClient Project" To: [EMAIL PROTECTED] cc: Subject: Prompting user for authentication? I've been working with HttpClient for the past few days and have it just about working to my liking. I must say I really like how it's designed! However there's one bit that still bugs me...authentication of proxy and web servers (response codes 401 and 407). Basically, what I'd like to do is prompt the user for the username/password when I get this response. What I've done for the moment is to subclass HttpState and override getCredentials and getProxyCredentials such that they prompt the user for the username and password if I don't already have credentials defined for the realm/host combination. This seems to work just fine except for NTLM authentication. This is because getCredentials doesn't know what scheme is being used when the request is made. So I don't know if I should display a text field for domain or not. I also don't know if I should be creating UsernamePasswordCredentials or NTCredentials. So my question is this: Is there a better way to go about this? Is there something that could be added to HttpClient to support what I want to do? Perhaps an interface AuthorizationPrompter (or whatever) that can be registered with one of the library classes? (HttpClient? HttpState?) Or perhaps something I could subclass and override? Thanks! David CONFIDENTIALITY NOTICE This electronic mail transmission and any accompanying documents contain information belonging to the sender ("Information") that may be confidential and legally privileged. If you are not the intended recipient, any disclosure, copying,distribution or action taken in reliance on the Information is strictly prohibited. If you have received the Information in error,please contact the sender by reply email and destroy all copies of the original email. Thank you. ²