Am 2015-04-07 um 14:05 schrieb Oleg Kalnichevski:
On Tue, 2015-04-07 at 13:23 +0200, Michael Osipov wrote:
...
Oh, Holy Mother. WWW-Authenticate in a 200 response? Really?
Absolutely, it can happen on any response code, at least 2xx and 3xx
because HTTP is crappy for that.
...
I fear that this is not enough because it does not suffice to process
the challenge but after that AuthScheme#authenticate must be called to
continue the context. If you say that #processChallange takes in tokens
from the server and #authenticate responds to the server, I have to
rethink about my code/approach. All current schemes are structured the
way I have written the new code.
HTTP auth is defined as challenge / response based by RFC 2617. Even
NTLM respects that. SPNEGO managed to outperform NTLM in terms of
craziness.
This is something I cannot change. Is the previous code snippet a final
solution for now or do you see better way to do this?
Is HttpAuthenticator the only class I need to change?
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
