[
https://issues.apache.org/jira/browse/HTTPCLIENT-872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12751373#action_12751373
]
Oleg Kalnichevski commented on HTTPCLIENT-872:
----------------------------------------------
> need to cache the Authorization header, worthy of a separate JIRA, yeah?
I think it might as easy as just caching AuthScheme instance. This looks like a
related issue to me, but feel free to open a separate JIRA for it.
> With preemptive authentication, do you believe that the "nonce" can be
> pre-seeded? Maybe some servers can be tricked, but that doesn't
> seem like the way the protocol was intended.
It is certainly feasible, though a bad idea from the security standpoint.
However, some people did express interest in having such a possibility.
Anyways, reusing the "nonce" between requests within a session does seem
reasonable.
Oleg
> Add preemptive authentication
> -----------------------------
>
> Key: HTTPCLIENT-872
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-872
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpAuth
> Affects Versions: 4.0 Final
> Reporter: Gerald Turner
> Priority: Trivial
> Attachments: PreemptiveAuth.patch
>
>
> Wishlist request for preemptive authentication to be included in the API,
> like HttpClient 3.x had. There is an example
> ClientPreemptiveBasicAuthentication.java that uses HttpRequestInterceptor
> which I had adapted to my application and it works fine.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
