ffang commented on code in PR #3255:
URL: https://github.com/apache/cxf/pull/3255#discussion_r3520006390


##########
rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduit.java:
##########
@@ -553,6 +556,26 @@ public Credentials getCredentials(final AuthScope 
authscope, HttpContext context
             };
 
             ctx.setCredentialsProvider(credsProvider);
+            if (proxyAuthorizationPolicy != null && 
proxyAuthorizationPolicy.getUserName() != null) {
+                // We only support BasicAuth
+                ctx.setAuthCache(new AuthCache() {

Review Comment:
   Hi @reta ,
   
   This is promising, if  I read it correctly, the ISE ("AuthScheme is null") 
occurs because when HC5 processes a 407, it transitions the auth exchange to 
CHALLENGED state but leaves authScheme null (auth scheme selection hasn't 
happened yet). When a second 407 arrives, it finds authScheme == null and 
asserts.
   
   If the AuthCache is pre-populated with the proxy's auth scheme (e.g., 
BasicScheme for Basic realm), HC5 knows upfront which scheme to use for proxy 
auth. The auth exchange initializes with a non-null authScheme, so the 
Asserts.notNull(authScheme, "AuthScheme") check in 
AuthenticationHandler.handleResponse() never fires. The ISE is avoided entirely.
   
   Thanks for it!
   Freeman



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to