I came across this code, which I am trying to refactor the deprecated usage of DefaultHttpClient to use HttpClientBuilder and trying to replicate the authentication part.
In HttpClientBuilder world I could use preemptive (HttpClientContext.create().setAuthCache(new BasicAuthCache())) or not - setting the credentials provider directly to the builder (httpClientBuilder.setDefaultCredentialsProvider(new BasicCredentialsProvider()))
In here, I don't see this being specified in any way, so I debugged through the httpclient lib, but could not pull out a conclusion for sure. Could you tell me, whether below code is doing a preemptive or a non-preemptive authentication?
(As I had to refactor older http client 3.x code, it was very expressive, since there was the .setAuthenticationPreemptive method, which was telling me clearly, what it was)
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.HttpParams;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.auth.params.AuthParams;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.methods.HttpGet;
...
DefaultHttpClient client = new DefaultHttpClient(new BasicHttpParams());
HttpParams params = client.getParams();
AuthParams.setCredentialCharset(params, "UTF-8");
client.getCredentialsProvider()
.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("login","passwd"));
...
client.execute(new HttpGet("uri"));
Thanks you!
It looks like the simple answer is: above is an example of a non-preemptive authentication.
Why? Because the only place where the preemptive one is setup is during the processing of the
org.apache.http.client.protocol.RequestAuthCacheinterceptor, which looks for the set upAuthCache, which in above case is not set up.