hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ricardo Pereira (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HTTPCLIENT-1383) NTLM authentication can enter in infinite loop
Date Fri, 05 Jul 2013 15:51:48 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ricardo Pereira updated HTTPCLIENT-1383:
----------------------------------------

    Attachment: wire.log
                ClientNtlmProxyAuthentication.java

Attached the wire log and the code used to produce it (client/server heavily based on HttpClient/HttpCore
examples).
The example allows one authentication attempt, after that it returns "always" the challenge
message (it stops after 8 requests).

Tested with latest httpclient/httpcore trunk (revision 1500032).
                
> NTLM authentication can enter in infinite loop
> ----------------------------------------------
>
>                 Key: HTTPCLIENT-1383
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1383
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: Snapshot
>            Reporter: Ricardo Pereira
>         Attachments: ClientNtlmProxyAuthentication.java, wire.log
>
>
> If the NTLM proxy sends, always, a challenge message the authentication enters in infinite
loop.
> This happened with an user account that got suspended because of too many failed authentication
attempts, after that the server started to send, always, the (same) challenge message causing
an infinite loop with the HttpClient.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message