Pankaj Arora wrote:
Hi,
I am using HttpClient 3.x till now. It looks like 4.x is completely overhauled
and there are major API changes that happened. I thought solution to this
problem lied in having authentication info available to connection managers so
the stateful connection is not reused. I was looking at 4.x Api docs
http://hc.apache.org/httpcomponents-client/httpclient/apidocs/index.html
And I don't see any MultiThreaded Connection Manager.
http://hc.apache.org/httpcomponents-client/examples.html
http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/module-client/src/examples/org/apache/http/examples/client/ClientMultiThreadedExecution.java
In fact looks like everything has moved to org.apache.http.* packages from org.apache.commons.*.
If that's the case,
Yes, this is the case, because 4.0 is a complete rewrite of the old code
line.
can you tell me if there is some guide that can tell me how I can make
my existing product compatible with 4.x release?
You need to port it to the new API.
Second how the existing bug we are talking about can be resolved in new design.
HTTP connection managers in 4.0 are now aware that connections can be
stateful. They can take the connection state into consideration when
serving a request for a persistent connection. Standard connection
managers automatically take user identity into consideration when
managing NTLM authenticated connections.
Please make sure to read this, though
http://hc.apache.org/httpcomponents-client/ntlm.html
Oleg
I am sorry as I am bit confused as I wasn't following 4.x development from
scratch.
Thanks,
Pankaj Arora
-----Original Message-----
From: Pankaj Arora [mailto:[email protected]]
Sent: Tuesday, January 06, 2009 3:21 PM
To: HttpComponents Project
Subject: RE: FW: HttpClient authentication problem.
Hi Odi and Roland,
Was curious to know if this feature finally made to 4.0. Moreover when final
4.0 verison for commons is expected?
Thanks,
Pankaj Arora
Hi Odi,
I would actually consider this a security issue in the connection
managers: It may hand out an already authenticated connection to an
unsuspecting client. We should add fields to HttpConnection that keep
track of the credentials for connection oriented AuthSchemes. So
connection managers can take this into account. Also the connection
managers lack a parameter in the getConnection methods that carries
authentication information for connection based auth schemes.
It's on my list for 4.0, though it won't make it into client alpha1:
http://wiki.apache.org/jakarta-httpclient/ConnectionManagementDesign
It's not urgent since we won't have NTLM support for a while.
I don't think we can or should squeeze this into 3.x anymore.
cheers,
Roland
-----Original Message-----
From: Ortwin Glück [mailto:[email protected]]
Sent: Friday, May 18, 2007 5:41 AM
To: HttpComponents Project
Subject: Re: FW: HttpClient authentication problem.
Pankaj,
NTLM is designed to authenticate a connection. AFAIK it does not support
a "logout" in the middle of a connection, nor does it support preemptive
authentication. So the only way to force a new authentication is to
close the connection. (e.g. try and clear the authentication to a mapped
network drive in Windows. Probably the same issue there.)
Thus it's not possible to share a connection between users when using
NTLM auth. Yes, this may cause a performance hit if you were planning to
share a connection between different users.
You could tweak your connection manager to remember the authenticated
user for each connection and try to find an already authenticated one or
hand out a new one if you can't.
I would actually consider this a security issue in the connection
managers: It may hand out an already authenticated connection to an
unsuspecting client. We should add fields to HttpConnection that keep
track of the credentials for connection oriented AuthSchemes. So
connection managers can take this into account. Also the connection
managers lack a parameter in the getConnection methods that carries
authentication information for connection based auth schemes.
Ortwin
Pankaj Arora wrote:
Thanks, That worked for me. Only thing that worries me is that
connections don't persist now. It might be a performance issue. Only
thing which I would like to know from you( as I am bit novice here)-
what is the right behavior, my client not authenticating second time
as connection is already authenticated or closing the connections to
force authentication repeatedly.
Thanks, Pankaj Arora.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
