Apache HTTP BasicScheme.authenticate deprecated?

Question

In Apache HTTP Component 4 class org.apache.http.impl.auth.BasicScheme I noticed that the method:

public static Header authenticate(
            final Credentials credentials,
            final String charset,
            final boolean proxy)

Is deprecated with the following information:

/**
 * Returns a basic <tt>Authorization</tt> header value for the given
 * {@link Credentials} and charset.
 *
 * @param credentials The credentials to encode.
 * @param charset The charset to use for encoding the credentials
 *
 * @return a basic authorization header
 *
 * @deprecated (4.3) use {@link #authenticate(Credentials, HttpRequest, HttpContext)}.
 */
@Deprecated

However, I see no document explaining how to migrate from the deprated function to the new function. Although the deprecated function works, I would rather do things the "right" way. Here is how I am using the deprecated function:

UsernamePasswordCredentials creds = new UsernamePasswordCredentials("admin", "admin");
URI uriLogin = URI.create("http://localhost:8161/hawtio/auth/login/");
HttpPost hpLogin = new HttpPost(uriLogin);
hpLogin.setHeader(BasicScheme.authenticate(creds, "US-ASCII", false));

How could I take this same concept and apply it to the "right" method for BasicScheme.authenticate?

score 6 · Answer 1 · answered May 28 '16 at 00:48

complementing oleg's answer, here's an example replacement that worked in my needs.

Notice the need to go from a static call to an object instance.

UsernamePasswordCredentials creds = new UsernamePasswordCredentials("admin", "admin");
URI uriLogin = URI.create("http://localhost:8161/hawtio/auth/login/");
HttpPost hpPost = new HttpPost(uriLogin);
Header header = new BasicScheme(StandardCharsets.UTF_8).authenticate(creds , hpPost, null);
hpPost.addHeader( header);

score 5 · Answer 2 · answered Nov 07 '13 at 17:17

5

To me the deprecation notice looks pretty clear about as to what method should be used instead. You should be using #authenticate method that also takes an instance of HttpContext as a parameter. In case of BASIC the context can be null. More complex schemes may need to get access to additional context attributes in order to be able to generate an authentication request.

answered Nov 07 '13 at 17:17

ok2c

26,450
5
63
71

What do I use as the HttpRequest parameter though? – E.S. Nov 07 '13 at 21:46
@Eric S: You are obviously generating an authentication token for a particular request, aren't you? So, you are supposed to pass that request to the #authenticate method. BASIC scheme does not make any use of it, but other schemes such as DIGEST do – ok2c Nov 08 '13 at 09:10

Apache HTTP BasicScheme.authenticate deprecated?

2 Answers2

Linked