You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@chemistry.apache.org by fm...@apache.org on 2016/08/31 07:37:44 UTC
svn commit: r1758527 -
/chemistry/opencmis/trunk/chemistry-opencmis-client/chemistry-opencmis-client-bindings/src/main/java/org/apache/chemistry/opencmis/client/bindings/spi/NTLMAuthenticationProvider.java
Author: fmui
Date: Wed Aug 31 07:37:44 2016
New Revision: 1758527
URL: http://svn.apache.org/viewvc?rev=1758527&view=rev
Log:
Client: added warnings to NTLM authentication provider
Modified:
chemistry/opencmis/trunk/chemistry-opencmis-client/chemistry-opencmis-client-bindings/src/main/java/org/apache/chemistry/opencmis/client/bindings/spi/NTLMAuthenticationProvider.java
Modified: chemistry/opencmis/trunk/chemistry-opencmis-client/chemistry-opencmis-client-bindings/src/main/java/org/apache/chemistry/opencmis/client/bindings/spi/NTLMAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-client/chemistry-opencmis-client-bindings/src/main/java/org/apache/chemistry/opencmis/client/bindings/spi/NTLMAuthenticationProvider.java?rev=1758527&r1=1758526&r2=1758527&view=diff
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-client/chemistry-opencmis-client-bindings/src/main/java/org/apache/chemistry/opencmis/client/bindings/spi/NTLMAuthenticationProvider.java (original)
+++ chemistry/opencmis/trunk/chemistry-opencmis-client/chemistry-opencmis-client-bindings/src/main/java/org/apache/chemistry/opencmis/client/bindings/spi/NTLMAuthenticationProvider.java Wed Aug 31 07:37:44 2016
@@ -23,27 +23,42 @@ import java.net.PasswordAuthentication;
import java.util.List;
import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
/**
- * NTLM authentication provider class. USE WITH CARE!
+ * NTLM authentication provider class. USE WITH CARE! DO NOT USE IN PRODUCTION!
*
* <p>
- * This authentication provider sets a {@link java.net.Authenticator} which will
- * replace the current authenticator, if any. It will fail if this authenticator
- * will be replaced by another part of the code.
+ * <b>The combination of CMIS and NTLM is not suited for production. Choose a
+ * different authentication method!</b>
* </p>
*
* <p>
- * Since {@link java.net.Authenticator} is a system-wide authenticator, it will
- * not reliably work in multi-user environments! To achieve that you have to
- * wrap OpenCMIS into its own class loader.
+ * This authentication provider sets a {@link java.net.Authenticator} which
+ * replaces the current authenticator, if any. It will fail if this
+ * authenticator is replaced later by another part of the code.
+ * </p>
+ *
+ * <p>
+ * Since {@link java.net.Authenticator} is a system-wide authenticator, <b>it
+ * does not reliably work in multi-user environments</b>! To achieve that you
+ * have to wrap OpenCMIS into its own class loader.
+ * </p>
+ *
+ * <p>
+ * This authenticator only works reliably for read operations (except queries).
+ * Write operations and queries may work for a while but will eventually fail.
+ * </b>!
* </p>
*/
public class NTLMAuthenticationProvider extends AbstractAuthenticationProvider {
private static final long serialVersionUID = 1L;
+ private static final Logger LOG = LoggerFactory.getLogger(NTLMAuthenticationProvider.class);
+
// java.net.Authenticator is static, so this can be static too
private static final OpenCMISAuthenticator AUTHENTICATOR = new OpenCMISAuthenticator();
static {
@@ -51,6 +66,12 @@ public class NTLMAuthenticationProvider
}
@Override
+ public void setSession(BindingSession session) {
+ super.setSession(session);
+ LOG.warn("Use NTLM only for testing! Choose a different authentication method in production.");
+ }
+
+ @Override
public Map<String, List<String>> getHTTPHeaders(String url) {
// get user and password
String user = getUser();