Bug in WMS HTTP Basic Authentication?

Started by opoto, August 09, 2017, 09:43:08 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

opoto

Hello

I configured a WMS map provider which requires HTTP Basic Authentication. I entered my username and password in OruxMaps WMS config, and it works but very slowly. I analyzed the HTTP traffic and noticed the following weird behavior:



- The initial OruxMaps request to the WMS server does not contain the required Authorization header

- Because of this the server answers with a 401 Unauthorized response

- OruxMaps resends the same request including the Authorization header this time (computed with my username & password)

- A 200 OK response is then properly returned by the WMS server, with the requested tile



As a consequence each tile requires 2 HTTP round trips, which partly explains the slowness of the map loading.

Why doesn't OruxMaps send the Authorization header in the initial request? Can this be added?



Thanks

orux

#1
Quote from: "opoto"Hello

I configured a WMS map provider which requires HTTP Basic Authentication. I entered my username and password in OruxMaps WMS config, and it works but very slowly. I analyzed the HTTP traffic and noticed the following weird behavior:



- The initial OruxMaps request to the WMS server does not contain the required Authorization header

- Because of this the server answers with a 401 Unauthorized response

- OruxMaps resends the same request including the Authorization header this time (computed with my username & password)

- A 200 OK response is then properly returned by the WMS server, with the requested tile



As a consequence each tile requires 2 HTTP round trips, which partly explains the slowness of the map loading.

Why doesn't OruxMaps send the Authorization header in the initial request? Can this be added?



Thanks


Hello,



it seems that it is the normal behaviour of the framework:

https://stackoverflow.com/questions/9539141/httpclient-sends-out-two-requests-when-using-basic-auth">//https://stackoverflow.com/questions/9539141/httpclient-sends-out-two-requests-when-using-basic-auth

I will see if there are other options...





orux

opoto

#2
The problem probably lies in that you're creating an execution context (AuthState object) for each tile request. If you reuse this object, I guess it will not only send the auth header directly (starting from the second tile), but also probably reuse some resources such as the tcp connection, and even the ssl session. This would probably have significant performance benefit.

Thanks