[Skunkdav-dev] Questions about Digest auth.
Status: Beta
Brought to you by:
smulloni
From: David S. <ds...@ap...> - 2002-05-07 17:58:09
|
I have been using Brendan's modifications to DAVConnection.java to enable Digest authentication. I was exclusively using Digest and everything was working fine until I started testing with Windows web folders. Most Windows setups seem to ignore the headers requesting Digest authentication and fail completely. It also seems to require the Basic authentication header before the Digest if both are present. Anyone have any updated info what is going on here? So, in order to accommodate all clients I have the server adding both auth headers to the 401 response a) WWW-Authenticate: Basic realm="xxx" b) WWW-Authenticate: Digest realm="xxx", nonce="xxxxxxx", algorithm=MD5, domain="/", qop="auth" But what I just discovered is that SkunkDAV seems to pick the basic authentication and not the more secure Digest. I started trying to understand the HTTPClient package to see if its just using the first one it can. That is my hunch but I am looking for some advice from those of you who are more experienced with the HTTPClient package. One hack I thought about was making a DAVConnection instance boolean specifying if Basic auth was to be allowed. If not allowed the DAVConnection:getAuthorization method would return null for Basic scheme check. Looking for some good advice, -dave |