HttpComponents HttpClient
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1344

Userinfo Credentials in URI Should Not Default to Preemptive Authentication

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.2.4
    • Fix Version/s: 4.3 Beta2
    • Component/s: HttpClient
    • Labels:
      None

      Description

      When using a request like new HttpGet("http://user:pass@example.com/") HttpClient will send along Authorization: Basic header with the first request (even if the server uses Digest Access).

      The expected behaviour is for HttpClient to send a request with no user credentials at all, wait for the server to send a 401 response. Then based on the supported auth scheme, send another request with the credentials in a scheme that is supported by the server.

        Activity

        James Leigh created issue -
        Oleg Kalnichevski made changes -
        Field Original Value New Value
        Fix Version/s 4.3 Beta2 [ 12324304 ]
        Oleg Kalnichevski made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Oleg Kalnichevski made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            James Leigh
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development