>NTLM support is targeted as a HttpClient 2.1 feature on the bug you raised: >http://issues.apache.org/bugzilla/show_bug.cgi?id=10851 > >There has not been a "feature freeze" for 2.0 yet, so we're still open to adding >this earlier. There was also the idea for adding "plugable authentication" >modules for just this purpose as well. You obviously have need for NTLM, so I'm >OK with moving this up, with a few caveats:
My original intent was to wait for plugable authentication modules however the schedule pressures that I'm under decreed that it had to be done now. I figure that I may as well do it in a way that can easily be incorporated back into HttpClient so that others can gain some use out of it as well. To do that though I need to run it past the experts here on the list as this is my first modifications to HttpClient or in fact any Jakarta project. Thanks for your help. It would be excellent if this could make the 2.0 release, particularly so if that release were to happen before our product has to ship. Regardless, we use only a small subset of the HttpClient functionality so we'd be happy with using a CVS version and putting it through our testing proceedures as we're yet to find any issues with the current CVS builds. >1) Using the JCE is preferable to a seperate DES class. It must only be >required at runtime if the NTLM auth code is actually executed (similar to how >https works currently) Okay, I will fold the DES stuff into the main NTLM class and ensure it is not needlessly required. >2) Testing for this is going to be difficult. A nice complete JUnit test suite >is going to be necessisary Agreed. I'll base these off of the tests for the other authentication methods. >3) Need assurance that all code (particularly NTLM.java) is free to be licenced >under the Apache software license. I can provide that assurance now since we will be using the JCE for encryption. >BTW: Integration into Authenticator looks like the logical, minimal approach. >"Pluggable authentication modules" can just be left as a future enhancement. Good to hear. Thanks for your assistance Jeff, you (and many others) are doing an sensational job around here. Yours, Adrian Sutton, Software Engineer Ephox Corporation www.ephox.com This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom they are addressed. Opinions contained in this email do not necessarily reflect the opinions of Ephox Corporation. If you have received this email in error please notify the sender immediately and delete all copies of the correspondence from your computer and/or computer network. No warranty is given that this message upon its receipt is virus free and the sender in this respect accepts no liability. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
