On Tue, 2008-04-22 at 17:01 -0700, Pankaj Arora wrote: > Hi, > Any idea when is Http Client 4.0 is schedule for release. >
When it is ready. 4.0-alpha4 can be expected within the coming weeks. The API freeze (beta1) can be expected towards the end of the year. I personally see no need to rush the final release. > Also has this been taken care in 4.0? Partially. Connection managers in the 4.0 codeline are now capable of handling stateful connections. However, I still need to add ability to manage connection state to HttpClient itself. Hope this helps Oleg > Http Client is planning to do this in 4.0 > It's on my list for 4.0, though it won't make it into client alpha1: > http://wiki.apache.org/jakarta-httpclient/ConnectionManagementDesign > > Please refer to mail chain below for issue and your comments: > > ________________________________________________________________________ > ____ > Hi Odi, > > > I would actually consider this a security issue in the connection > > managers: It may hand out an already authenticated connection to an > > unsuspecting client. We should add fields to HttpConnection that keep > > track of the credentials for connection oriented AuthSchemes. So > > connection managers can take this into account. Also the connection > > managers lack a parameter in the getConnection methods that carries > > authentication information for connection based auth schemes. > > It's on my list for 4.0, though it won't make it into client alpha1: > http://wiki.apache.org/jakarta-httpclient/ConnectionManagementDesign > It's not urgent since we won't have NTLM support for a while. > > I don't think we can or should squeeze this into 3.x anymore. > > cheers, > Roland > > > > Pankaj, > > NTLM is designed to authenticate a connection. AFAIK it does not support > a "logout" in the middle of a connection, nor does it support preemptive > authentication. So the only way to force a new authentication is to > close the connection. (e.g. try and clear the authentication to a mapped > network drive in Windows. Probably the same issue there.) > > Thus it's not possible to share a connection between users when using > NTLM auth. Yes, this may cause a performance hit if you were planning to > share a connection between different users. > > You could tweak your connection manager to remember the authenticated > user for each connection and try to find an already authenticated one or > hand out a new one if you can't. > > I would actually consider this a security issue in the connection > managers: It may hand out an already authenticated connection to an > unsuspecting client. We should add fields to HttpConnection that keep > track of the credentials for connection oriented AuthSchemes. So > connection managers can take this into account. Also the connection > managers lack a parameter in the getConnection methods that carries > authentication information for connection based auth schemes. > > Ortwin > > > Pankaj Arora wrote: > > Thanks, That worked for me. Only thing that worries me is that > > connections don't persist now. It might be a performance issue. Only > > thing which I would like to know from you( as I am bit novice here)- > > what is the right behavior, my client not authenticating second time > > as connection is already authenticated or closing the connections to > > force authentication repeatedly. > > > > Thanks, Pankaj Arora. > > ________________________________________________________________________ > ____ > Thanks, > Pankaj Arora > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
