hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Becke <be...@u.washington.edu>
Subject Re: DO NOT REPLY [Bug 25529] Redesign of HTTP authentication framework
Date Thu, 08 Jan 2004 03:25:42 GMT
Sorry none yet.  Tomorrow perhaps....

Mike

On Jan 7, 2004, at 11:17 AM, Kalnichevski, Oleg wrote:

> Has anyone looked at this one? Any feedback so far?
>
> Oleg
>
> -----Original Message-----
> From: bugzilla@apache.org [mailto:bugzilla@apache.org]
> Sent: Monday, December 15, 2003 12:40
> To: commons-httpclient-dev@jakarta.apache.org
> Subject: DO NOT REPLY [Bug 25529] New: - Redesign of HTTP 
> authentication
> framework
>
>
> DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
> RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
> <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25529>.
> ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
> INSERTED IN THE BUG DATABASE.
>
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25529
>
> Redesign of HTTP authentication framework
>
>            Summary: Redesign of HTTP authentication framework
>            Product: Commons
>            Version: Nightly Builds
>           Platform: All
>         OS/Version: All
>             Status: NEW
>           Severity: Enhancement
>           Priority: Other
>          Component: HttpClient
>         AssignedTo: commons-httpclient-dev@jakarta.apache.org
>         ReportedBy: olegk@apache.org
>
>
> The existing HTTP authentication framework has got a few glaring 
> deficiencies:
> - Authentication headers management evolved (or degraded) into a some 
> sort of
> black art and proved very error-prone.
> - Existing logic intended to deal with authentication failures and
> authentication failure recovery is flawed. The resolution of the bug 
> #20089 did
> appear possible without a better approach than the one based on 
> AuthScheme#getID.
>
> On top of that authentication logic got quite messy with the series of 
> attempts
> to fix breakages in complex authentication schemes (the latest being 
> NTLM proxy
> + basic host fix)
>
> The patch I am about to attach is an attempt to address all the 
> shortcomings
> mentioned above. It builds upon my previous patch that enabled 
> authentication
> schemes to maintain authentication state and presents a complete 
> redesign of the
> existing HTTP authentication framework.
>
> Basically there's no authentication code left untouched, so please do 
> take a
> closer look. Critique, comments, suggestions welcome.
>
> Oleg
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: 
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: 
> commons-httpclient-dev-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: 
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: 
> commons-httpclient-dev-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message