Index: authentication.xml =================================================================== RCS file: /home/cvspublic/jakarta-commons/httpclient/xdocs/authentication.xml,v retrieving revision 1.5.2.3 diff -u -r1.5.2.3 authentication.xml --- authentication.xml 21 Aug 2003 16:07:31 -0000 1.5.2.3 +++ authentication.xml 25 May 2004 22:01:23 -0000 @@ -6,6 +6,7 @@
setCredentials(String realm,
- Credentials cred) and getCredentials(String realm)
- methods.
+ String host, Credentials cred) and getCredentials(String realm,
+ String host) methods.
Note: To set default Credentials for any realm that has not been
explicitly specified, pass in null as the value of
@@ -41,7 +42,24 @@
To enable preemptive authentication by default for all newly created +
Preemtive authentication mode also requires default Credentials to be set + for the target or proxy host against which preemptive authentication is to be + attempted. Failure to provide default credentials will render the preemptive + authentication mode ineffective.
+ +Use preemptive authentication mode with caution, as one should also take into + consideration security implications of preemptive authentication. In the preemptive + authentication mode HttpClient will send the default to ANY realm or host an HTTP + method is executed against. Security sensitive applications should avoid using + the preemptive authentication when executing HTTP methods against an arbitrary or + non-trusted security realm or host.
+ +To enable preemptive authentication by default for all newly created HttpState's, a system property can be set, as shown below.
There is an example +
There is an example of basic authentication available in the - example directory in CVS. + example directory in CVS.