hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralf Pöhlmann (JIRA) <j...@apache.org>
Subject [jira] [Created] (HTTPCLIENT-1186) NTLM authenticated connections are mixed
Date Mon, 23 Apr 2012 20:10:33 GMT
Ralf Pöhlmann created HTTPCLIENT-1186:
-----------------------------------------

             Summary: NTLM authenticated connections are mixed
                 Key: HTTPCLIENT-1186
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1186
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.1.3
            Reporter: Ralf Pöhlmann
            Priority: Critical


Executing multiple request using the same http context as recommended mixes authenticated
connections among different users. 

If we execute two request usign the same context, the first request adds the user token to
the http context as well as to the connection properties. The second request fins already
a user token in the http context but if a new connection will be created (no free connection
in the pool) this new connection is never assigned to an user token and is used independent
of any user context!

see DefaultRequestDirector:

// See if we have a user token bound to the execution context
Object userToken = context.getAttribute(ClientContext.USER_TOKEN);
...
if (managedConn != null && userToken == null) {
   userToken = userTokenHandler.getUserToken(context);
   context.setAttribute(ClientContext.USER_TOKEN, userToken);
   if (userToken != null) {
      managedConn.setState(userToken);
   }
}

and RouteSpecificPool:

    public BasicPoolEntry allocEntry(final Object state) {
        if (!freeEntries.isEmpty()) {
            ListIterator<BasicPoolEntry> it = freeEntries.listIterator(freeEntries.size());
            while (it.hasPrevious()) {
                BasicPoolEntry entry = it.previous();
                if (entry.getState() == null || LangUtils.equals(state, entry.getState()))
{
                    it.remove();
                    return entry;
                }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message