Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 19BC5109A6 for ; Mon, 19 Jan 2015 21:22:40 +0000 (UTC) Received: (qmail 12076 invoked by uid 500); 19 Jan 2015 21:22:37 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 12027 invoked by uid 500); 19 Jan 2015 21:22:37 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 12016 invoked by uid 99); 19 Jan 2015 21:22:37 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Jan 2015 21:22:37 +0000 Received: from ubuntu (77-57-180-223.dclient.hispeed.ch [77.57.180.223]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 1CACB1A0041 for ; Mon, 19 Jan 2015 21:22:35 +0000 (UTC) Message-ID: <1421702549.7104.1.camel@apache.org> Subject: Re: HttpClient 4.4 release notes; Re: HttpClient 4.4 tutorial preview From: Oleg Kalnichevski To: HttpComponents Project Date: Mon, 19 Jan 2015 22:22:29 +0100 In-Reply-To: <54BD6187.8080200@apache.org> References: <1421342271.24671.1.camel@apache.org> <1421685497.32609.1.camel@apache.org> <54BD6187.8080200@apache.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.7-0ubuntu1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit On Mon, 2015-01-19 at 20:56 +0100, Michael Osipov wrote: > Am 2015-01-19 um 17:38 schrieb Oleg Kalnichevski: > > Folks > > > > Please review 4.4 release notes and make changes / amendments you > > deem necessary: > > > > http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt > > > > @Michael, > > > > I hope the statement about experimental status of the Native Windows > > auth code is in line with what you have been expecting. > > Some stuff needs to be reconsidered in the release notes: > > > * Authentication cache thread-safety: authentication caches used by HttpClient is now thread-safe > > and can be shared by multiple threads in order to re-use authentication state for subsequent > > requests > > I do not know how this is implemented but in the context of GSS-API and > SSPI, authentication contexts are not thread-safe. Every thread requires > its own private GSS/SSPI context, moreover the context handle must be > released/freed as soon as authentication has been completed. > > That is especially the issue I was questioning myself over and over > again when I made a code review and mailed you privately back last year. > Only those schemes that implement Serializable (Basic and Digest at this moment) are considered safe to cache. All others are not. > > * Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient configured to use > > native NTLM or SPNEGO authentication schemes can make use of platform specific functionality > > via JNA and current user system credentials. This functionality is still considered experimental > > and is known to have compatibility issues. Use at your discretion. > > > I would rather write: > > "Native Windows Negotiate, Kerberos and NTLM via SSPI through JNA: when > running on Windows OS HttpClient configured to use > native SPNEGO, Kerberos or NTLM authentication schemes can make use of > platform specific functionality > via JNA and current user credentials. This functionality is still > considered experimental, known to have compatibility issues and subject > to change without prior notice. Use at your discretion. > Why would not you just go ahead and write it directly in the release notes? Cheers Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org