hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Osipov <micha...@apache.org>
Subject Re: HttpClient 4.4 release notes; Re: HttpClient 4.4 tutorial preview
Date Mon, 19 Jan 2015 19:56:55 GMT
Am 2015-01-19 um 17:38 schrieb Oleg Kalnichevski:
> Folks
>
> Please review 4.4 release notes and make changes / amendments you
> deem necessary:
>
> http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
>
>  @Michael,
>
> I hope the statement about experimental status of the Native Windows
> auth code is in line with what you have been expecting.

Some stuff needs to be reconsidered in the release notes:

> * Authentication cache thread-safety: authentication caches used by HttpClient is now
thread-safe
> and can be shared by multiple threads in order to re-use authentication state for subsequent
> requests

I do not know how this is implemented but in the context of GSS-API and 
SSPI, authentication contexts are not thread-safe. Every thread requires 
its own private GSS/SSPI context, moreover the context handle must be 
released/freed as soon as authentication has been completed.

That is especially the issue I was questioning myself over and over 
again when I made a code review and mailed you privately back last year.

> * Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient configured
to use
> native NTLM or SPNEGO authentication schemes can make use of platform specific functionality
> via JNA and current user system credentials. This functionality is still considered experimental
> and is known to have compatibility issues. Use at your discretion.


I would rather write:

"Native Windows Negotiate, Kerberos and NTLM via SSPI through JNA: when 
running on Windows OS HttpClient configured to use
native SPNEGO, Kerberos or NTLM authentication schemes can make use of 
platform specific functionality
via JNA and current user credentials. This functionality is still 
considered experimental, known to have compatibility issues and subject 
to change without prior notice. Use at your discretion.


Side note:
In the long-term I plan to add some other nice features like PAC support.

Michael

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message