Am 2015-01-19 um 22:22 schrieb Oleg Kalnichevski:
On Mon, 2015-01-19 at 20:56 +0100, Michael Osipov wrote:
Am 2015-01-19 um 17:38 schrieb Oleg Kalnichevski:
Folks
Please review 4.4 release notes and make changes / amendments you
deem necessary:
http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
@Michael,
I hope the statement about experimental status of the Native Windows
auth code is in line with what you have been expecting.
Some stuff needs to be reconsidered in the release notes:
* Authentication cache thread-safety: authentication caches used by HttpClient
is now thread-safe
and can be shared by multiple threads in order to re-use authentication state
for subsequent
requests
I do not know how this is implemented but in the context of GSS-API and
SSPI, authentication contexts are not thread-safe. Every thread requires
its own private GSS/SSPI context, moreover the context handle must be
released/freed as soon as authentication has been completed.
That is especially the issue I was questioning myself over and over
again when I made a code review and mailed you privately back last year.
Only those schemes that implement Serializable (Basic and Digest at this
moment) are considered safe to cache. All others are not.
* Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient
configured to use
native NTLM or SPNEGO authentication schemes can make use of platform specific
functionality
via JNA and current user system credentials. This functionality is still
considered experimental
and is known to have compatibility issues. Use at your discretion.
I would rather write:
"Native Windows Negotiate, Kerberos and NTLM via SSPI through JNA: when
running on Windows OS HttpClient configured to use
native SPNEGO, Kerberos or NTLM authentication schemes can make use of
platform specific functionality
via JNA and current user credentials. This functionality is still
considered experimental, known to have compatibility issues and subject
to change without prior notice. Use at your discretion.
Why would not you just go ahead and write it directly in the release
notes?
True words...stupid me. I'll need a day or two for that.
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
