RFR: 8326949: Authorization header is removed when a proxy Authenticator is set on HttpClient [v5]
Michael McMahon
michaelm at openjdk.org
Mon Oct 14 15:13:13 UTC 2024
On Mon, 14 Oct 2024 12:27:39 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> src/java.net.http/share/classes/java/net/http/HttpClient.java line 418:
>>
>>> 416: * the {@link Authenticator} will not be invoked for the corresponding
>>> 417: * authentication.
>>> 418: *
>>
>> Reading this makes me wonder if this should be normative, as in part of the spec rather than a note for developers using the API. Has that been discussed?
>
> When to use the Authenticator (or not) is typically implementation dependent. We should have documented how our implementation used the authenticator when the API was added in JDK 11. I am not sure we should make this text normative, but if you believe we should I will not object. Do you think we should?
Would it be better as an implNote then? I guess it's possible that other implementations of the API might not behave this way.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21408#discussion_r1799697312
More information about the net-dev
mailing list