I have now completed a patch to add NTLM authentication to the latest version of HttpClient, however there are a couple of issues remaining so it should considered "beta-patch" at this point and this is really a request for comment rather than a request for commit. The issues are:
1. Does not comply with current coding style of HttpClient - particularly in the new files. 2. Needs improvement to logging 3. Requires the Java Cryptography Extensions The first two just require me to get around to it, the third I'd like some comments on. My preference is to not depend on JCE and to implement DES encryption ourselves in a standalone form. To that end I have implemented the DES encryption through a wrapper file so that it is simple to switch later if required. Note that JCE does not work with JRE 1.1 at all and is an optional add on for 1.2 and 1.3. I recieved no reply from an email sent to the author of the DES encryption class I have previously mentioned and two of the author's email addresses bounced so chance of relicencing it under the Apache License is pretty much nil at this point. I have done some more research and found that the MD4 encryption can be avoided by using the Windows 98 version of the protocol which seems to be more reliable anyway. Any thoughts, comments or cryptography experts? The other thing I would like confirmation on is that the integration into HttpClient (in Authenticator.java) is the best way to do it. It certainly seems like it is, but I can't be certain of that since I don't know the HttpClient code particularly well. Thanks in advance, Adrian Sutton, Software Engineer Ephox Corporation www.ephox.com This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom they are addressed. Opinions contained in this email do not necessarily reflect the opinions of Ephox Corporation. If you have received this email in error please notify the sender immediately and delete all copies of the correspondence from your computer and/or computer network. No warranty is given that this message upon its receipt is virus free and the sender in this respect accepts no liability.
auth_ntlm.patch
Description: Binary data
NTLM.java
Description: Binary data
DES.java
Description: Binary data
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
