hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HTTPCLIENT-1186) NTLM authenticated connections are mixed
Date Tue, 24 Apr 2012 14:17:36 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oleg Kalnichevski updated HTTPCLIENT-1186:
------------------------------------------

    Fix Version/s: 4.2 Beta2

My bad. I did miss the fact that when the user token is not null the state does not get updated,
while newly created connections do not get the state attribute state updated when leased from
the manager. 

Oleg 
                
> NTLM authenticated connections are mixed
> ----------------------------------------
>
>                 Key: HTTPCLIENT-1186
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1186
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.3
>            Reporter: Ralf Pöhlmann
>            Priority: Critical
>              Labels: DefaultRequestDirector
>             Fix For: 4.2 Beta2
>
>
> Executing multiple request using the same http context as recommended mixes authenticated
connections among different users. 
> If we execute two request usign the same context, the first request adds the user token
to the http context as well as to the connection properties. The second request fins already
a user token in the http context but if a new connection will be created (no free connection
in the pool) this new connection is never assigned to an user token and is used independent
of any user context!
> see DefaultRequestDirector:
> // See if we have a user token bound to the execution context
> Object userToken = context.getAttribute(ClientContext.USER_TOKEN);
> ...
> if (managedConn != null && userToken == null) {
>    userToken = userTokenHandler.getUserToken(context);
>    context.setAttribute(ClientContext.USER_TOKEN, userToken);
>    if (userToken != null) {
>       managedConn.setState(userToken);
>    }
> }
> and RouteSpecificPool:
>     public BasicPoolEntry allocEntry(final Object state) {
>         if (!freeEntries.isEmpty()) {
>             ListIterator<BasicPoolEntry> it = freeEntries.listIterator(freeEntries.size());
>             while (it.hasPrevious()) {
>                 BasicPoolEntry entry = it.previous();
>                 if (entry.getState() == null || LangUtils.equals(state, entry.getState()))
{
>                     it.remove();
>                     return entry;
>                 }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message