On Sun, 29 Sep 2024 16:46:06 GMT, Michael McMahon <micha...@openjdk.org> wrote:
> This fix relaxes the constraints on user set authentication headers. > Currently, any user set authentication headers are filtered out, if the > HttpClient has an Authenticator set. The reason being that the authenticator > is expected to manage authentication. With this fix, it will be possible to > use pre-emptive authentication through user set headers, even if an > authenticator is set. The expected use case is where the authenticator would > manage either proxy or server authentication and the user set headers would > manage server authentication if the authenticator is managing proxy (or vice > versa). > If the pre-emptive authentication fails, then this behavior is disabled on > further retries and it would be up to the authenticator to provide the right > credentials then. > > Thanks, > Michael src/java.net.http/share/classes/jdk/internal/net/http/common/Utils.java line 233: > 231: > 232: || req.tryUserSetAuthorization(); > 233: */ Shouldn't this commented code be removed? test/jdk/java/net/httpclient/UserAuthWithAuthenticator.java line 212: > 210: > 211: public String baseURL() { > 212: return "http://127.0.0.1:" + getPort(); Should use `URIBuilder` here to deal with possible IPv6-only envs ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/21249#discussion_r1781095329 PR Review Comment: https://git.openjdk.org/jdk/pull/21249#discussion_r1781099321