Re: Clearing the credentials cache in httpclient 4
Dennis Heimbigner d...@unidata.ucar.edu wrote: You might create an object, though, that is both credentials provider and auth cache. This is probably the only solution. But my example still stands, I think. A credentials providers serves up and caches a set of credentials. During the lifetime of that provider, the credentials become out of date. There is no way (other than your proposal to combine AuthCache and credentialsprovider) to get that bad set of credentials out of the providers cache. Of course, there is. Simply update / remove credentials upon status 401 or 407. Oleg -- Sent from my Android device with K-9 Mail. Please excuse my brevity. - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: Clearing the credentials cache in httpclient 4
On Thu, 2014-01-16 at 13:21 -0700, Dennis Heimbigner wrote: As I understand it, in httpclient 4, each credentials provider is solely responsible for caching of credentials. Actually it is AuthCache [1]. The question I have is: when authentication fails using a set of credentials provided by a credentials provider (say because they are out of date), how is the credentials provider notified that those credentials should be purged from the cache? This is done by the default AuthenticationStrategy implementations [2]. Hope this helps Oleg [1] http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/xref/org/apache/http/client/AuthCache.html [2] http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/xref/org/apache/http/impl/client/AuthenticationStrategyImpl.html#229 - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: Clearing the credentials cache in httpclient 4
Oleg Kalnichevski wrote: On Thu, 2014-01-16 at 13:21 -0700, Dennis Heimbigner wrote: As I understand it, in httpclient 4, each credentials provider is solely responsible for caching of credentials. Actually it is AuthCache [1]. That does not seem correct to me. I looked at AuthCache (BasicAuthCache actually) and it never even references a credentials provider. It is caching a map of HttpHost-AuthScheme. So I looked ocurrences of AuthProtocolState.FAILURE and while the AuthCache is invalidated, nowhere that I can find is any corresponding credentials provider be notified. What am I missing? The question I have is: when authentication fails using a set of credentials provided by a credentials provider (say because they are out of date), how is the credentials provider notified that those credentials should be purged from the cache? This is done by the default AuthenticationStrategy implementations [2]. Hope this helps Oleg [1] http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/xref/org/apache/http/client/AuthCache.html [2] http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/xref/org/apache/http/impl/client/AuthenticationStrategyImpl.html#229 - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: Clearing the credentials cache in httpclient 4
On Thu, 2014-01-16 at 15:16 -0700, Dennis Heimbigner wrote: Oleg Kalnichevski wrote: On Thu, 2014-01-16 at 13:21 -0700, Dennis Heimbigner wrote: As I understand it, in httpclient 4, each credentials provider is solely responsible for caching of credentials. Actually it is AuthCache [1]. That does not seem correct to me. I looked at AuthCache (BasicAuthCache actually) and it never even references a credentials provider. It is caching a map of HttpHost-AuthScheme. Why should it? This is what credentials provider is for. The cache contains auth challenges HttpClient can successfully respond to, not user credentials. So I looked ocurrences of AuthProtocolState.FAILURE and while the AuthCache is invalidated, nowhere that I can find is any corresponding credentials provider be notified. I am not entirely sure why it should be notified. There is no definitive way of telling why a particular auth response got rejected (other than parsing the response body). You might create an object, tough, that is both credentials provider and auth cache. Oleg - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: Clearing the credentials cache in httpclient 4
You might create an object, though, that is both credentials provider and auth cache. This is probably the only solution. But my example still stands, I think. A credentials providers serves up and caches a set of credentials. During the lifetime of that provider, the credentials become out of date. There is no way (other than your proposal to combine AuthCache and credentialsprovider) to get that bad set of credentials out of the providers cache. It will be repeatedly invoked and will keep serving up the same bad credentials. Naively, I would have thought this was a problem. In any case, I will use your proposed solution for now. Oleg Kalnichevski wrote: On Thu, 2014-01-16 at 15:16 -0700, Dennis Heimbigner wrote: Oleg Kalnichevski wrote: On Thu, 2014-01-16 at 13:21 -0700, Dennis Heimbigner wrote: As I understand it, in httpclient 4, each credentials provider is solely responsible for caching of credentials. Actually it is AuthCache [1]. That does not seem correct to me. I looked at AuthCache (BasicAuthCache actually) and it never even references a credentials provider. It is caching a map of HttpHost-AuthScheme. Why should it? This is what credentials provider is for. The cache contains auth challenges HttpClient can successfully respond to, not user credentials. So I looked ocurrences of AuthProtocolState.FAILURE and while the AuthCache is invalidated, nowhere that I can find is any corresponding credentials provider be notified. I am not entirely sure why it should be notified. There is no definitive way of telling why a particular auth response got rejected (other than parsing the response body). You might create an object, tough, that is both credentials provider and auth cache. Oleg - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
