Version: 9.4.5.v20170502 |
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development
Jetty’s HTTP client supports the "Basic" and "Digest" authentication mechanisms defined by RFC 7235.
You can configure authentication credentials in the HTTP client instance as follows:
URI uri = new URI("http://domain.com/secure");
String realm = "MyRealm";
String user = "username";
String pass = "password";
// Add authentication credentials
AuthenticationStore auth = httpClient.getAuthenticationStore();
auth.addAuthentication(new BasicAuthentication(uri, realm, user, pass));
ContentResponse response = httpClient
.newRequest(uri)
.send()
.get(5, TimeUnit.SECONDS);
Jetty’s HTTP client tests authentication credentials against the challenge(s) the server issues, and if they match it automatically sends the right authentication headers to the server for authentication. If the authentication is successful, it caches the result and reuses it for subsequent requests for the same domain and matching URIs.
The HTTP conversation for a successful match is the following:
Application HttpClient Server | | | |--- GET ---|------------ GET ----------->| | | | | |<-- 401 + WWW-Authenticate --| | | | | |--- GET + Authentication --->| | | | |<-- 200 ---|------------ 200 ------------|
The application does not receive events related to the response with code 401, they are handled internally by HttpClient
which produces a request similar to the original but with the correct Authorization
header, and then relays the response with code 200 to the application.
Successful authentications are cached, but it is possible to clear them in order to force authentication again:
httpClient.getAuthenticationStore().clearAuthenticationResults();
Authentications may be preempted to avoid the additional roundtrip due to the server challenge in this way:
AuthenticationStore auth = httpClient.getAuthenticationStore();
URI uri = URI.create("http://domain.com/secure");
auth.addAuthenticationResult(new BasicAuthentication.BasicResult(uri, "username", "password"));
In this way, the original request is enriched by HttpClient
immediately with the Authorization
header, and the server should respond with a 200 and the resource content rather than with the 401 and the challenge.
See also the proxy authentication section for further information about how authentication works with HTTP proxies.