On Sun, 29 Sep 2024 16:46:06 GMT, Michael McMahon <micha...@openjdk.org> wrote:

> This fix relaxes the constraints on user set authentication headers. 
> Currently, any user set authentication headers are filtered out, if the 
> HttpClient has an Authenticator set. The reason being that the authenticator 
> is expected to manage authentication.  With this fix, it will be possible to 
> use pre-emptive authentication through user set headers, even if an 
> authenticator is set. The expected use case is where the authenticator would 
> manage either proxy or server authentication and the user set headers would 
> manage server authentication if the authenticator is managing proxy (or vice 
> versa).
> If the pre-emptive authentication fails, then this behavior is disabled on 
> further retries and it would be up to the authenticator to provide the right 
> credentials then.
> 
> Thanks,
> Michael

src/java.net.http/share/classes/jdk/internal/net/http/common/Utils.java line 
233:

> 231: 
> 232:             || req.tryUserSetAuthorization();
> 233: */

Shouldn't this commented code be removed?

test/jdk/java/net/httpclient/UserAuthWithAuthenticator.java line 212:

> 210: 
> 211:         public String baseURL() {
> 212:             return "http://127.0.0.1:"; + getPort();

Should use `URIBuilder` here to deal with possible IPv6-only envs

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/21249#discussion_r1781095329
PR Review Comment: https://git.openjdk.org/jdk/pull/21249#discussion_r1781099321

Reply via email to