CODEWITHSUNDEEP
javahttppostbasic-authenticationapache-httpcomponents
E.S.
E.S.

Reputation: 2841

Apache HTTP BasicScheme.authenticate deprecated?

In Apache HTTP Component 4 class org.apache.http.impl.auth.BasicScheme I noticed that the method:

public static Header authenticate(
            final Credentials credentials,
            final String charset,
            final boolean proxy)

Is deprecated with the following information: 

/**
 * Returns a basic <tt>Authorization</tt> header value for the given
 * {@link Credentials} and charset.
 *
 * @param credentials The credentials to encode.
 * @param charset The charset to use for encoding the credentials
 *
 * @return a basic authorization header
 *
 * @deprecated (4.3) use {@link #authenticate(Credentials, HttpRequest, HttpContext)}.
 */
@Deprecated

However, I see no document explaining how to migrate from the deprated function to the new function. Although the deprecated function works, I would rather do things the "right" way. Here is how I am using the deprecated function:

UsernamePasswordCredentials creds = new UsernamePasswordCredentials("admin", "admin");
URI uriLogin = URI.create("http://localhost:8161/hawtio/auth/login/");
HttpPost hpLogin = new HttpPost(uriLogin);
hpLogin.setHeader(BasicScheme.authenticate(creds, "US-ASCII", false));

How could I take this same concept and apply it to the "right" method for BasicScheme.authenticate?

Upvotes: 10

Views: 6146

Answers (2)

Matt S.
Matt S.

Reputation: 898

complementing oleg's answer, here's an example replacement that worked in my needs.

Notice the need to go from a static call to an object instance.

UsernamePasswordCredentials creds = new UsernamePasswordCredentials("admin", "admin");
URI uriLogin = URI.create("http://localhost:8161/hawtio/auth/login/");
HttpPost hpPost = new HttpPost(uriLogin);
Header header = new BasicScheme(StandardCharsets.UTF_8).authenticate(creds , hpPost, null);
hpPost.addHeader( header);

Upvotes: 7

ok2c
ok2c

Reputation: 27593

To me the deprecation notice looks pretty clear about as to what method should be used instead. You should be using #authenticate method that also takes an instance of HttpContext as a parameter. In case of BASIC the context can be null. More complex schemes may need to get access to additional context attributes in order to be able to generate an authentication request.

Upvotes: 5

Related Questions