Return-Path: 
 <httpcomponents-dev-return-15847-apmail-jakarta-httpcomponents-dev-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-httpcomponents-dev-archive@www.apache.org
Received: (qmail 37956 invoked from network); 18 May 2007 18:06:25 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 18 May 2007 18:06:25 -0000
Received: (qmail 94399 invoked by uid 500); 18 May 2007 18:06:31 -0000
Delivered-To: apmail-jakarta-httpcomponents-dev-archive@jakarta.apache.org
Received: (qmail 94377 invoked by uid 500); 18 May 2007 18:06:31 -0000
Mailing-List: contact httpcomponents-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:httpcomponents-dev-help@jakarta.apache.org>
List-Unsubscribe: <mailto:httpcomponents-dev-unsubscribe@jakarta.apache.org>
List-Post: <mailto:httpcomponents-dev@jakarta.apache.org>
List-Id: <httpcomponents-dev.jakarta.apache.org>
Reply-To: "HttpComponents Project" <httpcomponents-dev@jakarta.apache.org>
Delivered-To: mailing list httpcomponents-dev@jakarta.apache.org
Received: (qmail 94368 invoked by uid 99); 18 May 2007 18:06:31 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 May 2007 11:06:31 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_HELO_PASS
X-Spam-Check-By: apache.org
Received-SPF: neutral (herse.apache.org: local policy)
Received: from [212.227.126.183] (HELO moutng.kundenserver.de)
 (212.227.126.183)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 May 2007 11:06:24 -0700
Received: from [85.180.17.145] (helo=[85.180.17.145])
	by mrelayeu.kundenserver.de (node=mrelayeu5) with ESMTP (Nemesis),
	id 0ML25U-1Hp6q13BIN-0006Md; Fri, 18 May 2007 20:06:01 +0200
Message-ID: <464DEC23.6020803@dubioso.net>
Date: Fri, 18 May 2007 20:10:43 +0200
From: Roland Weber <ossfwot@dubioso.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
 rv:1.8.1.2) Gecko/20070319 SeaMonkey/1.1.1
MIME-Version: 1.0
To: HttpComponents Project <httpcomponents-dev@jakarta.apache.org>
Subject: Re: FW: HttpClient authentication problem.
References: 
 <1AA95300F8CC2D4583ACBC20FDD3B13D056F2FEE@hq-exch-01.castiron.corp>
 <464D9EC6.8010207@odi.ch>
In-Reply-To: <464D9EC6.8010207@odi.ch>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Provags-ID: V01U2FsdGVkX1/tlluW+nVEKaK1fhLbJLqEls7FpUc7DVPxP03
 1CNlNOHMypyfBbghKSDhu3tU2SYsqjbBhWTc07WiokTdVEbXx2
 1eBWEJKKSP7XB+uBpEKlODFNojBiA9b
X-Virus-Checked: Checked by ClamAV on apache.org

Hi Odi,

> I would actually consider this a security issue in the connection
> managers: It may hand out an already authenticated connection to an
> unsuspecting client. We should add fields to HttpConnection that keep
> track of the credentials for connection oriented AuthSchemes. So
> connection managers can take this into account. Also the connection
> managers lack a parameter in the getConnection methods that carries
> authentication information for connection based auth schemes.

It's on my list for 4.0, though it won't make it into client alpha1:
http://wiki.apache.org/jakarta-httpclient/ConnectionManagementDesign
It's not urgent since we won't have NTLM support for a while.

I don't think we can or should squeeze this into 3.x anymore.

cheers,
  Roland

---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org