(axis-axis2-java-core) 02/05: AXIS2-6055 Restore preemptive Basic Auth support for HttpClient 5

Mon, 20 Apr 2026 13:34:12 -0700 

This is an automated email from the ASF dual-hosted git repository.

robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-core.git

commit bfd03e4f1fec2943ae92aeb68970abc0af3c3b9b
Author: Robert Lazarski <[email protected]>
AuthorDate: Sun Apr 19 21:32:48 2026 -1000

    AXIS2-6055 Restore preemptive Basic Auth support for HttpClient 5
    
    The migration from HttpClient 4 to HttpClient 5 in Axis2 1.8 left a
    TODO for preemptive authentication — getPreemptiveAuthentication()
    was never checked, so credentials were only sent after a 401 challenge.
    This broke users who relied on preemptive auth in Axis2 1.7.
    
    When preemptiveAuthentication is true, set the Authorization header
    directly on the request using java.util.Base64 (available since Java 8).
    This bypasses the challenge/response flow, matching Axis2 1.7 behavior.
---
 .../axis2/transport/http/impl/httpclient5/RequestImpl.java       | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git 
a/modules/transport/http/src/main/java/org/apache/axis2/transport/http/impl/httpclient5/RequestImpl.java
 
b/modules/transport/http/src/main/java/org/apache/axis2/transport/http/impl/httpclient5/RequestImpl.java
index e3ed47fcfb..f81d8abb80 100644
--- 
a/modules/transport/http/src/main/java/org/apache/axis2/transport/http/impl/httpclient5/RequestImpl.java
+++ 
b/modules/transport/http/src/main/java/org/apache/axis2/transport/http/impl/httpclient5/RequestImpl.java
@@ -336,6 +336,15 @@ final class RequestImpl implements Request {
             }
         }
         
+        // AXIS2-6055: Preemptive authentication — send credentials on the 
first
+        // request without waiting for a 401 challenge. This was supported in
+        // Axis2 1.7 (HC 4) but the TODO was never implemented for HC 5.
+        if (authenticator.getPreemptiveAuthentication() && username != null && 
password != null) {
+            String credentials = username + ":" + password;
+            String encoded = 
java.util.Base64.getEncoder().encodeToString(credentials.getBytes(java.nio.charset.StandardCharsets.UTF_8));
+            httpRequestMethod.setHeader("Authorization", "Basic " + encoded);
+        }
+
         /* Customizing the priority Order */
         List schemes = authenticator.getAuthSchemes();
         if (schemes != null && schemes.size() > 0) {

Reply via email to