RFR: 8340182: Java HttpClient does not follow default retry limit of 3 retries [v4]

Daniel Fuchs dfuchs at openjdk.org
Wed Jun 11 11:16:30 UTC 2025


On Wed, 11 Jun 2025 10:27:05 GMT, p-nima <duke at openjdk.org> wrote:

>> @Michael-Mc-Mahon Is my interpretation above correct?
>
> @dfuch As per my understanding, the current changes do reflect the correct behaviour, as when the request comes in it first goes through the authenticator. If the authentication fails we need to consider this failure in no of retries. (as the client should not try to get the credentials again) 
> @Michael-Mc-Mahon if you could please provide some additional context on this and if my interpretation is correct.

There is a difference between the number of attempts and the number of retries. One attempt means no retry; two attempts mean one retry. Maybe the confusion partly comes from this sentence:

> jdk.httpclient.auth.retrylimit (default: 3)
> The number of attempts the Basic authentication filter will attempt to retry a failed authentication.

1. what is a failed authentication? Is it when you receive 401/407, or is it when you receive 401/407 *after* having provided credential?
2. There are two many "attempts" in the sentence above. One of them should be removed.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/25490#discussion_r2139871586


More information about the net-dev mailing list