[jira] Commented: (CXF-430) HTTPConduit support for non-preemptive Basic Auth

["Polar Humenn (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/CXF-430?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12523332 ] 

Polar Humenn commented on CXF-430:
----------------------------------



Hey Dan,

Wow, I thought we took care of that a long time ago. I guess this was just 
a bookkeeping thing.  How's the release going?

Cheers,
-Polar

-------------------------------------------------------------------
Polar Humenn                  Adiron, LLC
mailto:polar@adiron.com       2-212 CST
Phone: 315-278-1648           Syracuse, NY 13244-4100
Fax:   315-443-4745           http://www.adiron.com


> HTTPConduit support for non-preemptive Basic Auth
> -------------------------------------------------
>
>                 Key: CXF-430
>                 URL: https://issues.apache.org/jira/browse/CXF-430
>             Project: CXF
>          Issue Type: New Feature
>          Components: Transports
>            Reporter: Eoghan Glynn
>            Assignee: Eoghan Glynn
>             Fix For: 2.0.1
>
>
> The current client-side support for HTTP Basic authorization is just a place-holder, with the following short-comings:
> - credentials are only passed pre-emptively, i.e. in advance of an actual 401 challenge
> - the AuthorizationPolicy only allows a single username and password to be configured, without any reference to a particular realm or targetURI
> - there is no specific handling of 401 challenges, or attempt to trasparently resend
> - this are no hooks to allow the client application participate in the trust evaluation before handing out the username/password

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.