[
https://issues.apache.org/jira/browse/HTTPCLIENT-1625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17874512#comment-17874512
]
Istvan Toth commented on HTTPCLIENT-1625:
-----------------------------------------
Hi [~olegk] [~michael-o].
I am working Apache Phoenix, (a component of which) relies on Calcite Avatica,
and which heavily uses Kerberos and specifically SPNEGO with HttpClient.
We need a HttpClient that supports SPENGO correctly, and the removal of SPNEGO
(and the issue that triggered it) is a major problem for the project.
My impression is that solving the problem would not be very hard, possibly the
existing HANDSHAKE status could be used to implement the missing <evaluate
token - negotiate if needed> loop required by the SPENGO spec and Kerberos
mutual auth.
As already noted, this would require some changes in the authentication code,
and the state machine defined in HttpAuthenticator, which may or may not break
API compatibility.
Our options are to implement SPENGO directly in Avatica, or to re-add and fix
SPENGO support to HttpClient, as I have not been able to find a Java htppclient
library that would statisfy our requirements.
Assuming that I am able to get SPENGO working correctly, is there interest in
adding SPNEGO support back to the project ?
If there is, what would be the timeframe to deliver it in a release ?
If it can be done without breaking the authentication API could it be added in
a patch release ?
If not, how could this be delivered ?
> Completely overhaul GSS-API-based authentication backend
> --------------------------------------------------------
>
> Key: HTTPCLIENT-1625
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1625
> Project: HttpComponents HttpClient
> Issue Type: Task
> Components: Documentation, HttpClient (classic)
> Affects Versions: 4.5
> Reporter: Michael Osipov
> Priority: Major
> Labels: stuck, volunteers-wanted
>
> The current implementation does not reflect the way GSS-API-based
> authentication should be done. It has several design flaws.
> This is an umbrella task for:
> 1. Deprecate all old classes
> 2. Investigate how it has to be plugged into HttpClient
> 3. Reimplement from scratch
> 4. Thoroughly test all new stuff
> 5. Rewrite documentation
> Design notes are canonically available under:
> https://wiki.apache.org/HttpComponents/IssueTracking/HTTPCLIENT-1625
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
