Eric, Actually we already have a feature request open for this one http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15297
With new preference architecture in place it should not take much to provide an option to override the RFC mandated authentication scheme selection. I agree it is not right, but such ability appears desirable in some cases. Oleg -----Original Message----- From: Eric Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 15:31 To: Commons HttpClient Project Subject: Re: Make HttpClient pick Basic Auth over NTLM? I'm not sure that HttpClient should do anything different. According to section 4.6 of RFC 2617, "A user agent MUST choose to use the strongest auth- scheme it understands and request credentials from the user based upon that challenge." Since Basic is pretty darn weak, I'd say NTLM wins out every time. Is this a point on which HttpClient should have an option to override the RFC mandated behavior? As somewhat of a fanatic about security, my take is that you should be forced to do the right thing, and if you really want to, the source is there for you to modify. -Eric. anon permutation wrote: > > Hi, > > I am using a proxy server that supports both NTLM and Basic > Authentications. How do I make HttpClient use Basic Auth. instead of > NTLM? I am using 2.0-rc2. Following is my code: > > -------------------------------------------------------------------------------------------------------------------- > > > HttpClient client = new HttpClient(); > HttpMethod method = null; > > client.getState().setProxyCredentials(null, new > UsernamePasswordCredentials("user","passwd")); > > HostConfiguration hc = client.getHostConfiguration(); > hc.setProxy("10.0.0.2", 80); > > method = new GetMethod(url); > client.executeMethod(method); > byte[] responseBody = method.getResponseBody(); > ----------------------------------------------------------------------------------------------------------------- > > > > I am getting this error: > Credentials cannot be used for NTLM authentication > > > Thanks. > > _________________________________________________________________ > Browse styles for all ages, from the latest looks to cozy weekend wear > at MSN Shopping. And check out the beauty products! > http://shopping.msn.com > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
