Re: java.net.http.HttpClient do NOT support Digest authentication while HttpURLConnection do

Fri, 29 Apr 2022 02:50:05 -0700 

Hi,

Just to mention a few:
https://www.baeldung.com/java-9-http-client
https://developer.ibm.com/tutorials/java-theory-and-practice-3/

Also from this issue also assume it's support:
https://bugs.openjdk.java.net/browse/JDK-8138990
and this issue also contains a reference to:
http://hg.openjdk.java.net/jdk9/dev/jdk/file/4204dbf90380/src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
which makes assume it IS already implemented and as I wrote HttpURLConnection also support it. 

That's why I suppose just should have to in add it to HttpClient.
IMHO it's still a big barrier to use HttpClient instead of the other 3th party http client implementations: 
https://www.mocklab.io/blog/which-java-http-client-should-i-use-in-2020/

as a quote from:
https://medium.com/@kir.maxim/lesson-i-have-learned-from-using-jdk11-http-client-2cf990daba03
"JDK11 HTTP client supports only basic authentication scheme. From my point of view, this will block users from migrating their code to use the new library." 

What's more even you wrote
"It can be easily implemented at the application level"
there is not ANY such public implementation...
Probably it has reasons...

Regards.


Levente                               "Si vis pacem para bellum!"

On 2022. 04. 29. 11:34, Daniel Fuchs wrote:

Hi,

java.net.http.HttpClient only supports Basic authentication out
of the box.

Which tutorials are claiming that Digest authentication is supported?
Can you send some links?

At the moment there is no plan to support digest authentication out of
the box. It can be easily implemented at the application level on top
of the existing APIs, by *not* registering an authenticator with
the client and dealing with 401/407 response from the application code.

best regards,

-- daniel

On 28/04/2022 23:40, Farkas Levente wrote:

Hi,

Even though many tutorial said that the new java.net.http.HttpClient
support Digest authentication it's not true:
https://github.com/openjdk/jdk/blob/master/src/java.net.http/share/classes/jdk/internal/net/http/AuthenticationFilter.java#L278 
But at the same time HttpURLConnection support it through the simple:
-------------------------------
Authenticator.setDefault(new Authenticator() {
     @Override
     protected PasswordAuthentication getPasswordAuthentication() {

         return new PasswordAuthentication (
             "username",
             "password".toCharArray()
         );
     }
});
-------------------------------
Is it a bug or you don't even plan to support it with HttpClient?
Regards.

Reply via email to