hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Osipov <micha...@apache.org>
Subject Re: HttpClient 4.4 release notes; Re: HttpClient 4.4 tutorial preview
Date Tue, 20 Jan 2015 08:08:24 GMT
Am 2015-01-19 um 22:22 schrieb Oleg Kalnichevski:
> On Mon, 2015-01-19 at 20:56 +0100, Michael Osipov wrote:
>> Am 2015-01-19 um 17:38 schrieb Oleg Kalnichevski:
>>> Folks
>>>
>>> Please review 4.4 release notes and make changes / amendments you
>>> deem necessary:
>>>
>>> http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
>>>
>>>   @Michael,
>>>
>>> I hope the statement about experimental status of the Native Windows
>>> auth code is in line with what you have been expecting.
>>
>> Some stuff needs to be reconsidered in the release notes:
>>
>>> * Authentication cache thread-safety: authentication caches used by HttpClient
is now thread-safe
>>> and can be shared by multiple threads in order to re-use authentication state
for subsequent
>>> requests
>>
>> I do not know how this is implemented but in the context of GSS-API and
>> SSPI, authentication contexts are not thread-safe. Every thread requires
>> its own private GSS/SSPI context, moreover the context handle must be
>> released/freed as soon as authentication has been completed.
>>
>> That is especially the issue I was questioning myself over and over
>> again when I made a code review and mailed you privately back last year.
>>
>
> Only those schemes that implement Serializable (Basic and Digest at this
> moment) are considered safe to cache. All others are not.
>
>>> * Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient
configured to use
>>> native NTLM or SPNEGO authentication schemes can make use of platform specific
functionality
>>> via JNA and current user system credentials. This functionality is still considered
experimental
>>> and is known to have compatibility issues. Use at your discretion.
>>
>>
>> I would rather write:
>>
>> "Native Windows Negotiate, Kerberos and NTLM via SSPI through JNA: when
>> running on Windows OS HttpClient configured to use
>> native SPNEGO, Kerberos or NTLM authentication schemes can make use of
>> platform specific functionality
>> via JNA and current user credentials. This functionality is still
>> considered experimental, known to have compatibility issues and subject
>> to change without prior notice. Use at your discretion.
>>
>
> Why would not you just go ahead and write it directly in the release
> notes?

True words...stupid me. I'll need a day or two for that.

Michael


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message