Am 2015-01-19 um 17:38 schrieb Oleg Kalnichevski:
Folks
Please review 4.4 release notes and make changes / amendments you
deem necessary:
http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
@Michael,
I hope the statement about experimental status of the Native Windows
auth code is in line with what you have been expecting.
Some stuff needs to be reconsidered in the release notes:
* Authentication cache thread-safety: authentication caches used by HttpClient
is now thread-safe
and can be shared by multiple threads in order to re-use authentication state
for subsequent
requests
I do not know how this is implemented but in the context of GSS-API and
SSPI, authentication contexts are not thread-safe. Every thread requires
its own private GSS/SSPI context, moreover the context handle must be
released/freed as soon as authentication has been completed.
That is especially the issue I was questioning myself over and over
again when I made a code review and mailed you privately back last year.
* Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient
configured to use
native NTLM or SPNEGO authentication schemes can make use of platform specific
functionality
via JNA and current user system credentials. This functionality is still
considered experimental
and is known to have compatibility issues. Use at your discretion.
I would rather write:
"Native Windows Negotiate, Kerberos and NTLM via SSPI through JNA: when
running on Windows OS HttpClient configured to use
native SPNEGO, Kerberos or NTLM authentication schemes can make use of
platform specific functionality
via JNA and current user credentials. This functionality is still
considered experimental, known to have compatibility issues and subject
to change without prior notice. Use at your discretion.
Side note:
In the long-term I plan to add some other nice features like PAC support.
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
