hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: HttpClient 4.4 release notes; Re: HttpClient 4.4 tutorial preview
Date Mon, 19 Jan 2015 21:22:29 GMT
On Mon, 2015-01-19 at 20:56 +0100, Michael Osipov wrote:
> Am 2015-01-19 um 17:38 schrieb Oleg Kalnichevski:
> > Folks
> >
> > Please review 4.4 release notes and make changes / amendments you
> > deem necessary:
> >
> > http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
> >
> >  @Michael,
> >
> > I hope the statement about experimental status of the Native Windows
> > auth code is in line with what you have been expecting.
> 
> Some stuff needs to be reconsidered in the release notes:
> 
> > * Authentication cache thread-safety: authentication caches used by HttpClient is
now thread-safe
> > and can be shared by multiple threads in order to re-use authentication state for
subsequent
> > requests
> 
> I do not know how this is implemented but in the context of GSS-API and 
> SSPI, authentication contexts are not thread-safe. Every thread requires 
> its own private GSS/SSPI context, moreover the context handle must be 
> released/freed as soon as authentication has been completed.
> 
> That is especially the issue I was questioning myself over and over 
> again when I made a code review and mailed you privately back last year.
> 

Only those schemes that implement Serializable (Basic and Digest at this
moment) are considered safe to cache. All others are not.  

> > * Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient configured
to use
> > native NTLM or SPNEGO authentication schemes can make use of platform specific functionality
> > via JNA and current user system credentials. This functionality is still considered
experimental
> > and is known to have compatibility issues. Use at your discretion.
> 
> 
> I would rather write:
> 
> "Native Windows Negotiate, Kerberos and NTLM via SSPI through JNA: when 
> running on Windows OS HttpClient configured to use
> native SPNEGO, Kerberos or NTLM authentication schemes can make use of 
> platform specific functionality
> via JNA and current user credentials. This functionality is still 
> considered experimental, known to have compatibility issues and subject 
> to change without prior notice. Use at your discretion.
> 

Why would not you just go ahead and write it directly in the release
notes?

Cheers
 
Oleg   



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message