commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Dever" <jdev...@nortelnetworks.com>
Subject RE: [HttpClient] NTLM Authentication (heading for a patch)
Date Fri, 20 Sep 2002 19:49:15 GMT

Could somone here experienced with licenses have a look at this?  Or should
we ask on the general list?

> -----Original Message-----
> From: Adrian Sutton [mailto:adrian.sutton@ephox.com]
> Sent: Thursday, September 19, 2002 6:59 PM
> To: 'Jakarta Commons Developers List'
> Subject: [HttpClient] NTLM Authentication (heading for a patch)
> 
> 
> Hello all,
> 
> My quest for NTLM Authentication in HttpClient (and thence 
> into the WebDAV
> client of Slide) has begun in full swing.  I now have a class which
> correctly produces the two messages that need to be sent by 
> the server and
> should be able to correctly parse the response from the 
> server.  In short,
> it's NTLM authentication without anything to handle a connection.
> 
> I have a couple of issues though which are based around legalities and
> licences and would like to get opinions from more experienced 
> people and
> perhaps some alternatives if required.  NTLM uses both DES 
> (ECB, no padding)
> and MD4 encription for which I have found existing 
> implementations in Java
> under licenses that my company seems to be able to use, but 
> which may not be
> able to be integrated into HttpClient.  I have been unable to 
> get Sun's DES
> implementation (from the JCE) to correctly encrypt the 
> string, plus it adds
> a dependency that I'd like to avoid (the JCE, which is slow 
> to load and not
> available in a default install before 1.4).  For server side 
> code (like what
> Jakarta focusses on) getting the JCE to work is probably the 
> best option,
> but I happen to be developing an Applet so it's annoying to 
> have to add so
> much extra download.
> 
> Opinions on the best way to go about this and on the compatibility of
> licenses would be appreciated.
> 
> The DES code was taken out of the JCIFS project 
> (http://jcifs.samba.org/)
> which is GPL and thus obviously incompatible.  However the 
> following license
> is included at the top of the source code file that I need:
> 
> // DesCipher - the DES encryption method
> //
> // The meat of this code is by Dave Zimmerman 
> <dzimm@widget.com>, and is:
> //
> // Copyright (c) 1996 Widget Workshop, Inc. All Rights Reserved.
> //
> // Permission to use, copy, modify, and distribute this software
> // and its documentation for NON-COMMERCIAL or COMMERCIAL purposes and
> // without fee is hereby granted, provided that this 
> copyright notice is
> kept
> // intact.
> //
> // WIDGET WORKSHOP MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE
> SUITABILITY
> // OF THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT 
> NOT LIMITED
> // TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
> // PARTICULAR PURPOSE, OR NON-INFRINGEMENT. WIDGET WORKSHOP 
> SHALL NOT BE
> LIABLE
> // FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, 
> MODIFYING OR
> // DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES.
> //
> // THIS SOFTWARE IS NOT DESIGNED OR INTENDED FOR USE OR 
> RESALE AS ON-LINE
> // CONTROL EQUIPMENT IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE
> // PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR 
> FACILITIES, AIRCRAFT
> // NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, 
> DIRECT LIFE
> // SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF THE
> // SOFTWARE COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY, OR SEVERE
> // PHYSICAL OR ENVIRONMENTAL DAMAGE ("HIGH RISK ACTIVITIES").  WIDGET
> WORKSHOP
> // SPECIFICALLY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY OF 
> FITNESS FOR
> // HIGH RISK ACTIVITIES.
> //
> //
> // The rest is:
> //
> // Copyright (C) 1996 by Jef Poskanzer <jef@acme.com>.  All 
> rights reserved.
> //
> // Copyright (C) 1996 by Wolfgang Platzer
> // email: wplatzer@iaik.tu-graz.ac.at
> //
> // All rights reserved.
> //
> // Redistribution and use in source and binary forms, with or without
> // modification, are permitted provided that the following conditions
> // are met:
> // 1. Redistributions of source code must retain the above copyright
> //    notice, this list of conditions and the following disclaimer.
> // 2. Redistributions in binary form must reproduce the above 
> copyright
> //    notice, this list of conditions and the following 
> disclaimer in the
> //    documentation and/or other materials provided with the 
> distribution.
> //
> // THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS 
> ``AS IS'' AND
> // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
> LIMITED TO, THE
> // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
> PURPOSE
> // ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR 
> CONTRIBUTORS BE LIABLE
> // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
> CONSEQUENTIAL
> // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
> SUBSTITUTE GOODS
> // OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
> INTERRUPTION)
> // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
> STRICT
> // LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
> ARISING IN ANY WAY
> // OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
> POSSIBILITY OF
> // SUCH DAMAGE.
> //
> 
> For the MD4 the license is:
> 
> Copyright (c) 2000 The Legion Of The Bouncy Castle
> (http://www.bouncycastle.org)
> 
> Permission is hereby granted, free of charge, to any person 
> obtaining a copy
> of this software and associated documentation files (the 
> "Software"), to
> deal in the Software without restriction, including without 
> limitation the
> rights to use, copy, modify, merge, publish, distribute, 
> sublicense, and/or
> sell copies of the Software, and to permit persons to whom 
> the Software is
> furnished to do so, subject to the following conditions:
> 
> The above copyright notice and this permission notice shall 
> be included in
> all copies or substantial portions of the Software.
> 
> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY 
> KIND, EXPRESS OR
> IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 
> MERCHANTABILITY,
> FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO 
> EVENT SHALL THE
> AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
> LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 
> OTHERWISE, ARISING
> FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 
> OTHER DEALINGS
> IN THE SOFTWARE.
> 
> Any lawyers around?  Any other options?
> 
> Adrian Sutton, Software Engineer
> Ephox Corporation
> www.ephox.com
> 
> This email and any files transmitted with it are confidential 
> and intended
> solely for the use of the individual to whom they are 
> addressed. Opinions
> contained in this email do not necessarily reflect the 
> opinions of Ephox
> Corporation.
> If you have received this email in error please notify the sender
> immediately and delete all copies of the correspondence from 
> your computer
> and/or computer network. No warranty is given that this 
> message upon its
> receipt is virus free and the sender in this respect accepts 
> no liability.
> 
> 
> --
> To unsubscribe, e-mail:   
> <mailto:commons-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: 
> <mailto:commons-dev-help@jakarta.apache.org>
> 
> 

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message