hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tomas Ruzicka (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HTTPCLIENT-1171) Infinite loop if authenticate() method throws AuthenticationException
Date Thu, 01 Mar 2012 14:27:56 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tomas Ruzicka updated HTTPCLIENT-1171:
--------------------------------------

    Description: 
- With 4.1.1: an infinite loop is entered if the exception is thrown. Httpclient then keeps
sending the request w/o Authentication header in the loop.
- With 4.2 Alpha1: the same as above if there is no other scheme available. So for example,
if the server responds:
{quote}
WWW-Authenticate: BASIC realm="realmoftheserver"
WWW-Authenticate: Digest realm="realmoftheserver", stale=false, nonce="cc684f71295dce8113c30617d7b34ddc",
qop="auth", algorithm="MD5"
{quote}
and the Digest scheme throws AuthenticationException then Basic scheme is used but if the
server responds just:
{quote}
WWW-Authenticate: Digest realm="realmoftheserver", stale=false, nonce="cc684f71295dce8113c30617d7b34ddc",
qop="auth", algorithm="MD5"
{quote}
and the Digest scheme throws AuthenticationException then the client enter the loop


  was:
With 4.1.1: an infinite loop is entered where httpclient keeps sending the request w/o Authentication
header
Wint 4.2 Alpha1: the same as above if there is no other scheme available. So for emaple, if
the server responds




    
> Infinite loop if authenticate() method throws AuthenticationException
> ---------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1171
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1171
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>    Affects Versions: 4.2 Alpha1
>            Reporter: Tomas Ruzicka
>
> - With 4.1.1: an infinite loop is entered if the exception is thrown. Httpclient then
keeps sending the request w/o Authentication header in the loop.
> - With 4.2 Alpha1: the same as above if there is no other scheme available. So for example,
if the server responds:
> {quote}
> WWW-Authenticate: BASIC realm="realmoftheserver"
> WWW-Authenticate: Digest realm="realmoftheserver", stale=false, nonce="cc684f71295dce8113c30617d7b34ddc",
qop="auth", algorithm="MD5"
> {quote}
> and the Digest scheme throws AuthenticationException then Basic scheme is used but if
the server responds just:
> {quote}
> WWW-Authenticate: Digest realm="realmoftheserver", stale=false, nonce="cc684f71295dce8113c30617d7b34ddc",
qop="auth", algorithm="MD5"
> {quote}
> and the Digest scheme throws AuthenticationException then the client enter the loop

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message