Hi, We in our product support Kerberos auth scheme and while using 3.x version of HttpClient we did that by registering Kerberos scheme with the AuthPolicy class. In 4.x Api I see no way to register the schemes we might want to implement and support. It looks like other than Basic,Digest and NTLM we cannot support any other auth scheme.
Is that right? Thanks, Pankaj Arora -----Original Message----- From: Pankaj Arora [mailto:[email protected]] Sent: Friday, January 16, 2009 10:35 AM To: HttpComponents Project Subject: RE: FW: HttpClient authentication problem. Hi Tushar,Oleg, Can you please provide an OSGI bundle for httpcomponents-client-4.0-beta2-bin-with-dependencies.zip as you have for core and client separately? Thanks, Pankaj Arora -----Original Message----- From: Tushar Kapila [mailto:[email protected]] Sent: Friday, January 16, 2009 9:18 AM To: HttpComponents Project Subject: Re: FW: HttpClient authentication problem. Pankaj https://issues.apache.org/jira/browse/HTTPCORE-179 if you download the samples you can see a reference implementation and their are 4 jars to be included in classpath from http://www.apache.org/dist/httpcomponents/httpclient/binary/httpcomponents-client-4.0-beta2-bin-with-dependencies.zip Oleg I made a sample quick start guide - will need to edit it for reqiored jars until the API, release file name patterns and locations stabalizes. See it at http://wiki.apache.org/HttpComponents/QuickStart Regards Tushar Kapila ----- Original Message ----- From: "Pankaj Arora" <[email protected]> To: "HttpComponents Project" <[email protected]> Sent: Friday, January 16, 2009 5:08 AM Subject: RE: FW: HttpClient authentication problem. Hi Oleg, Thanks for your reply. I have started porting the Api to 4.x and it looks like many of classes namely org.apache.http.Header, org.apache.http.message.AbstractHttpMessage etc are not part of the Http Components Client but are part of Http Core. So to move to 4.x I need to have both Http Core libraries and Http Components Client libraries? Is that the case? Please verify. Thanks, Pankaj Arora -----Original Message----- From: Oleg Kalnichevski [mailto:[email protected]] Sent: Saturday, January 10, 2009 5:33 AM To: HttpComponents Project Subject: Re: FW: HttpClient authentication problem. Pankaj Arora wrote: > Hi, > I am using HttpClient 3.x till now. It looks like 4.x is completely > overhauled and there are major API changes that happened. I thought > solution to this problem lied in having authentication info available to > connection managers so the stateful connection is not reused. I was > looking at 4.x Api docs > http://hc.apache.org/httpcomponents-client/httpclient/apidocs/index.html > And I don't see any MultiThreaded Connection Manager. http://hc.apache.org/httpcomponents-client/examples.html http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/module-client/src/examples/org/apache/http/examples/client/ClientMultiThreadedExecution.java > In fact looks like everything has moved to org.apache.http.* packages from > org.apache.commons.*. > If that's the case, Yes, this is the case, because 4.0 is a complete rewrite of the old code line. can you tell me if there is some guide that can tell me how I can make my existing product compatible with 4.x release? You need to port it to the new API. > Second how the existing bug we are talking about can be resolved in new > design. > HTTP connection managers in 4.0 are now aware that connections can be stateful. They can take the connection state into consideration when serving a request for a persistent connection. Standard connection managers automatically take user identity into consideration when managing NTLM authenticated connections. Please make sure to read this, though http://hc.apache.org/httpcomponents-client/ntlm.html Oleg > I am sorry as I am bit confused as I wasn't following 4.x development from > scratch. > > Thanks, > Pankaj Arora > > -----Original Message----- > From: Pankaj Arora [mailto:[email protected]] > Sent: Tuesday, January 06, 2009 3:21 PM > To: HttpComponents Project > Subject: RE: FW: HttpClient authentication problem. > > Hi Odi and Roland, > Was curious to know if this feature finally made to 4.0. Moreover when > final 4.0 verison for commons is expected? > > Thanks, > Pankaj Arora > > > Hi Odi, > >> I would actually consider this a security issue in the connection >> managers: It may hand out an already authenticated connection to an >> unsuspecting client. We should add fields to HttpConnection that keep >> track of the credentials for connection oriented AuthSchemes. So >> connection managers can take this into account. Also the connection >> managers lack a parameter in the getConnection methods that carries >> authentication information for connection based auth schemes. > > It's on my list for 4.0, though it won't make it into client alpha1: > http://wiki.apache.org/jakarta-httpclient/ConnectionManagementDesign > It's not urgent since we won't have NTLM support for a while. > > I don't think we can or should squeeze this into 3.x anymore. > > cheers, > Roland > > -----Original Message----- > From: Ortwin Glück [mailto:[email protected]] > Sent: Friday, May 18, 2007 5:41 AM > To: HttpComponents Project > Subject: Re: FW: HttpClient authentication problem. > > Pankaj, > > NTLM is designed to authenticate a connection. AFAIK it does not support > a "logout" in the middle of a connection, nor does it support preemptive > authentication. So the only way to force a new authentication is to > close the connection. (e.g. try and clear the authentication to a mapped > network drive in Windows. Probably the same issue there.) > > Thus it's not possible to share a connection between users when using > NTLM auth. Yes, this may cause a performance hit if you were planning to > share a connection between different users. > > You could tweak your connection manager to remember the authenticated > user for each connection and try to find an already authenticated one or > hand out a new one if you can't. > > I would actually consider this a security issue in the connection > managers: It may hand out an already authenticated connection to an > unsuspecting client. We should add fields to HttpConnection that keep > track of the credentials for connection oriented AuthSchemes. So > connection managers can take this into account. Also the connection > managers lack a parameter in the getConnection methods that carries > authentication information for connection based auth schemes. > > Ortwin > > > Pankaj Arora wrote: >> Thanks, That worked for me. Only thing that worries me is that >> connections don't persist now. It might be a performance issue. Only >> thing which I would like to know from you( as I am bit novice here)- >> what is the right behavior, my client not authenticating second time >> as connection is already authenticated or closing the connections to >> force authentication repeatedly. >> >> Thanks, Pankaj Arora. > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
