On Wed, 11 Jun 2025 10:27:05 GMT, p-nima <d...@openjdk.org> wrote:

>> @Michael-Mc-Mahon Is my interpretation above correct?
>
> @dfuch As per my understanding, the current changes do reflect the correct 
> behaviour, as when the request comes in it first goes through the 
> authenticator. If the authentication fails we need to consider this failure 
> in no of retries. (as the client should not try to get the credentials again) 
> @Michael-Mc-Mahon if you could please provide some additional context on this 
> and if my interpretation is correct.

There is a difference between the number of attempts and the number of retries. 
One attempt means no retry; two attempts mean one retry. Maybe the confusion 
partly comes from this sentence:

> jdk.httpclient.auth.retrylimit (default: 3)
> The number of attempts the Basic authentication filter will attempt to retry 
> a failed authentication.

1. what is a failed authentication? Is it when you receive 401/407, or is it 
when you receive 401/407 *after* having provided credential?
2. There are two many "attempts" in the sentence above. One of them should be 
removed.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/25490#discussion_r2139871586

Reply via email to