You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Cisto Cyriac (JIRA)" <ji...@apache.org> on 2019/02/25 19:44:00 UTC
[jira] [Created] (HTTPCLIENT-1970) HttpClient does not support (non
preemptive) digest authentication
Cisto Cyriac created HTTPCLIENT-1970:
----------------------------------------
Summary: HttpClient does not support (non preemptive) digest authentication
Key: HTTPCLIENT-1970
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1970
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient (classic)
Affects Versions: 4.5.6
Reporter: Cisto Cyriac
In HttpClient 4.5.6 the preemptive digest authentication works, however non-Preemptive digest authentication does not work. We found this issue when the HttpClient library was upgraded from 4.4.1 to 4.5.6.
As per rfc2617 https://tools.ietf.org/html/rfc2617#section-3.2.1
nonce is a server-specified data string which should be uniquely generated each time a 401 response is made.
This issue can be reproduced by commenting out the following two digest authentication override parameters in the preemptive auth example in https://hc.apache.org/httpcomponents-client-4.5.x/httpclient/examples/org/apache/http/examples/client/ClientPreemptiveDigestAuthentication.java
DigestScheme digestAuth = new DigestScheme();
// Suppose we already know the realm name
//digestAuth.overrideParamter("realm", "some realm");
// Suppose we already know the expected nonce value
//digestAuth.overrideParamter("nonce", "whatever");
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org