RE: NTLM class

2003-08-14 Thread Kalnichevski, Oleg
However the class is still public. At this stage of the release should we just leave the class public for 2.0 and remove it in 2.1 (or 3.0?) or should we make it package access as planned? I suggest we leave it public for the 2.0 release as it has been deprecated anyway. In CVS HEAD NTLM

RE: NTLM class

2003-08-14 Thread Kalnichevski, Oleg
I am +1 to remove the code from 2_0 branch anyway, because it is a major obstacle for integration. We must document the issue as you suggested, and include it in the release notes as well. Further documentation can be done by filing a Bug in Bugzilla, this will generate enough noise on

Re: NTLM class

2003-08-14 Thread Roland Weber
Hello Adrian, these lines may indeed be responsible for some of the configuration problems. In particular, it introduces a default dependency on the Sun implementation of JSSE, which causes problems with IBM JDKs that come with IBMs rather than Suns JSSE. Adding the security provider should not

Re: NTLM class

2003-08-14 Thread Mike Moran
On Thursday, August 14, 2003, at 03:36 pm, Michael Becke wrote: +1 for me as well. Me too (+1, obviously non-binding). I'm about a quarter the way through integrating rc1 into some code and the internal JCE hidden setup would be a total spanner-in-the-works. -- Mike

Re: NTLM class

2003-08-14 Thread Michael Becke
+1 for me as well. Mike Ortwin Glück wrote: Adrian Sutton wrote: My only concern with removing the code now is that we are so close to a release and this is a change that clearly does have some fallout even if we anticipate it to be very small. We will need to make this *very* clear in the

Re: NTLM class

2003-08-14 Thread Ortwin Glück
Adrian Sutton wrote: My only concern with removing the code now is that we are so close to a release and this is a change that clearly does have some fallout even if we anticipate it to be very small. We will need to make this *very* clear in the documentation I am +1 to remove the code from

RE: NTLM class

2003-08-14 Thread Kalnichevski, Oleg
This stuff clearly should be removed. It should be left up to the user to decide what JCE provider to use. Oleg -Original Message- From: Ortwin Glück [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 1:54 PM To: Commons HttpClient Project Subject: Re: NTLM class I find it bad

Re: NTLM class

2003-08-14 Thread Ortwin Glück
I find it bad pratice to set the JCE inside a totally lowlevel class. The JCE should only be set by the application and not by HttpClient at all. Odi Adrian Sutton wrote: String secProviderName = System.getProperty(httpclient.security.provider, com.sun.crypto.provider.SunJCE);

Re: NTLM class

2003-08-14 Thread Adrian Sutton
I believe these initializations should be removed completely. They can never have been more than a convenience in the first place. You are correct that they were to avoid having to avoid playing with the java.security file. I originally wrote the NTLM support with our applet in mind which