commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adrian Sutton" <adrian.sut...@ephox.com>
Subject [HttpClient] [prelim-PATCH] NTLM Authentication
Date Tue, 24 Sep 2002 00:29:16 GMT
I have now completed a patch to add NTLM authentication to the latest
version of HttpClient, however there are a couple of issues remaining so it
should considered "beta-patch" at this point and this is really a request
for comment rather than a request for commit.  The issues are:

1. Does not comply with current coding style of HttpClient - particularly in
the new files.
2. Needs improvement to logging
3. Requires the Java Cryptography Extensions

The first two just require me to get around to it, the third I'd like some
comments on.  My preference is to not depend on JCE and to implement DES
encryption ourselves in a standalone form.  To that end I have implemented
the DES encryption through a wrapper file so that it is simple to switch
later if required.  Note that JCE does not work with JRE 1.1 at all and is
an optional add on for 1.2 and 1.3.

I recieved no reply from an email sent to the author of the DES encryption
class I have previously mentioned and two of the author's email addresses
bounced so chance of relicencing it under the Apache License is pretty much
nil at this point.  I have done some more research and found that the MD4
encryption can be avoided by using the Windows 98 version of the protocol
which seems to be more reliable anyway.

Any thoughts, comments or cryptography experts?

The other thing I would like confirmation on is that the integration into
HttpClient (in Authenticator.java) is the best way to do it.  It certainly
seems like it is, but I can't be certain of that since I don't know the
HttpClient code particularly well.

Thanks in advance,

Adrian Sutton, Software Engineer
Ephox Corporation
www.ephox.com

This email and any files transmitted with it are confidential and intended
solely for the use of the individual to whom they are addressed. Opinions
contained in this email do not necessarily reflect the opinions of Ephox
Corporation.
If you have received this email in error please notify the sender
immediately and delete all copies of the correspondence from your computer
and/or computer network. No warranty is given that this message upon its
receipt is virus free and the sender in this respect accepts no liability.

Mime
View raw message