hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ricardo Pereira (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HTTPCLIENT-1383) NTLM authentication can enter in infinite loop
Date Sun, 07 Jul 2013 02:21:47 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ricardo Pereira updated HTTPCLIENT-1383:
----------------------------------------

    Attachment: HTTPCLIENT-1383_patch_tests

Attached a patch (for trunk) with some changes to the NTLM tests:
 - Adds a new test which enters in infinite loop (the difference is that the first answer
is already a challenge message);
 - Adds a new response handler that answers only with challenge messages.
                
> NTLM authentication can enter in infinite loop
> ----------------------------------------------
>
>                 Key: HTTPCLIENT-1383
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1383
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: Snapshot
>            Reporter: Ricardo Pereira
>             Fix For: 4.2.6, 4.3 Beta3
>
>         Attachments: ClientNtlmProxyAuthentication.java, HTTPCLIENT-1383_patch_tests,
wire.log
>
>
> If the NTLM proxy sends, always, a challenge message the authentication enters in infinite
loop.
> This happened with an user account that got suspended because of too many failed authentication
attempts, after that the server started to send, always, the (same) challenge message causing
an infinite loop with the HttpClient.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message