Hello Jing,
null is the "default realm", where the HttpClient looks if there
are no credentials for the specific realm, or if it doesn't know
the realm because it performs preemptive authentication.
Why the server accepts empty credentials is a different question.
Probably a misconfiguration on the server side.
Did you verify by wire log that the authentication actually takes
place? Maybe the state holds a session cookie from a previous
request and the server does not require authentication for the
following ones. For example, WebSphere Application Server
would behave like that if an LTPA cookie is sent by the client.
hope that helps,
Roland
Jing Chen <[EMAIL PROTECTED]>
03.06.2004 00:06
Please respond to "Commons HttpClient Project"
To: "Commons HttpClient Project (E-mail)"
<[EMAIL PROTECTED]>
cc:
Subject: authenticate problem
I have an application that requires authentication. I user a timer to
schedule a task that will access the same application through httpClient.
I
am surprised to see the following statement did pass the authentication:
client.getState().setCredentials (null,new UsernamePasswordCredentials());
1. Can anybody explain why?
2. I did a little experiement - if I don't call authenticate(), then the
client.executeMethod(new PostMethod(http://myapp.com/myapp)) will fail
becaue no credentials available for realm x at host xxx. However, if I
call
authenticate(), even to authenticate empty credential with null realm, I
get
pass for the next client.executeMethod(...).
Why can I get authenticated on realm x while I only did authentication for
null??
Thanks
Jing
