hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HTTPCLIENT-917) When authentication is invalidated during redirection, proxy authentication also should be invalidated
Date Wed, 24 Feb 2010 11:28:27 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-917?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12837745#action_12837745
] 

Karl Wright commented on HTTPCLIENT-917:
----------------------------------------

The implementation is effectively a clean-room implementation of client-side NTLM, based on
published web protocol descriptions, and with some protocol clarifications from Michael Allen.
 So we believe it does not violate anyone's copyright.

No warranty is granted that it does not violate any Microsoft patents.  However, please note
that there are at least two other open source projects out there that distribute code that
is functionally similar.  These are:

- jCIFS (jcifs.samba.org), which you are familiar
- curl, which I presume you have heard of also

Can you clarify what patents you believe to be in play here?  We may be able to do some independent
research to see if these concerns appear to be warranted.

Thanks,
Karl


> When authentication is invalidated during redirection, proxy authentication also should
be invalidated
> ------------------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-917
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-917
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 3.1 Final
>            Reporter: Karl Wright
>         Attachments: proxy-auth-invalidate.patch
>
>
> This was discovered during use by Lucene Connector Framework, on 3.1.
> When a document is fetched through a proxy authenticated with NTLM, and
> that document is a redirection (301 or 302), the httpclient fails to
> properly use the right proxy credentials on the subsequent document
> fetch. This leads to 407 errors on these kinds of documents.
> I've attached a proposed patch.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message