hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Httpcomponents Wiki] Update of "IssueTracking/HTTPCLIENT-1625" by MichaelOsipov
Date Mon, 16 Mar 2015 20:08:12 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpcomponents Wiki" for change notification.

The "IssueTracking/HTTPCLIENT-1625" page has been changed by MichaelOsipov:
https://wiki.apache.org/HttpComponents/IssueTracking/HTTPCLIENT-1625?action=diff&rev1=1&rev2=2

Comment:
Migrated AsciiDoc document to HttpComponents wiki for HTTPCLIENT-1625

- Describe IssueTracking/HTTPCLIENT-1625 here.
+ = Designing HTTPCLIENT-1625 =
  
+ This page tracks the design goals of the [[https://issues.apache.org/jira/browse/HTTPCLIENT-1625|complete
redesign of the GSS-based authentication in HttpClient]]. Namely, implementation decisions,
known issues, awkward stuff, testing, etc. All code will be developed in a [[http://svn.apache.org/repos/asf/httpcomponents/httpclient/branches/HTTPCLIENT-1625/|separate
branch]].
+ 
+ <<TableOfContents>>
+ 
+ == Implementation Decisions ==
+ Implemenation decisions are comprised of several blocks like interface implementations,
exception handling, logging.
+ 
+ === Interface Implementations ===
+ 
+  * `AuthSchemeProvider`: merely a factory for creating `AuthScheme` instances. Implemenation
will be `GssBasedSchemeProvider`. It will take in one argument, the OID string of the desired
authentication mechanism or simply the `AuthScheme` name.
+  * `AuthSchemeBase` (implements `ContextAwareAuthScheme`): the implementation `GSSBasedScheme`
will take in one argument, the OID string of the desired authentication mechanism or simply
the `AuthScheme`. It will internally maintain a stateful `GSSContext` for the authentication
against a target or a proxy. Since the implementation itself does not know when it will be
nulled and garbage collected, it will maintain its state internally and release the `GSSContext`
immediately upon successful completion or the first failure. This implemenation will '''not'''
be threadsafe.
+  * `Credentials`: this will be `GSSBasedCredentials` and will take in a `GSSCredential`.
Useful if not the default `GSSCredential` will be used. It is also necessary to create a `GSSPrincipal`
class which will wrap the `GSSName` from the credential.
+  * `UserTokenHandler`: TBD
+ 
+ === Exception Handling ===
+ TBD
+ 
+ === Logging ===
+ TBD
+ 
+ == Open Issues ==
+ TBD
+ 
+ == Testing ==
+ Testing is comprised of two sections: unit tests and integration tests.
+ 
+ === Unit Tests ===
+ It has to be determined how one can reasonably mock GSS objects to test the new implementation.
+ 
+ === Integration Tests ===
+ Integeration tests will be performed in a corporate environment with the following setup:
+ 
+  * Client OS: Windows 7, RHEL 6, FreeBSD 9.x, HP-UX 11.31
+  * Java runtime: 1.6 and 1.7 from Oracle, OpenJDK and HP
+  * Target servers: Microsoft Forefront TMG (HTTP proxy) (SSPI), Microsoft IIS 7.5/8.0 (SSPI),
Apache Web Server 2.2.x with [[https://github.com/michael-o/mod_spnego|mod_spnego]] (MIT Kerberos)
and Apache Tomcat 6 with [[http://tomcatspnegoad.sourceforge.net/|Tomcat Authnz SPNEGO AD]]
(JGSS).
+ 
+ {{{#!wiki note
+ '''Note'''
+ 
+ Not all combinations can be tested.
+ }}}
+ 
+ Concrete requests are still open.
+ 
+ == Awkward Stuff ==
+ 
+  1. Why does `MalformedChallengeException` not extend `AuthenticationException` though it
is documented for authentication purposes?<<BR>>OK: `MalformedChallengeException`
signals syntax violation of some sort presenting the client from understanding the challenge
whereas `AuthenticationException` signals inability or unwillingness to respond to the challenge.
To me these are different type of issues, but I am open to changing it in 5.0.
+  1. The name of `ChallengeState` is quite confusing. Where is the state? This is merely
a `ChallengeHostType`.<<BR>>OK: We can deprecate it and replace with `AuthCounterpartType`
or some such in 4.5.
+  1. Can a `ContextAwareAuthScheme` instance be reused?<<BR>>OK: It can be re-used
and will automatically be re-used within the same context (requests executed with the same
instance of HttpContext).
+ 
+ == Todos ==
+ 
+  * Update documentation of `DefaultUserTokenHandler`
+ 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message