Hi Odi, > I would actually consider this a security issue in the connection > managers: It may hand out an already authenticated connection to an > unsuspecting client. We should add fields to HttpConnection that keep > track of the credentials for connection oriented AuthSchemes. So > connection managers can take this into account. Also the connection > managers lack a parameter in the getConnection methods that carries > authentication information for connection based auth schemes.
It's on my list for 4.0, though it won't make it into client alpha1: http://wiki.apache.org/jakarta-httpclient/ConnectionManagementDesign It's not urgent since we won't have NTLM support for a while. I don't think we can or should squeeze this into 3.x anymore. cheers, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
