On Mon, 2015-01-19 at 20:56 +0100, Michael Osipov wrote: > Am 2015-01-19 um 17:38 schrieb Oleg Kalnichevski: > > Folks > > > > Please review 4.4 release notes and make changes / amendments you > > deem necessary: > > > > http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt > > > > @Michael, > > > > I hope the statement about experimental status of the Native Windows > > auth code is in line with what you have been expecting. > > Some stuff needs to be reconsidered in the release notes: > > > * Authentication cache thread-safety: authentication caches used by > > HttpClient is now thread-safe > > and can be shared by multiple threads in order to re-use authentication > > state for subsequent > > requests > > I do not know how this is implemented but in the context of GSS-API and > SSPI, authentication contexts are not thread-safe. Every thread requires > its own private GSS/SSPI context, moreover the context handle must be > released/freed as soon as authentication has been completed. > > That is especially the issue I was questioning myself over and over > again when I made a code review and mailed you privately back last year. >
Only those schemes that implement Serializable (Basic and Digest at this moment) are considered safe to cache. All others are not. > > * Native windows Negotiate/NTLM via JNA: when running on Windows OS > > HttpClient configured to use > > native NTLM or SPNEGO authentication schemes can make use of platform > > specific functionality > > via JNA and current user system credentials. This functionality is still > > considered experimental > > and is known to have compatibility issues. Use at your discretion. > > > I would rather write: > > "Native Windows Negotiate, Kerberos and NTLM via SSPI through JNA: when > running on Windows OS HttpClient configured to use > native SPNEGO, Kerberos or NTLM authentication schemes can make use of > platform specific functionality > via JNA and current user credentials. This functionality is still > considered experimental, known to have compatibility issues and subject > to change without prior notice. Use at your discretion. > Why would not you just go ahead and write it directly in the release notes? Cheers Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
