Roland Weber wrote:
Hello Eric,
it's a question of interpretation, isn't it? If we provide an option to
prefer
Basic auth over NTLM, we violate the RFC. If we provide an option to
*disable* NTLM in certain cases, HttpClient would no longer understand
it, and has to select Basic following the
Hello,
try client.getState().setAuthenticationPreemptive(true);
I'm not sure whether HTTP Client evaluates this flag for
proxy and target server, or just for the target server. In
the first case, it should have the desired effect.
My guess is that when HTTP Client has the choice
between Basic
I'm not sure that HttpClient should do anything different.
According to section 4.6 of RFC 2617, A user agent MUST choose to use
the strongest auth- scheme it understands and request credentials from
the user based upon that challenge.
Since Basic is pretty darn weak, I'd say NTLM wins out
,
but such ability appears desirable in some cases.
Oleg
-Original Message-
From: Eric Johnson [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 15:31
To: Commons HttpClient Project
Subject: Re: Make HttpClient pick Basic Auth over NTLM?
I'm not sure that HttpClient should do
:-)
cheers,
Roland
Eric Johnson [EMAIL PROTECTED]
04.12.2003 15:31
Please respond to Commons HttpClient Project
To: Commons HttpClient Project
[EMAIL PROTECTED]
cc:
Subject:Re: Make HttpClient pick Basic Auth over NTLM?
I'm not sure that HttpClient should