- All Implemented Interfaces:
- org.apache.http.HttpRequestInterceptor
- Enclosing class:
- CloseableHttpComponentsMessageSender
public static class CloseableHttpComponentsMessageSender.PreemptiveAuthInterceptor
extends Object
implements org.apache.http.HttpRequestInterceptor
HttpClient HttpRequestInterceptor
implementation that configures the Apache Http Client
for preemptive authentication. In this mode, the client will send the basic authentication response even before
the server gives an unauthorized response in certain situations. This reduces the overhead of making requests
over authenticated connections.
This behavior conforms to RFC2617: A client MAY preemptively send the corresponding Authorization header with
requests for resources in that space without receipt of another challenge from the server. Similarly, when
a client sends a request to a proxy, it may reuse a userid and password in the Proxy-Authorization header field
without receiving another challenge from the proxy server.
The Apache Http Client does not support preemptive authentication out of the box, because if misused or used
incorrectly the preemptive authentication can lead to significant security issues, such as sending user
credentials in clear text to an unauthorized third party.