You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Oleg Kalnichevski <ol...@apache.org> on 2015/01/19 17:38:17 UTC
HttpClient 4.4 release notes; Re: HttpClient 4.4 tutorial preview
Folks
Please review 4.4 release notes and make changes / amendments you deem
necessary:
http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
@Michael,
I hope the statement about experimental status of the Native Windows
auth code is in line with what you have been expecting.
Oleg
On Thu, 2015-01-15 at 18:17 +0100, Oleg Kalnichevski wrote:
> Folks
>
> Please feel free to take a look at the updated HttpClient 4.4 tutorial
> http://people.apache.org/~olegk/tutorial-httpclient-4.4/html/
>
> Here's the diff of changes
> http://svn.apache.org/viewvc?view=revision&revision=1652164
>
> State management and hostname verification are two main subjects that
> changed substantially.
> http://people.apache.org/~olegk/tutorial-httpclient-4.4/html/connmgmt.html#d5e447
> http://people.apache.org/~olegk/tutorial-httpclient-4.4/html/statemgmt.html
>
> Please just go ahead and make changes or corrections you deem necessary.
> If I hear no complaints I would like to start preparing 4.4 GA release
> this weekend.
>
> Cheers
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: HttpClient 4.4 release notes; Re: HttpClient 4.4 tutorial preview
Posted by Michael Osipov <mi...@apache.org>.
Am 2015-01-19 um 22:22 schrieb Oleg Kalnichevski:
> On Mon, 2015-01-19 at 20:56 +0100, Michael Osipov wrote:
>> Am 2015-01-19 um 17:38 schrieb Oleg Kalnichevski:
>>> Folks
>>>
>>> Please review 4.4 release notes and make changes / amendments you
>>> deem necessary:
>>>
>>> http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
>>>
>>> @Michael,
>>>
>>> I hope the statement about experimental status of the Native Windows
>>> auth code is in line with what you have been expecting.
>>
>> Some stuff needs to be reconsidered in the release notes:
>>
>>> * Authentication cache thread-safety: authentication caches used by HttpClient is now thread-safe
>>> and can be shared by multiple threads in order to re-use authentication state for subsequent
>>> requests
>>
>> I do not know how this is implemented but in the context of GSS-API and
>> SSPI, authentication contexts are not thread-safe. Every thread requires
>> its own private GSS/SSPI context, moreover the context handle must be
>> released/freed as soon as authentication has been completed.
>>
>> That is especially the issue I was questioning myself over and over
>> again when I made a code review and mailed you privately back last year.
>>
>
> Only those schemes that implement Serializable (Basic and Digest at this
> moment) are considered safe to cache. All others are not.
>
>>> * Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient configured to use
>>> native NTLM or SPNEGO authentication schemes can make use of platform specific functionality
>>> via JNA and current user system credentials. This functionality is still considered experimental
>>> and is known to have compatibility issues. Use at your discretion.
>>
>>
>> I would rather write:
>>
>> "Native Windows Negotiate, Kerberos and NTLM via SSPI through JNA: when
>> running on Windows OS HttpClient configured to use
>> native SPNEGO, Kerberos or NTLM authentication schemes can make use of
>> platform specific functionality
>> via JNA and current user credentials. This functionality is still
>> considered experimental, known to have compatibility issues and subject
>> to change without prior notice. Use at your discretion.
>>
>
> Why would not you just go ahead and write it directly in the release
> notes?
True words...stupid me. I'll need a day or two for that.
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: HttpClient 4.4 release notes; Re: HttpClient 4.4 tutorial
preview
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2015-01-19 at 20:56 +0100, Michael Osipov wrote:
> Am 2015-01-19 um 17:38 schrieb Oleg Kalnichevski:
> > Folks
> >
> > Please review 4.4 release notes and make changes / amendments you
> > deem necessary:
> >
> > http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
> >
> > @Michael,
> >
> > I hope the statement about experimental status of the Native Windows
> > auth code is in line with what you have been expecting.
>
> Some stuff needs to be reconsidered in the release notes:
>
> > * Authentication cache thread-safety: authentication caches used by HttpClient is now thread-safe
> > and can be shared by multiple threads in order to re-use authentication state for subsequent
> > requests
>
> I do not know how this is implemented but in the context of GSS-API and
> SSPI, authentication contexts are not thread-safe. Every thread requires
> its own private GSS/SSPI context, moreover the context handle must be
> released/freed as soon as authentication has been completed.
>
> That is especially the issue I was questioning myself over and over
> again when I made a code review and mailed you privately back last year.
>
Only those schemes that implement Serializable (Basic and Digest at this
moment) are considered safe to cache. All others are not.
> > * Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient configured to use
> > native NTLM or SPNEGO authentication schemes can make use of platform specific functionality
> > via JNA and current user system credentials. This functionality is still considered experimental
> > and is known to have compatibility issues. Use at your discretion.
>
>
> I would rather write:
>
> "Native Windows Negotiate, Kerberos and NTLM via SSPI through JNA: when
> running on Windows OS HttpClient configured to use
> native SPNEGO, Kerberos or NTLM authentication schemes can make use of
> platform specific functionality
> via JNA and current user credentials. This functionality is still
> considered experimental, known to have compatibility issues and subject
> to change without prior notice. Use at your discretion.
>
Why would not you just go ahead and write it directly in the release
notes?
Cheers
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: HttpClient 4.4 release notes; Re: HttpClient 4.4 tutorial preview
Posted by Michael Osipov <mi...@apache.org>.
Am 2015-01-19 um 17:38 schrieb Oleg Kalnichevski:
> Folks
>
> Please review 4.4 release notes and make changes / amendments you
> deem necessary:
>
> http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
>
> @Michael,
>
> I hope the statement about experimental status of the Native Windows
> auth code is in line with what you have been expecting.
Some stuff needs to be reconsidered in the release notes:
> * Authentication cache thread-safety: authentication caches used by HttpClient is now thread-safe
> and can be shared by multiple threads in order to re-use authentication state for subsequent
> requests
I do not know how this is implemented but in the context of GSS-API and
SSPI, authentication contexts are not thread-safe. Every thread requires
its own private GSS/SSPI context, moreover the context handle must be
released/freed as soon as authentication has been completed.
That is especially the issue I was questioning myself over and over
again when I made a code review and mailed you privately back last year.
> * Native windows Negotiate/NTLM via JNA: when running on Windows OS HttpClient configured to use
> native NTLM or SPNEGO authentication schemes can make use of platform specific functionality
> via JNA and current user system credentials. This functionality is still considered experimental
> and is known to have compatibility issues. Use at your discretion.
I would rather write:
"Native Windows Negotiate, Kerberos and NTLM via SSPI through JNA: when
running on Windows OS HttpClient configured to use
native SPNEGO, Kerberos or NTLM authentication schemes can make use of
platform specific functionality
via JNA and current user credentials. This functionality is still
considered experimental, known to have compatibility issues and subject
to change without prior notice. Use at your discretion.
Side note:
In the long-term I plan to add some other nice features like PAC support.
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org