On Sun, 29 Sep 2024 16:46:06 GMT, Michael McMahon <micha...@openjdk.org> wrote:
> This fix relaxes the constraints on user set authentication headers. > Currently, any user set authentication headers are filtered out, if the > HttpClient has an Authenticator set. The reason being that the authenticator > is expected to manage authentication. With this fix, it will be possible to > use pre-emptive authentication through user set headers, even if an > authenticator is set. The expected use case is where the authenticator would > manage either proxy or server authentication and the user set headers would > manage server authentication if the authenticator is managing proxy (or vice > versa). > If the pre-emptive authentication fails, then this behavior is disabled on > further retries and it would be up to the authenticator to provide the right > credentials then. > > Thanks, > Michael I agree with Alan that it would be good to document how we use the Authenticator in HttpClient.Builder. In which case this will probably require a CSR, or at least a release note. ------------- PR Comment: https://git.openjdk.org/jdk/pull/21249#issuecomment-2383159993
