However the class is still public. At this stage of the release should
we just leave the class public for 2.0 and remove it in 2.1 (or 3.0?)
or should we make it package access as planned?
I suggest we leave it public for the 2.0 release as it has been deprecated anyway. In
CVS HEAD NTLM
I am +1 to remove the code from 2_0 branch anyway, because it is a major
obstacle for integration. We must document the issue as you suggested,
and include it in the release notes as well. Further documentation can
be done by filing a Bug in Bugzilla, this will generate enough noise on
Hello Adrian,
these lines may indeed be responsible for some of the
configuration problems. In particular, it introduces a
default dependency on the Sun implementation of JSSE,
which causes problems with IBM JDKs that come with
IBMs rather than Suns JSSE.
Adding the security provider should not
On Thursday, August 14, 2003, at 03:36 pm, Michael Becke wrote:
+1 for me as well.
Me too (+1, obviously non-binding). I'm about a quarter the way through
integrating rc1 into some code and the internal JCE hidden setup would
be a total spanner-in-the-works.
--
Mike
+1 for me as well.
Mike
Ortwin Glück wrote:
Adrian Sutton wrote:
My only concern with removing the code now is that we are so close to
a release and this is a change that clearly does have some fallout
even if we anticipate it to be very small.
We will need to make this *very* clear in the
Adrian Sutton wrote:
My only concern with removing the code now is that we are so close to a
release and this is a change that clearly does have some fallout even if
we anticipate it to be very small.
We will need to make this *very* clear in the documentation
I am +1 to remove the code from
This stuff clearly should be removed. It should be left up to the user to decide what
JCE provider to use.
Oleg
-Original Message-
From: Ortwin Glück [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14, 2003 1:54 PM
To: Commons HttpClient Project
Subject: Re: NTLM class
I find it bad
I find it bad pratice to set the JCE inside a totally lowlevel class.
The JCE should only be set by the application and not by HttpClient at all.
Odi
Adrian Sutton wrote:
String secProviderName =
System.getProperty(httpclient.security.provider,
com.sun.crypto.provider.SunJCE);
I believe these initializations should be removed completely.
They can never have been more than a convenience in the
first place.
You are correct that they were to avoid having to avoid playing with
the java.security file. I originally wrote the NTLM support with our
applet in mind which