RFR: 8326949: Authorization header is removed when a proxy Authenticator is set on HttpClient [v7]
Michael McMahon
michaelm at openjdk.org
Thu Oct 17 10:00:15 UTC 2024
On Wed, 16 Oct 2024 14:32:29 GMT, Michael McMahon <michaelm at openjdk.org> wrote:
>> test/jdk/java/net/httpclient/UserAuthWithAuthenticator.java line 150:
>>
>>> 148: HttpResponse<String> resp = client.send(req, HttpResponse.BodyHandlers.ofString());
>>> 149: if (useHeader) {
>>> 150: assertTrue(h.authValue() == null, "Expected user set header to be set");
>>
>> authValue is null if the handler was never called; is that what we want to check here?
>
> That doesn't look right. I will check that.
So, initially I thought the problem here was that the request needed to be retried and when using a manually set Authorization header, retries do not happen automatically (Question: should this be documented in the implNote? I think it probably should be).
Then I realised that was **not** the problem because the Authorization is being provided pre-emptively and no retry is necessary. The actual issue was that the manually set Authorization header was malformed and was missing the "Basic" scheme prefix.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21408#discussion_r1804473689
More information about the net-dev
mailing list