users@jersey.java.net

[Jersey] Re: Prompting for authentication

From: Scott Palmer <swpalmer_at_gmail.com>
Date: Wed, 13 May 2015 23:39:44 -0400

No, I don't thinks so, not according to the documentation. All it says
about that mode is that the credentials are only sent after first getting a
401 status from the server. instead of sending them all the time. It has
nothing to do with user-interaction. You still need to configure the
HttpAuthenticationFeature up front with the credentials as far as I can
tell. There should be a callback mechanism to provide credentials to the
HttpAuthenticationFeature, but I didn't find any mention of such a thing.

I've currently implemented this with my own ClientRequestFilter that adds
the authorization header from a cache of credentials, and a
reflection-based proxy in my client that intercepts the 401 status,
populates the credentials cache via a callback (where I can present a GUI),
then retries the call. It works, but it is the sort of thing that should
be built-in if you ask me. Instead of configuring the credentials directly
on the HttpAuthenticationFeature you should be able to provide a callback.
That way, in pre-emptive mode, the credentials can be obtained by asking
the user for them on-demand. The HttpAuthenticationFeature should then
cache them for the given authentication realm.

Regards,

Scott

On Wed, May 13, 2015 at 4:55 PM, Libor Kramolis <libor.kramolis_at_oracle.com>
wrote:

> Hello.
>
> I think you are looking for BASIC NON-PREEMPTIVE mode.
>
> Best regards,
> Libor
>
>
> On 13 May 2015, at 19:54, Scott Palmer <swpalmer_at_gmail.com> wrote:
>
> I'm looking for examples of how I can prompt the user of my client
> application to enter credentials only when they are required by the
> server. I'm using Jersey 2.16.
>
> I've looked at the documentation: "5.9.1. Http Authentication Support"
> https://jersey.java.net/nonav/documentation/latest/client.html#d0e5181
>
> But it is all about setting up the credentials ahead of time. That's not
> what I want. The user will be ale to enter a URL, some will need
> credentials and some won't, but until the request is made we don't know. I
> want to prompt for the credentials on demand.
>
> Regards,
>
> Scott
>
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.