Created JERSEY-2864 - HttpAuthenticationFeature should have a callback
mechanism to get credentials <
https://java.net/jira/browse/JERSEY-2864>
(My code is in a commercial product and I don't have permission to share
it.)
Scott
On Thu, May 14, 2015 at 3:04 AM, Libor Kramolis <libor.kramolis_at_oracle.com>
wrote:
> OK. You can contribute your solution to Jersey. The easiest way is to
> create JIRA <https://java.net/jira/browse/JERSEY> enhancement and share
> your solution via Gist <https://gist.github.com/>. Much precise is to
> create Pull request <https://jersey.java.net/contribute.html>.
>
> Thanks,
> Libor
>
>
> On 14 May 2015, at 05:39, Scott Palmer <swpalmer_at_gmail.com> wrote:
>
> No, I don't thinks so, not according to the documentation. All it says
> about that mode is that the credentials are only sent after first getting a
> 401 status from the server. instead of sending them all the time. It has
> nothing to do with user-interaction. You still need to configure the
> HttpAuthenticationFeature up front with the credentials as far as I can
> tell. There should be a callback mechanism to provide credentials to the
> HttpAuthenticationFeature, but I didn't find any mention of such a thing.
>
> I've currently implemented this with my own ClientRequestFilter that adds
> the authorization header from a cache of credentials, and a
> reflection-based proxy in my client that intercepts the 401 status,
> populates the credentials cache via a callback (where I can present a GUI),
> then retries the call. It works, but it is the sort of thing that should
> be built-in if you ask me. Instead of configuring the credentials directly
> on the HttpAuthenticationFeature you should be able to provide a callback.
> That way, in pre-emptive mode, the credentials can be obtained by asking
> the user for them on-demand. The HttpAuthenticationFeature should then
> cache them for the given authentication realm.
>
> Regards,
>
> Scott
>
> On Wed, May 13, 2015 at 4:55 PM, Libor Kramolis <libor.kramolis_at_oracle.com
> > wrote:
>
>> Hello.
>>
>> I think you are looking for BASIC NON-PREEMPTIVE mode.
>>
>> Best regards,
>> Libor
>>
>>
>> On 13 May 2015, at 19:54, Scott Palmer <swpalmer_at_gmail.com> wrote:
>>
>> I'm looking for examples of how I can prompt the user of my client
>> application to enter credentials only when they are required by the
>> server. I'm using Jersey 2.16.
>>
>> I've looked at the documentation: "5.9.1. Http Authentication Support"
>> https://jersey.java.net/nonav/documentation/latest/client.html#d0e5181
>>
>> But it is all about setting up the credentials ahead of time. That's not
>> what I want. The user will be ale to enter a URL, some will need
>> credentials and some won't, but until the request is made we don't know. I
>> want to prompt for the credentials on demand.
>>
>> Regards,
>>
>> Scott
>>
>>
>>
>
>