hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tomas Ruzicka (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1171) Infinite loop if authenticate() method throws AuthenticationException
Date Thu, 01 Mar 2012 15:05:57 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13220079#comment-13220079
] 

Tomas Ruzicka commented on HTTPCLIENT-1171:
-------------------------------------------

I will give it a try. You could easily try it by throwing the exception from within the method
e.g. in org.apache.http.impl.auth.DigestScheme
                
> Infinite loop if authenticate() method throws AuthenticationException
> ---------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1171
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1171
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>    Affects Versions: 4.1.3, 4.2 Alpha1
>            Reporter: Tomas Ruzicka
>
> - With 4.1.1: an infinite loop is entered if the exception is thrown. Httpclient then
keeps sending the request w/o Authentication header in the loop.
> - With 4.2 Alpha1: the same as above *if there is no other scheme available*. So for
example, if the server responds:
> WWW-Authenticate: BASIC realm="realmoftheserver"
> WWW-Authenticate: Digest realm="realmoftheserver", stale=false, nonce="cc684f71295dce8113c30617d7b34ddc",
qop="auth", algorithm="MD5"
> and the Digest scheme throws AuthenticationException then Basic scheme is used but if
the server responds just:
> WWW-Authenticate: Digest realm="realmoftheserver", stale=false, nonce="cc684f71295dce8113c30617d7b34ddc",
qop="auth", algorithm="MD5"
> and the Digest scheme throws AuthenticationException then the client enter the loop

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message