Summary
Allow java.net.http.HttpClient users to set Authorization/Proxy-Authorization header(s) and use an java.net.Authenticator in the same request.
Problem
Currently, if an Authenticator is set on a HttpClient then this is invoked to handle all authentication requests sent through that client. In particular, it is not possible for the authenticator to only handle proxy authentication but the user application to manually set the headers for server authentication. The library enforces this by removing user set Authorization or Proxy-Authorization headers when an Authenticator is set.
Solution
Remove the restriction where Authorization and Proxy-Authorization headers are removed when an Authenticator is set.
Specification
Following text is added to java.net.http.HttpClient.Builder.authenticator()
/**
* Sets an authenticator to use for HTTP authentication.
*
! * @implNote
! * In the JDK built-in implementation of the {@code HttpClient},
! * if a {@link HttpRequest} has an {@code Authorization} or {@code
! * Proxy-Authorization} header set then its value is used and
! * the {@link Authenticator} is not invoked for the corresponding
! * authentication. In this case, any authentication errors are returned
! * to the user and requests are not automatically retried.
! *
* @param authenticator the Authenticator
* @return this builder
*/
public Builder authenticator(Authenticator authenticator);
- csr of
-
JDK-8326949 Authorization header is removed when a proxy Authenticator is set on HttpClient
-
- Resolved
-