hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From micha...@apache.org
Subject svn commit: r1666748 - /httpcomponents/httpclient/branches/HTTPCLIENT-1625/documentation.adoc
Date Sat, 14 Mar 2015 21:19:54 GMT
Author: michaelo
Date: Sat Mar 14 21:19:54 2015
New Revision: 1666748

URL: http://svn.apache.org/r1666748
Log:
Added concrete design ideas

Modified:
    httpcomponents/httpclient/branches/HTTPCLIENT-1625/documentation.adoc

Modified: httpcomponents/httpclient/branches/HTTPCLIENT-1625/documentation.adoc
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/HTTPCLIENT-1625/documentation.adoc?rev=1666748&r1=1666747&r2=1666748&view=diff
==============================================================================
--- httpcomponents/httpclient/branches/HTTPCLIENT-1625/documentation.adoc (original)
+++ httpcomponents/httpclient/branches/HTTPCLIENT-1625/documentation.adoc Sat Mar 14 21:19:54
2015
@@ -7,8 +7,9 @@ Michael Osipov <michaelo@apache.org>
 :linkcss:
 :homepage: http://people.apache.org/~michaelo/issues/HTTPCLIENT-1625/
 
-This documents tracks the design goals of the completele redesign the GSS-based authentication
in
-HttpClient. Namely, implementation decisions, known issues, awkward stuff, test environments,
etc.
+This documents tracks the design goals of the link:https://issues.apache.org/jira/browse/HTTPCLIENT-1625
+[complete redesign of the GSS-based authentication in HttpClient]. Namely, implementation
decisions,
+known issues, awkward stuff, testing, etc.
 
 Implementation Decisions
 ------------------------
@@ -17,10 +18,53 @@ handling, logging.
 
 Interface Implementations
 ~~~~~~~~~~~~~~~~~~~~~~~~~
-* AuthSchemeBase implements ContextAwareAuthScheme:
-* AuthSchemeProvider:
-* Credentials
-* `UserTokenHandler`: 
+
+* `AuthSchemeProvider`: merely a factory for creating `AuthScheme` instances. Implemenation
will be
+  `GssBasedSchemeProvider`. It will take in one argument, the OID string of the desired authentication
+  mechanism or simply the `AuthScheme` name.
+* `AuthSchemeBase` (implements `ContextAwareAuthScheme`): the implementation `GSSBasedScheme`
will
+  take in one argument, the OID string of the desired authentication mechanism or simply
the `AuthScheme`.
+  It will internally maintain a stateful GSSContext for the authentication against a target
or a proxy.
+  Since the implementation itself does not know when it will be nulled and garbage collected,
it will
+  maintain its state internally and release the GSSContext immediately upon successful completion
+  or the first failure. This implemenation will **not** be threadsafe.
+* `Credentials`: this will be GSSBasedCredentials and will take in a GSSCredential. Useful
if not
+  the default GSSCredential will be used. It is also necessary to create a GSSPrincipal class
which
+  will wrap the GSSName from the credential.
+* `UserTokenHandler`: TBD
+
+Exception Handling
+~~~~~~~~~~~~~~~~~~
+TBD
+
+Logging
+~~~~~~~
+TBD
+
+Open Issues
+-----------
+TBD
+
+Testing
+-------
+Testing is comprised of two sections: unit tests and integration tests.
+
+Unit Tests
+~~~~~~~~~~
+It has to determined how one can reasonably mock GSS objects to test the new implementations.
+
+Integration Tests
+~~~~~~~~~~~~~~~~~~~
+Integeration tests will be performed in a corporate environment with the following setup:
+* Client OS: Windows 7, RHEL 6, FreeBSD 9.x, HP-UX 11.31
+* Java runtime: 1.6 and 1.7 from Oracle, OpenJDK and HP
+* Target servers: Microsoft ForeFront TMG (HTTP proxy) (SSPI), Apache 2.2.x with
+  link:https://github.com/michael-o/mod_spnego[`mod_spnego`] (MIT Kerberos) and link:http://tomcatspnegoad.sourceforge.net/[Tomcat
Authnz SPNEGO AD] (JGSS).
+
+[NOTE]
+  Not all combinations can be tested.
+  
+Concrete requests are still open.
 
 
 Awkward Stuff
@@ -28,12 +72,15 @@ Awkward Stuff
 [qanda]
 Why does MalformedChallengeException not extend AuthenticationException though it is documented
for
 authentication purposes?::
-	OK: MalformedChallengeException signals syntax violation of some sort presenting the client
from
-	understanding the challenge whereas AuthenticationException signals inability or unwillingness
-	to respond to the challenge. To me these are different type of issues, but I am open to
changing
-	it in 5.0.
-The name of ChallengeState is quite confusing. Where is the state? This is merely a ChallengeHostType:
-	OK: We can deprecate it and replace with AuthCounterpartType or some such in 4.5.
+        OK: MalformedChallengeException signals syntax violation of some sort presenting
the client
+        from understanding the challenge whereas AuthenticationException signals inability
or
+        unwillingness to respond to the challenge. To me these are different type of issues,
but I am
+        open to changing it in 5.0.
+
+The name of ChallengeState is quite confusing. Where is the state? This is merely a ChallengeHostType::
+        OK: We can deprecate it and replace with AuthCounterpartType or some such in 4.5.
+Can a `ContextAwareAuthScheme` instance be reused?::
+        TBD
 
 Todos
 -----



Mime
View raw message