[jira] [Commented] (HTTPCLIENT-1129) Redirect and Kerberos authentication in conflict

[Oleg Kalnichevski (Commented) (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13125208#comment-13125208
 ] 

Oleg Kalnichevski commented on HTTPCLIENT-1129:
-----------------------------------------------

Harald

I found a bug that caused incorrect handling of the auth state on redirects and 
also added more debug logs. Could you please get the latest SVN snapshot and 
try one more time?

Oleg 
                
> Redirect and Kerberos authentication in conflict
> ------------------------------------------------
>
>                 Key: HTTPCLIENT-1129
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1129
>             Project: HttpComponents HttpClient
>          Issue Type: Wish
>          Components: HttpClient
>    Affects Versions: 4.1.2
>            Reporter: Harald Kirsch
>         Attachments: HTTPCLIENT-1129-fix-take1.patch, customAuthScheme.log, 
> examples.txt, log-r1178262.txt, log-with-fix-take1.txt, 
> logFrom401Example.txt, this_also_works.log, this_works.log, 
> wiresharkFrom401.txt
>
>
> We are using the HttpClient to connect to a Website that uses 
> Kerberos-Authentication.
> Beware this trigger word: Kerberos! I think this is *not* the problem, but 
> please read on.
> Here is the sequence of events:
> Client: GET /
> Server: Unauthorized.
> Client: GET / and includes authentication.
> Server: 302 to /something on the same host (this shows that in principle 
> authentication works)
> Client: GET /something,  does not include authentication
> Server: Unauthorized
> Client quits with 401-Unauthorized.
> I would have expected one of the following instead:
> 1) Client immediately sends authorization information with the redirected GET 
> /something
> 2) Client re-requests the /something with authorization after 
> 401-Unauthorized.
> We could get around the problem by setting the ConnectionReuseStrategy to a 
> constant false.
> It would be great if someone could tell me if HttpClient works as expected or 
> whether there is a bug or misconfiguration lurking.
> Thanks,
> Harald.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org