I'm using httpclient (4.3.3) in my application with SPNEGO/Kerberos Auth and everything works well when a GET is the first request to a remote host. This is consistent with http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#spnegowhich only discusses SPNEGO with GET.
I run into problems in my application if POST is the first request; there are a couple of different given the SPNEGO negotiation. What I've done is address this at the application level: if a POST is being requested, I first generate a GET in order to trigger the SPNEGO negotiation, then send the POST. There are a couple of downsides to this approach, though: 1) It's inefficient because I send the GET each time a POST request is made, not once per connection. 2) I have to change the application code everywhere httpclient requests are made Anyone have a suggestion for how to address this? I was thinking of implementing by own HttpClientConnectionManager that overrides "connect" and sends the GET after the connection is established. That way I address 1) because I only send the GET once per connection and 2) I can get rid of the changes in my application code and just use normal HttpClients. Thoughts?