hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ricardo Pereira (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HTTPCLIENT-1383) NTLM authentication can enter in infinite loop
Date Mon, 08 Jul 2013 07:09:49 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ricardo Pereira updated HTTPCLIENT-1383:
----------------------------------------

    Attachment: HTTPCLIENT-1383_patch_tests_non_unicode

Attached a patch (for trunk) with some changes to the NTLM tests: 
 - Adds a new test which enters in infinite loop (uses a "non unicode" NTLM challenge message);
 - Minor changes to use the same response handler (that sends only challenge messages).
                
> NTLM authentication can enter in infinite loop
> ----------------------------------------------
>
>                 Key: HTTPCLIENT-1383
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1383
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: Snapshot
>            Reporter: Ricardo Pereira
>             Fix For: 4.2.6, 4.3 Beta3
>
>         Attachments: ClientNtlmProxyAuthentication.java, HTTPCLIENT-1383_patch_tests,
HTTPCLIENT-1383_patch_tests_non_unicode, wire.log
>
>
> If the NTLM proxy sends, always, a challenge message the authentication enters in infinite
loop.
> This happened with an user account that got suspended because of too many failed authentication
attempts, after that the server started to send, always, the (same) challenge message causing
an infinite loop with the HttpClient.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message