jgit/jgit at 7cc1a52c66077e8b46c10f77ebc8219333a56858 - jgit

motiejus

jgit

History

Thomas Wolf 58f4e6e7f8 TransportHttp: support preemptive Basic authentication If the caller knows already HTTP Basic authentication will be needed and if it also already has the username and password, preemptive authentication is a little bit more efficient since it avoids the initial 401 response. Add a setPreemptiveBasicAuthentication(username, password) method to TransportHttp. Client code could call this for instance in a TransportConfigCallback. The method throws an IllegalStateException if it is called after an HTTP request has already been made. Additionally, a URI can include userinfo. Although it is not recommended to put passwords in URIs, JGit's URIish and also the Java URL and URI classes still allow it. The underlying HTTP connection may omit these fields though. If present, take these fields as additional source for preemptive Basic authentication if setPreemptiveBasicAuthentication() has not been called. No preemptive authentication will be done if the connection is redirected to a different host. Add tests. Bug: 541327 Change-Id: Id00b975e56a15b532de96f7bbce48106d992a22b Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>	2021-01-14 16:23:45 +01:00
..
http	TransportHttp: support preemptive Basic authentication	2021-01-14 16:23:45 +01:00
transport/http/apache	Update EDL 1.0 license headers to new short SPDX compliant format	2020-01-04 01:10:05 +01:00

Thomas Wolf 58f4e6e7f8 TransportHttp: support preemptive Basic authentication

If the caller knows already HTTP Basic authentication will be needed
and if it also already has the username and password, preemptive
authentication is a little bit more efficient since it avoids the
initial 401 response.

Add a setPreemptiveBasicAuthentication(username, password) method
to TransportHttp. Client code could call this for instance in a
TransportConfigCallback. The method throws an IllegalStateException
if it is called after an HTTP request has already been made.

Additionally, a URI can include userinfo. Although it is not
recommended to put passwords in URIs, JGit's URIish and also the
Java URL and URI classes still allow it. The underlying HTTP
connection may omit these fields though. If present, take these
fields as additional source for preemptive Basic authentication if
setPreemptiveBasicAuthentication() has not been called.

No preemptive authentication will be done if the connection is
redirected to a different host.

Add tests.

Bug: 541327
Change-Id: Id00b975e56a15b532de96f7bbce48106d992a22b
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

2021-01-14 16:23:45 +01:00

http

TransportHttp: support preemptive Basic authentication

2021-01-14 16:23:45 +01:00

transport/http/apache

Update EDL 1.0 license headers to new short SPDX compliant format

2020-01-04 01:10:05 +01:00