[HttpClient] Method to determine required credential type

[Adrian Sutton <ad...@ephox.com>]

HttpClient has the ability to use different Credential classes for different
authentication schemes (and is required for NTLM), however there is
currently no way to find out which class is required when authenticating
without pulling out the WWW-Authenticate header and parsing it.

Would people agree to adding a method that returns the Class required for
authentication?  I'd suggest it should go into HttpState since that's where
the credentials are set.  It would have the following cases:

No authentication required (because a request hasn't yet been made or
because there was no 401 response): return null.

Basic or Digest: return UsernamePasswordCredentials.class

NTLM authentication: return NTCredentials.class

Unsupported authentication scheme: null

Others to be added as more authentication schemes are added.  This
functionality will be essential when pluggable authentication modules comes
in but would be useful even now.  I can get to work coding this if the idea
is worthwhile (and I haven't missed something in the current docs).

Adrian Sutton, Software Engineer
Ephox Corporation
www.ephox.com

This email and any files transmitted with it are confidential and intended
solely for the use of the individual to whom they are addressed. Opinions
contained in this email do not necessarily reflect the opinions of Ephox
Corporation.
If you have received this email in error please notify the sender
immediately and delete all copies of the correspondence from your computer
and/or computer network. No warranty is given that this message upon its
receipt is virus free and the sender in this respect accepts no liability.



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: [HttpClient] Method to determine required credential type

[Jeff Dever <js...@sympatico.ca>]

Is there a case for returning a class object, as opposed to just returning
"Basic", "Digest" or "NTLM" (or null).


Adrian Sutton wrote:

> HttpClient has the ability to use different Credential classes for different
> authentication schemes (and is required for NTLM), however there is
> currently no way to find out which class is required when authenticating
> without pulling out the WWW-Authenticate header and parsing it.
>
> Would people agree to adding a method that returns the Class required for
> authentication?  I'd suggest it should go into HttpState since that's where
> the credentials are set.  It would have the following cases:
>
> No authentication required (because a request hasn't yet been made or
> because there was no 401 response): return null.
>
> Basic or Digest: return UsernamePasswordCredentials.class
>
> NTLM authentication: return NTCredentials.class
>
> Unsupported authentication scheme: null
>
> Others to be added as more authentication schemes are added.  This
> functionality will be essential when pluggable authentication modules comes
> in but would be useful even now.  I can get to work coding this if the idea
> is worthwhile (and I haven't missed something in the current docs).


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: [HttpClient] Method to determine required credential type

[Ortwin Glück <or...@nose.ch>]

Adrian Sutton wrote:
> No authentication required (because a request hasn't yet been made or
> because there was no 401 response): return null.
> 
> Basic or Digest: return UsernamePasswordCredentials.class
> 
> NTLM authentication: return NTCredentials.class
> 
> Unsupported authentication scheme: null

I'd rather throw an Exception if the scheme is not supported. Otherwise 
there is no way of distinguishing "Unsupported auth" and "No auth required".


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>