Re: [External] : Re: java.net.http.HttpClient do NOT support Digest authentication while HttpURLConnection do
Hi, Thanks for the pointers. > Just to mention a few: > https://urldefense.com/v3/__https://www.baeldung.com/java-9-http-client__;!!ACWV5N9M2RV99hQ!MbomkSmr-rXolK88z_JdINs3IEG8MTH_B7DHDq6wYgUeJQvZNGT7Iwb3yFswd57S1l85R53Yo_zq8zIvWdw$ > https://urldefense.com/v3/__https://developer.ibm.com/tutorials/java-theory-and-practice-3/__;!!ACWV5N9M2RV99hQ!MbomkSmr-rXolK88z_JdINs3IEG8MTH_B7DHDq6wYgUeJQvZNGT7Iwb3yFswd57S1l85R53Yo_zqgE8E3ik$ "An Authenticator is an object that negotiates credentials (HTTP authentication) for a connection. It provides different authentication schemes (such as basic or digest authentication)." I believe that's a misunderstanding: you will notice that the text talks about the Authenticator - not the HttpClient. But I do agree that this text is misleading (even WRT Authenticator). HttpURLConnection does support digest authentication out of the box. It was a choice we made to not support any authentication scheme out of the box, except Basic, in the new API. As I said Digest can be easily implemented at the application level if you need it, by handling the 401/407 responses at the application level. best regards, -- daniel
Re: java.net.http.HttpClient do NOT support Digest authentication while HttpURLConnection do
Hi, Just to mention a few: https://www.baeldung.com/java-9-http-client https://developer.ibm.com/tutorials/java-theory-and-practice-3/ Also from this issue also assume it's support: https://bugs.openjdk.java.net/browse/JDK-8138990 and this issue also contains a reference to: http://hg.openjdk.java.net/jdk9/dev/jdk/file/4204dbf90380/src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java which makes assume it IS already implemented and as I wrote HttpURLConnection also support it. That's why I suppose just should have to in add it to HttpClient. IMHO it's still a big barrier to use HttpClient instead of the other 3th party http client implementations: https://www.mocklab.io/blog/which-java-http-client-should-i-use-in-2020/ as a quote from: https://medium.com/@kir.maxim/lesson-i-have-learned-from-using-jdk11-http-client-2cf990daba03 "JDK11 HTTP client supports only basic authentication scheme. From my point of view, this will block users from migrating their code to use the new library." What's more even you wrote "It can be easily implemented at the application level" there is not ANY such public implementation... Probably it has reasons... Regards. Levente "Si vis pacem para bellum!" On 2022. 04. 29. 11:34, Daniel Fuchs wrote: Hi, java.net.http.HttpClient only supports Basic authentication out of the box. Which tutorials are claiming that Digest authentication is supported? Can you send some links? At the moment there is no plan to support digest authentication out of the box. It can be easily implemented at the application level on top of the existing APIs, by *not* registering an authenticator with the client and dealing with 401/407 response from the application code. best regards, -- daniel On 28/04/2022 23:40, Farkas Levente wrote: Hi, Even though many tutorial said that the new java.net.http.HttpClient support Digest authentication it's not true: https://github.com/openjdk/jdk/blob/master/src/java.net.http/share/classes/jdk/internal/net/http/AuthenticationFilter.java#L278 But at the same time HttpURLConnection support it through the simple: --- Authenticator.setDefault(new Authenticator() { @Override protected PasswordAuthentication getPasswordAuthentication() { return new PasswordAuthentication ( "username", "password".toCharArray() ); } }); --- Is it a bug or you don't even plan to support it with HttpClient? Regards.
Re: java.net.http.HttpClient do NOT support Digest authentication while HttpURLConnection do
Hi, java.net.http.HttpClient only supports Basic authentication out of the box. Which tutorials are claiming that Digest authentication is supported? Can you send some links? At the moment there is no plan to support digest authentication out of the box. It can be easily implemented at the application level on top of the existing APIs, by *not* registering an authenticator with the client and dealing with 401/407 response from the application code. best regards, -- daniel On 28/04/2022 23:40, Farkas Levente wrote: Hi, Even though many tutorial said that the new java.net.http.HttpClient support Digest authentication it's not true: https://github.com/openjdk/jdk/blob/master/src/java.net.http/share/classes/jdk/internal/net/http/AuthenticationFilter.java#L278 But at the same time HttpURLConnection support it through the simple: --- Authenticator.setDefault(new Authenticator() { @Override protected PasswordAuthentication getPasswordAuthentication() { return new PasswordAuthentication ( "username", "password".toCharArray() ); } }); --- Is it a bug or you don't even plan to support it with HttpClient? Regards.
java.net.http.HttpClient do NOT support Digest authentication while HttpURLConnection do
Hi, Even though many tutorial said that the new java.net.http.HttpClient support Digest authentication it's not true: https://github.com/openjdk/jdk/blob/master/src/java.net.http/share/classes/jdk/internal/net/http/AuthenticationFilter.java#L278 But at the same time HttpURLConnection support it through the simple: --- Authenticator.setDefault(new Authenticator() { @Override protected PasswordAuthentication getPasswordAuthentication() { return new PasswordAuthentication ( "username", "password".toCharArray() ); } }); --- Is it a bug or you don't even plan to support it with HttpClient? Regards. -- Levente "Si vis pacem para bellum!"