[
https://issues.apache.org/jira/browse/HTTPCLIENT-2402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18031240#comment-18031240
]
Oleg Kalnichevski commented on HTTPCLIENT-2402:
-----------------------------------------------
[~stoty] I have not been able to look at all the details. I am completely under
water with my commercial day-time project and have my hands full with the
coming HttpClient 5.6-alpha1 release.
Just a few random thoughts in a random order:
* We need to remove all references to SecurityManager from our code base first.
* I am fine with SPNEGO working properly with the classic transport only as
the first step. We can look at supporting it with the async transport later.
Once HttpClient 5.6-alpha1 has been released I can take a closer look.
Oleg
> Handle SecurityManager removal
> ------------------------------
>
> Key: HTTPCLIENT-2402
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2402
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Reporter: Istvan Toth
> Priority: Major
>
> There are two aspect to these changes:
> - replacing Subject.doAs() with Subject.callAs()
> - handling the changed thread semantics, where the Current Subject is nonger
> propagated to new Threads.
> Httpclient doesn't currently use the disabled methods.
> They are used in HTTPCLIENT-2358, which already includes the SecurityUtils to
> map the doAs/CallAs function based on the JVM version.
> The Subject propagation issue breaks SPNEGO authentication for the Async
> client, as the Subject is no longer propagated to the executor threads for
> the Async operations.
> There is no current test for that, I will add new tests to HTTPCLIENT-2358 to
> cover this case.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
