Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1970

HttpClient does not support (non preemptive) digest authentication

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 4.5.6
    • Fix Version/s: None
    • Component/s: HttpClient (classic)
    • Labels:
      None

      Description

      In HttpClient 4.5.6 the preemptive digest authentication works, however non-Preemptive digest authentication does not work.  We found this issue when the HttpClient library was upgraded from 4.4.1 to 4.5.6.  

      As per  rfc2617  https://tools.ietf.org/html/rfc2617#section-3.2.1

      nonce  is a server-specified data string which should be uniquely generated each time a 401 response is made.

      This issue can  be reproduced by commenting out the following two digest authentication override parameters in the preemptive auth example in https://hc.apache.org/httpcomponents-client-4.5.x/httpclient/examples/org/apache/http/examples/client/ClientPreemptiveDigestAuthentication.java

       

      DigestScheme digestAuth = new DigestScheme();
      // Suppose we already know the realm name
      //digestAuth.overrideParamter("realm", "some realm");
      // Suppose we already know the expected nonce value
      //digestAuth.overrideParamter("nonce", "whatever");

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              cistoc Cisto Cyriac
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: