On Wed, 11 Jun 2025 10:27:05 GMT, p-nima <d...@openjdk.org> wrote: >> @Michael-Mc-Mahon Is my interpretation above correct? > > @dfuch As per my understanding, the current changes do reflect the correct > behaviour, as when the request comes in it first goes through the > authenticator. If the authentication fails we need to consider this failure > in no of retries. (as the client should not try to get the credentials again) > @Michael-Mc-Mahon if you could please provide some additional context on this > and if my interpretation is correct.
There is a difference between the number of attempts and the number of retries. One attempt means no retry; two attempts mean one retry. Maybe the confusion partly comes from this sentence: > jdk.httpclient.auth.retrylimit (default: 3) > The number of attempts the Basic authentication filter will attempt to retry > a failed authentication. 1. what is a failed authentication? Is it when you receive 401/407, or is it when you receive 401/407 *after* having provided credential? 2. There are two many "attempts" in the sentence above. One of them should be removed. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/25490#discussion_r2139871586