[httpclient] How to force use of Authentication header ?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[httpclient] How to force use of Authentication header ?

Nicolas De Loof-3

Hello,

I'm building a web service client (Axis based) that uses
commons-httpclient as transport.
My web service uses HTTP Basic authentication for security.

In current commons-httpclient (3.0-rc3) no Authentication header is set
until the server send an "Authentication Required" response. This has
the side-effect my WS client has to send it's request 2 times to get the
service to work.

Is they're a way to force httpclient to set Authentication header in
every request ?

Nico.

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [httpclient] How to force use of Authentication header ?

olegk
Nicolas,

Please refer to the section on preemptive authentication in the
HttpClient authentication guide:

http://jakarta.apache.org/commons/httpclient/authentication.html#Preemptive%20Authentication

Please note that only BASIC authentication can be (should be) used
preemptively. If you your application requires a more secure
authentication scheme, consider using the so called 'expect-continue'
handshake instead:

http://jakarta.apache.org/commons/httpclient/performance.html#Expect-continue%20handshake

Hope this helps,

Oleg


On Thu, Jul 28, 2005 at 02:53:19PM +0200, Nicolas De Loof wrote:

>
> Hello,
>
> I'm building a web service client (Axis based) that uses
> commons-httpclient as transport.
> My web service uses HTTP Basic authentication for security.
>
> In current commons-httpclient (3.0-rc3) no Authentication header is set
> until the server send an "Authentication Required" response. This has
> the side-effect my WS client has to send it's request 2 times to get the
> service to work.
>
> Is they're a way to force httpclient to set Authentication header in
> every request ?
>
> Nico.
>
> This message contains information that may be privileged or confidential
> and is the property of the Capgemini Group. It is intended only for the
> person to whom it is addressed. If you are not the intended recipient,  you
> are not authorized to read, print, retain, copy, disseminate,  distribute,
> or use this message or any part thereof. If you receive this  message in
> error, please notify the sender immediately and delete all  copies of this
> message.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [httpclient] How to force use of Authentication header ?

Nicolas De Loof-3

I'm using Basic authentication.

The problem is I'm using Axis "CommonsHttpSender" and not directly
commons-http.

The only way I've found to make it work is to extends CommonsHttpSender
and override "getHostConfiguration" protected method to put a hack :

    protected HostConfiguration getHostConfiguration(HttpClient client,
MessageContext context, URL targetURL)
    {
        client.getParams().setAuthenticationPreemptive(true);
        return super.getHostConfiguration(client, context, targetURL);
    }

I was looking for a way to setup 'global' parameters to set this as
defualt. I've tested setting HttpClientParams.PREEMPTIVE_AUTHENTICATION
as a param in HttpConnectionManager, but this has no effect.

Nico.

Oleg Kalnichevski a ?crit :

>Nicolas,
>
>Please refer to the section on preemptive authentication in the
>HttpClient authentication guide:
>
>http://jakarta.apache.org/commons/httpclient/authentication.html#Preemptive%20Authentication
>
>Please note that only BASIC authentication can be (should be) used
>preemptively. If you your application requires a more secure
>authentication scheme, consider using the so called 'expect-continue'
>handshake instead:
>
>http://jakarta.apache.org/commons/httpclient/performance.html#Expect-continue%20handshake
>
>Hope this helps,
>
>Oleg
>
>
>On Thu, Jul 28, 2005 at 02:53:19PM +0200, Nicolas De Loof wrote:
>  
>
>>Hello,
>>
>>I'm building a web service client (Axis based) that uses
>>commons-httpclient as transport.
>>My web service uses HTTP Basic authentication for security.
>>
>>In current commons-httpclient (3.0-rc3) no Authentication header is set
>>until the server send an "Authentication Required" response. This has
>>the side-effect my WS client has to send it's request 2 times to get the
>>service to work.
>>
>>Is they're a way to force httpclient to set Authentication header in
>>every request ?
>>
>>Nico.
>>
>>This message contains information that may be privileged or confidential
>>and is the property of the Capgemini Group. It is intended only for the
>>person to whom it is addressed. If you are not the intended recipient,  you
>>are not authorized to read, print, retain, copy, disseminate,  distribute,
>>or use this message or any part thereof. If you receive this  message in
>>error, please notify the sender immediately and delete all  copies of this
>>message.
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: [hidden email]
>>For additional commands, e-mail: [hidden email]
>>
>>
>>    
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [hidden email]
>For additional commands, e-mail: [hidden email]
>
>  
>

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [httpclient] How to force use of Authentication header ?

olegk
Provide a custom HttpParamsFactory or extends the existing default one:

http://jakarta.apache.org/commons/httpclient/apidocs/org/apache/commons/httpclient/params/DefaultHttpParams.html#setHttpParamsFactory(org.apache.commons.httpclient.params.HttpParamsFactory)

http://jakarta.apache.org/commons/httpclient/apidocs/org/apache/commons/httpclient/params/DefaultHttpParamsFactory.html

and live happily ever after

Oleg


On Thu, Jul 28, 2005 at 04:02:14PM +0200, Nicolas De Loof wrote:

>
> I'm using Basic authentication.
>
> The problem is I'm using Axis "CommonsHttpSender" and not directly
> commons-http.
>
> The only way I've found to make it work is to extends CommonsHttpSender
> and override "getHostConfiguration" protected method to put a hack :
>
>    protected HostConfiguration getHostConfiguration(HttpClient client,
> MessageContext context, URL targetURL)
>    {
>        client.getParams().setAuthenticationPreemptive(true);
>        return super.getHostConfiguration(client, context, targetURL);
>    }
>
> I was looking for a way to setup 'global' parameters to set this as
> defualt. I've tested setting HttpClientParams.PREEMPTIVE_AUTHENTICATION
> as a param in HttpConnectionManager, but this has no effect.
>
> Nico.
>
> Oleg Kalnichevski a ?crit :
>
> >Nicolas,
> >
> >Please refer to the section on preemptive authentication in the
> >HttpClient authentication guide:
> >
> >http://jakarta.apache.org/commons/httpclient/authentication.html#Preemptive%20Authentication
> >
> >Please note that only BASIC authentication can be (should be) used
> >preemptively. If you your application requires a more secure
> >authentication scheme, consider using the so called 'expect-continue'
> >handshake instead:
> >
> >http://jakarta.apache.org/commons/httpclient/performance.html#Expect-continue%20handshake
> >
> >Hope this helps,
> >
> >Oleg
> >
> >
> >On Thu, Jul 28, 2005 at 02:53:19PM +0200, Nicolas De Loof wrote:
> >
> >
> >>Hello,
> >>
> >>I'm building a web service client (Axis based) that uses
> >>commons-httpclient as transport.
> >>My web service uses HTTP Basic authentication for security.
> >>
> >>In current commons-httpclient (3.0-rc3) no Authentication header is set
> >>until the server send an "Authentication Required" response. This has
> >>the side-effect my WS client has to send it's request 2 times to get the
> >>service to work.
> >>
> >>Is they're a way to force httpclient to set Authentication header in
> >>every request ?
> >>
> >>Nico.
> >>
> >>This message contains information that may be privileged or confidential
> >>and is the property of the Capgemini Group. It is intended only for the
> >>person to whom it is addressed. If you are not the intended recipient,  
> >>you are not authorized to read, print, retain, copy, disseminate,  
> >>distribute, or use this message or any part thereof. If you receive this  
> >>message in error, please notify the sender immediately and delete all  
> >>copies of this message.
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: [hidden email]
> >>For additional commands, e-mail: [hidden email]
> >>
> >>
> >>  
> >>
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: [hidden email]
> >For additional commands, e-mail: [hidden email]
> >
> >
> >
>
> This message contains information that may be privileged or confidential
> and is the property of the Capgemini Group. It is intended only for the
> person to whom it is addressed. If you are not the intended recipient,  you
> are not authorized to read, print, retain, copy, disseminate,  distribute,
> or use this message or any part thereof. If you receive this  message in
> error, please notify the sender immediately and delete all  copies of this
> message.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [httpclient] How to force use of Authentication header ?

Nicolas De Loof-3

Works fine, thanks a lot !

Nico.

Oleg Kalnichevski a ?crit :

>Provide a custom HttpParamsFactory or extends the existing default one:
>
>http://jakarta.apache.org/commons/httpclient/apidocs/org/apache/commons/httpclient/params/DefaultHttpParams.html#setHttpParamsFactory(org.apache.commons.httpclient.params.HttpParamsFactory)
>
>http://jakarta.apache.org/commons/httpclient/apidocs/org/apache/commons/httpclient/params/DefaultHttpParamsFactory.html
>
>and live happily ever after
>
>Oleg
>
>
>On Thu, Jul 28, 2005 at 04:02:14PM +0200, Nicolas De Loof wrote:
>  
>
>>I'm using Basic authentication.
>>
>>The problem is I'm using Axis "CommonsHttpSender" and not directly
>>commons-http.
>>
>>The only way I've found to make it work is to extends CommonsHttpSender
>>and override "getHostConfiguration" protected method to put a hack :
>>
>>   protected HostConfiguration getHostConfiguration(HttpClient client,
>>MessageContext context, URL targetURL)
>>   {
>>       client.getParams().setAuthenticationPreemptive(true);
>>       return super.getHostConfiguration(client, context, targetURL);
>>   }
>>
>>I was looking for a way to setup 'global' parameters to set this as
>>defualt. I've tested setting HttpClientParams.PREEMPTIVE_AUTHENTICATION
>>as a param in HttpConnectionManager, but this has no effect.
>>
>>Nico.
>>
>>Oleg Kalnichevski a ?crit :
>>
>>    
>>
>>>Nicolas,
>>>
>>>Please refer to the section on preemptive authentication in the
>>>HttpClient authentication guide:
>>>
>>>http://jakarta.apache.org/commons/httpclient/authentication.html#Preemptive%20Authentication
>>>
>>>Please note that only BASIC authentication can be (should be) used
>>>preemptively. If you your application requires a more secure
>>>authentication scheme, consider using the so called 'expect-continue'
>>>handshake instead:
>>>
>>>http://jakarta.apache.org/commons/httpclient/performance.html#Expect-continue%20handshake
>>>
>>>Hope this helps,
>>>
>>>Oleg
>>>
>>>
>>>On Thu, Jul 28, 2005 at 02:53:19PM +0200, Nicolas De Loof wrote:
>>>
>>>
>>>      
>>>
>>>>Hello,
>>>>
>>>>I'm building a web service client (Axis based) that uses
>>>>commons-httpclient as transport.
>>>>My web service uses HTTP Basic authentication for security.
>>>>
>>>>In current commons-httpclient (3.0-rc3) no Authentication header is set
>>>>until the server send an "Authentication Required" response. This has
>>>>the side-effect my WS client has to send it's request 2 times to get the
>>>>service to work.
>>>>
>>>>Is they're a way to force httpclient to set Authentication header in
>>>>every request ?
>>>>
>>>>Nico.
>>>>
>>>>This message contains information that may be privileged or confidential
>>>>and is the property of the Capgemini Group. It is intended only for the
>>>>person to whom it is addressed. If you are not the intended recipient,  
>>>>you are not authorized to read, print, retain, copy, disseminate,  
>>>>distribute, or use this message or any part thereof. If you receive this  
>>>>message in error, please notify the sender immediately and delete all  
>>>>copies of this message.
>>>>
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: [hidden email]
>>>>For additional commands, e-mail: [hidden email]
>>>>
>>>>
>>>>  
>>>>
>>>>        
>>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: [hidden email]
>>>For additional commands, e-mail: [hidden email]
>>>
>>>
>>>
>>>      
>>>
>>This message contains information that may be privileged or confidential
>>and is the property of the Capgemini Group. It is intended only for the
>>person to whom it is addressed. If you are not the intended recipient,  you
>>are not authorized to read, print, retain, copy, disseminate,  distribute,
>>or use this message or any part thereof. If you receive this  message in
>>error, please notify the sender immediately and delete all  copies of this
>>message.
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: [hidden email]
>>For additional commands, e-mail: [hidden email]
>>
>>
>>    
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [hidden email]
>For additional commands, e-mail: [hidden email]
>
>  
>

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]