Integrated: 8326949: Authorization header is removed when a proxy Authenticator is set on HttpClient
Michael McMahon
michaelm at openjdk.org
Tue Oct 22 14:12:23 UTC 2024
On Tue, 8 Oct 2024 14:03:07 GMT, Michael McMahon <michaelm at openjdk.org> wrote:
> Hi,
>
> I closed https://github.com/openjdk/jdk/pull/21249 and am continuing the review on this PR.
>
> This fix relaxes the constraints on user set authentication headers. Currently, any user set authentication headers are filtered out, if the HttpClient has an Authenticator set. The reason being that the authenticator is expected to manage authentication. With this fix, it will be possible to use pre-emptive authentication through user set headers, even if an authenticator is set. The expected use case is where the authenticator would manage either proxy or server authentication and the user set headers would manage server authentication if the authenticator is managing proxy (or vice versa).
>
> A CSR will be filed to document this change.
>
> Thanks,
> Michael
This pull request has now been integrated.
Changeset: 01b681c8
Author: Michael McMahon <michaelm at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/01b681c80d5f7c76013ab6274b9f4a3dcf2f4c39
Stats: 801 lines in 9 files changed: 589 ins; 203 del; 9 mod
8326949: Authorization header is removed when a proxy Authenticator is set on HttpClient
Reviewed-by: dfuchs, jpai, djelinski
-------------
PR: https://git.openjdk.org/jdk/pull/21408
More information about the net-dev
mailing list