On Mon, 2006-09-18 at 22:25 +0200, Mike Wilson wrote: > I think there is a problem that NTLM is such a small obscure detail for > many software developers that they don't realize that they exclude > Microsoft networks when choosing to develop with HttpClient. I have > gone through an opinion transition myself when I started to work for a > big corporation a couple of years ago. > Before starting there I couldn't care less about NTLM, but after > seeing the effect from the "inside", realizing how many Java programs > based on HttpClient are rendered unusable at work, it opened my eyes. > The very same programs would have worked fine if they had been using > the standard HttpURLConnection from the JDK (since 1.4.2). > And it's unfortunate that it is giving Java a bad name in these > communities. > > So guys, please don't get me wrong. I am not saying that you are doing > a bad job. But please understand that there are tens of thousands of > developers and users working behind NTLM2 Microsoft proxy servers, that > can't use their HttpClient-based programs to the full extent. And > probably the creators of these programs weren't even aware of this > limitation as they didn't sit behind an NTLM proxy themselves... > > Having hit this limitation a number of times at work, I have been > wondering if it would be possible to somehow have HttpClient use the > JDK's HttpURLConnection, instead of a plain socket?
Mike, This approach is just not technically feasible. This is not a problem, though. There are other solutions. The real trouble with NTLM is not technical but legal in nature. Sun can afford all those layers. We cannot. Any individual or company working on NTLM related stuff without Microsoft's explicit consent is walking the legal minefield. HttpClient 4 will provide NTLMv2 support through JCIFS. But we still have to work out all the legal aspects of that. You are welcome to give us a helping hand. Oleg > Then HttpClient > would get the same NTLM compatibility as the JDK for free. > I'm sure there are problems, but maybe this could be introduced as > some kind of limited-functionality compatibility mode, transparent to > the calling application? The ideal thing would be if I could set a > global property on the command line to activate this mode and not > having to rely on that the application is somehow "customized" for it. > > Even if just doing some kind of hack that only works for 50% of the > cases, I think it would be highly appreciated by the users. > > Best regards > Mike > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
