You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Apache Wiki <wi...@apache.org> on 2015/03/16 21:08:12 UTC
[Httpcomponents Wiki] Update of "IssueTracking/HTTPCLIENT-1625" by MichaelOsipov
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpcomponents Wiki" for change notification.
The "IssueTracking/HTTPCLIENT-1625" page has been changed by MichaelOsipov:
https://wiki.apache.org/HttpComponents/IssueTracking/HTTPCLIENT-1625?action=diff&rev1=1&rev2=2
Comment:
Migrated AsciiDoc document to HttpComponents wiki for HTTPCLIENT-1625
- Describe IssueTracking/HTTPCLIENT-1625 here.
+ = Designing HTTPCLIENT-1625 =
+ This page tracks the design goals of the [[https://issues.apache.org/jira/browse/HTTPCLIENT-1625|complete redesign of the GSS-based authentication in HttpClient]]. Namely, implementation decisions, known issues, awkward stuff, testing, etc. All code will be developed in a [[http://svn.apache.org/repos/asf/httpcomponents/httpclient/branches/HTTPCLIENT-1625/|separate branch]].
+
+ <<TableOfContents>>
+
+ == Implementation Decisions ==
+ Implemenation decisions are comprised of several blocks like interface implementations, exception handling, logging.
+
+ === Interface Implementations ===
+
+ * `AuthSchemeProvider`: merely a factory for creating `AuthScheme` instances. Implemenation will be `GssBasedSchemeProvider`. It will take in one argument, the OID string of the desired authentication mechanism or simply the `AuthScheme` name.
+ * `AuthSchemeBase` (implements `ContextAwareAuthScheme`): the implementation `GSSBasedScheme` will take in one argument, the OID string of the desired authentication mechanism or simply the `AuthScheme`. It will internally maintain a stateful `GSSContext` for the authentication against a target or a proxy. Since the implementation itself does not know when it will be nulled and garbage collected, it will maintain its state internally and release the `GSSContext` immediately upon successful completion or the first failure. This implemenation will '''not''' be threadsafe.
+ * `Credentials`: this will be `GSSBasedCredentials` and will take in a `GSSCredential`. Useful if not the default `GSSCredential` will be used. It is also necessary to create a `GSSPrincipal` class which will wrap the `GSSName` from the credential.
+ * `UserTokenHandler`: TBD
+
+ === Exception Handling ===
+ TBD
+
+ === Logging ===
+ TBD
+
+ == Open Issues ==
+ TBD
+
+ == Testing ==
+ Testing is comprised of two sections: unit tests and integration tests.
+
+ === Unit Tests ===
+ It has to be determined how one can reasonably mock GSS objects to test the new implementation.
+
+ === Integration Tests ===
+ Integeration tests will be performed in a corporate environment with the following setup:
+
+ * Client OS: Windows 7, RHEL 6, FreeBSD 9.x, HP-UX 11.31
+ * Java runtime: 1.6 and 1.7 from Oracle, OpenJDK and HP
+ * Target servers: Microsoft Forefront TMG (HTTP proxy) (SSPI), Microsoft IIS 7.5/8.0 (SSPI), Apache Web Server 2.2.x with [[https://github.com/michael-o/mod_spnego|mod_spnego]] (MIT Kerberos) and Apache Tomcat 6 with [[http://tomcatspnegoad.sourceforge.net/|Tomcat Authnz SPNEGO AD]] (JGSS).
+
+ {{{#!wiki note
+ '''Note'''
+
+ Not all combinations can be tested.
+ }}}
+
+ Concrete requests are still open.
+
+ == Awkward Stuff ==
+
+ 1. Why does `MalformedChallengeException` not extend `AuthenticationException` though it is documented for authentication purposes?<<BR>>OK: `MalformedChallengeException` signals syntax violation of some sort presenting the client from understanding the challenge whereas `AuthenticationException` signals inability or unwillingness to respond to the challenge. To me these are different type of issues, but I am open to changing it in 5.0.
+ 1. The name of `ChallengeState` is quite confusing. Where is the state? This is merely a `ChallengeHostType`.<<BR>>OK: We can deprecate it and replace with `AuthCounterpartType` or some such in 4.5.
+ 1. Can a `ContextAwareAuthScheme` instance be reused?<<BR>>OK: It can be re-used and will automatically be re-used within the same context (requests executed with the same instance of HttpContext).
+
+ == Todos ==
+
+ * Update documentation of `DefaultUserTokenHandler`
+
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org