[
https://issues.apache.org/jira/browse/HTTPCLIENT-1970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16777581#comment-16777581
]
Julian Reschke commented on HTTPCLIENT-1970:
--------------------------------------------
FWFW, RFC 2617 is irrelevant. Digest auth nowadays is defined in RFC 7616.
> HttpClient does not support (non preemptive) digest authentication
> -------------------------------------------------------------------
>
> Key: HTTPCLIENT-1970
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1970
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.6
> Reporter: Cisto Cyriac
> Priority: Major
>
> In HttpClient 4.5.6 the preemptive digest authentication works, however
> non-Preemptive digest authentication does not work. We found this issue when
> the HttpClient library was upgraded from 4.4.1 to 4.5.6.
> As per rfc2617 https://tools.ietf.org/html/rfc2617#section-3.2.1
> nonce is a server-specified data string which should be uniquely generated
> each time a 401 response is made.
> This issue can be reproduced by commenting out the following two digest
> authentication override parameters in the preemptive auth example in
> https://hc.apache.org/httpcomponents-client-4.5.x/httpclient/examples/org/apache/http/examples/client/ClientPreemptiveDigestAuthentication.java
>
> DigestScheme digestAuth = new DigestScheme();
> // Suppose we already know the realm name
> //digestAuth.overrideParamter("realm", "some realm");
> // Suppose we already know the expected nonce value
> //digestAuth.overrideParamter("nonce", "whatever");
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
