Thanks a lot for you reply, and thanks for this long explanation, I totally agree with you. Thanks a lot for your time and patience, and thanks for this wonderfull component. :)
On 9/18/06, Roland Weber <[EMAIL PROTECTED]> wrote:
Hello David, > Thanks a lot :( I suppose there are some reasons to be like this, but I was > hopping it wasn't beause the JDK seems to support it nicely, one more > thing... do you know some sort of similar implementation so I can solve > this > or a post or an article where HttpClient team explains why? Neither. The HttpClient team is already busy over their heads with delivering a platform independent solution. NTLM is not even in the scope of HttpClient, it just happens to be there at least for version 1 of the protocol. We don't have resources to waste on a platform specific solution that requires abusing internal, undocumented SUN APIs. > so I can justify this to my boss? You could suggest your boss to fund an effort to implement this requirement. We'd consider adding the code to our unsupported contrib package... Just kidding. The legal implications alone would be sufficient not to add such code. We recently had to turn down a patch that would have supported NTLMv2 since it included code licensed under the LGPL. Dealing with internal APIs that may have to be reverse-engineered would be a nightmare. I am spending a considerable amount of my private time on developing HttpComponents and supporting HttpClient, and so does Oleg. Right now we're the only two active developers in this project. I can't speak for Oleg, but I don't feel the tiniest urge to explain to your boss why I don't spend my private time on implementing just the feature that he would like to use for his business. You could suggest your boss to complain to Microsoft. If Microsoft would release the _full_ specifications for NTLM without licensing trapdoors, there would be open source implementations that we could use, and I'm sure one of them would also support authenticating with the current user's credentials on Windows. SUN has signed a licensing contract with Microsoft, they have obtained confidential documentation about NTLM, and they have paid developers to implement and test code that supports it. We're in no position to match that effort. And we don't want to, because HttpClient is about HTTP and not about cryptographic authentication protocols. If there is an open source NTLM implementation under a license that is compatible with the APL, we'll make an effort to plug that code into HttpClient. No more. Sorry to sound snappish, but I'm just in the right mood for that :-) cheers, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- David Castañeda R.
