commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adrian Sutton" <adrian.sut...@ephox.com>
Subject RE: [HttpClient] [prelim-PATCH] NTLM Authentication
Date Tue, 24 Sep 2002 23:03:44 GMT
>NTLM support is targeted as a HttpClient 2.1 feature on the bug you raised:
>http://issues.apache.org/bugzilla/show_bug.cgi?id=10851
>
>There has not been a "feature freeze" for 2.0 yet, so we're still open to
adding
>this earlier.  There was also the idea for adding "plugable authentication"
>modules for just this purpose as well.  You obviously have need for NTLM,
so I'm
>OK with moving this up, with a few caveats:

My original intent was to wait for plugable authentication modules however
the schedule pressures that I'm under decreed that it had to be done now.  I
figure that I may as well do it in a way that can easily be incorporated
back into HttpClient so that others can gain some use out of it as well.  To
do that though I need to run it past the experts here on the list as this is
my first modifications to HttpClient or in fact any Jakarta project.  Thanks
for your help.

It would be excellent if this could make the 2.0 release, particularly so if
that release were to happen before our product has to ship.  Regardless, we
use only a small subset of the HttpClient functionality so we'd be happy
with using a CVS version and putting it through our testing proceedures as
we're yet to find any issues with the current CVS builds.

>1) Using the JCE is preferable to a seperate DES class.  It must only be
>required at runtime if the NTLM auth code is actually executed (similar to
how
>https works currently)

Okay, I will fold the DES stuff into the main NTLM class and ensure it is
not needlessly required.

>2) Testing for this is going to be difficult.  A nice complete JUnit test
suite
>is going to be necessisary

Agreed.  I'll base these off of the tests for the other authentication
methods.

>3) Need assurance that all code (particularly NTLM.java) is free to be
licenced
>under the Apache software license.

I can provide that assurance now since we will be using the JCE for
encryption.

>BTW: Integration into Authenticator looks like the logical, minimal
approach.
>"Pluggable authentication modules" can just be left as a future
enhancement.

Good to hear.  Thanks for your assistance Jeff, you (and many others) are
doing an sensational job around here.

Yours,

Adrian Sutton, Software Engineer
Ephox Corporation
www.ephox.com


This email and any files transmitted with it are confidential and intended
solely for the use of the individual to whom they are addressed. Opinions
contained in this email do not necessarily reflect the opinions of Ephox
Corporation.
If you have received this email in error please notify the sender
immediately and delete all copies of the correspondence from your computer
and/or computer network. No warranty is given that this message upon its
receipt is virus free and the sender in this respect accepts no liability.


--
To unsubscribe, e-mail:   <mailto:commons-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:commons-dev-help@jakarta.apache.org>


Mime
View raw message