Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
The HttpUnit API for webclient says that “Will only send the authorization header when challenged for the specified realm.” What does challenged mean in this case? How does HttpUnit recognize a challenge?
This refers to the way HTTP Authentication works:
When accessing a protected URL (for the first time, with no credentials included in the request), the server will send back a response that has a status code of
401 Unauthorizedand aWWW-Authenticateheader set to something likeBasic realm="My Realm". This indicates that Basic authentication is needed for the given URL and the realm is named ‘My Realm’. This is the challenge – the user agent is being informed by the server that the URL it tried to access requires authentication and it should send back the user credentials. The user agent will typically prompt the user for credentials and then retry the request, this time with aAuthorizationheader set to something likeBasic rXflcjMwYXxzwhere the second part is the Base64 encoded username and password pair.In case of the HttpUnit method you’ve linked to, you’ll see that it requires a realm, username and password. I imagine that when the a URL is accessed, if it gets back a 401 (the challenge) from the server, it’ll compare the realm you passed it with the realm in the response; if it matches, it’ll attempt to authenticate with the username and password supplied.
References: