DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25529>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25529 Redesign of HTTP authentication framework Summary: Redesign of HTTP authentication framework Product: Commons Version: Nightly Builds Platform: All OS/Version: All Status: NEW Severity: Enhancement Priority: Other Component: HttpClient AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The existing HTTP authentication framework has got a few glaring deficiencies: - Authentication headers management evolved (or degraded) into a some sort of black art and proved very error-prone. - Existing logic intended to deal with authentication failures and authentication failure recovery is flawed. The resolution of the bug #20089 did appear possible without a better approach than the one based on AuthScheme#getID. On top of that authentication logic got quite messy with the series of attempts to fix breakages in complex authentication schemes (the latest being NTLM proxy + basic host fix) The patch I am about to attach is an attempt to address all the shortcomings mentioned above. It builds upon my previous patch that enabled authentication schemes to maintain authentication state and presents a complete redesign of the existing HTTP authentication framework. Basically there's no authentication code left untouched, so please do take a closer look. Critique, comments, suggestions welcome. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]