hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HTTPCLIENT-1490) auth caches do not take auth realm into account
Date Fri, 06 Jun 2014 07:41:02 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oleg Kalnichevski resolved HTTPCLIENT-1490.
-------------------------------------------

       Resolution: Invalid
    Fix Version/s:     (was: 4.4 Alpha1)

What I said on the mailing list tuned out wrong. When authenticating pre-emptively using cached
credentials HttpClient cannot take auth realm into account because it is simply not known.
Only when explicitly challenged HttpClient can extract a realm from the auth challenge. 

I added a test case to SVN trunk [1] verifying that HttpClient can successfully re-authenticate
in case of unsuccessful pre-emptive authentication with auth response form a different realm

{noformat}
2014/06/05 21:24:55:912 CEST [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2014/06/05 21:24:55:942 CEST [DEBUG] RequestAuthCache - Auth cache not set in the context
2014/06/05 21:24:55:944 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection request:
[route: {}->http://localhost:38870][total kept alive: 0; route allocated: 0 of 2; total
allocated: 0 of 20]
2014/06/05 21:24:55:968 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection leased:
[id: 0][route: {}->http://localhost:38870][total kept alive: 0; route allocated: 1 of 2;
total allocated: 1 of 20]
2014/06/05 21:24:55:971 CEST [DEBUG] MainClientExec - Opening connection {}->http://localhost:38870
2014/06/05 21:24:55:975 CEST [DEBUG] DefaultHttpClientConnectionOperator - Connecting to localhost/127.0.0.1:38870
2014/06/05 21:24:55:977 CEST [DEBUG] DefaultHttpClientConnectionOperator - Connection established
127.0.0.1:60307<->127.0.0.1:38870
2014/06/05 21:24:55:978 CEST [DEBUG] MainClientExec - Executing request GET /this HTTP/1.1
2014/06/05 21:24:55:978 CEST [DEBUG] MainClientExec - Target auth state: UNCHALLENGED
2014/06/05 21:24:55:980 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:55:983 CEST [DEBUG] headers - http-outgoing-0 >> GET /this HTTP/1.1
2014/06/05 21:24:55:983 CEST [DEBUG] headers - http-outgoing-0 >> Host: localhost:38870
2014/06/05 21:24:55:983 CEST [DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
2014/06/05 21:24:55:984 CEST [DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT
(Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:55:984 CEST [DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:55:989 CEST [DEBUG] headers - http-outgoing-0 << HTTP/1.1 401 Unauthorized
2014/06/05 21:24:55:990 CEST [DEBUG] headers - http-outgoing-0 << WWW-Authenticate:
Basic realm="this realm"
2014/06/05 21:24:55:990 CEST [DEBUG] headers - http-outgoing-0 << Date: Thu, 05 Jun
2014 19:24:55 GMT
2014/06/05 21:24:55:991 CEST [DEBUG] headers - http-outgoing-0 << Content-Length: 0
2014/06/05 21:24:55:991 CEST [DEBUG] headers - http-outgoing-0 << Connection: Keep-Alive
2014/06/05 21:24:55:996 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:55:996 CEST [DEBUG] HttpAuthenticator - Authentication required
2014/06/05 21:24:55:997 CEST [DEBUG] HttpAuthenticator - localhost:38870 requested authentication
2014/06/05 21:24:55:998 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy
- Authentication schemes in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
2014/06/05 21:24:55:998 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy
- Challenge for negotiate authentication scheme not available
2014/06/05 21:24:56:000 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy
- Challenge for Kerberos authentication scheme not available
2014/06/05 21:24:56:000 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy
- Challenge for NTLM authentication scheme not available
2014/06/05 21:24:56:001 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy
- Challenge for Digest authentication scheme not available
2014/06/05 21:24:56:006 CEST [DEBUG] HttpAuthenticator - Selected authentication options:
[BASIC [complete=true]]
2014/06/05 21:24:56:007 CEST [DEBUG] MainClientExec - Executing request GET /this HTTP/1.1
2014/06/05 21:24:56:008 CEST [DEBUG] MainClientExec - Target auth state: CHALLENGED
2014/06/05 21:24:56:008 CEST [DEBUG] HttpAuthenticator - Generating response to an authentication
challenge using basic scheme
2014/06/05 21:24:56:012 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:56:012 CEST [DEBUG] headers - http-outgoing-0 >> GET /this HTTP/1.1
2014/06/05 21:24:56:012 CEST [DEBUG] headers - http-outgoing-0 >> Host: localhost:38870
2014/06/05 21:24:56:013 CEST [DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
2014/06/05 21:24:56:013 CEST [DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT
(Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:013 CEST [DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:014 CEST [DEBUG] headers - http-outgoing-0 >> Authorization: Basic
dGVzdDp0aGlz
2014/06/05 21:24:56:017 CEST [DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 OK
2014/06/05 21:24:56:017 CEST [DEBUG] headers - http-outgoing-0 << Date: Thu, 05 Jun
2014 19:24:55 GMT
2014/06/05 21:24:56:018 CEST [DEBUG] headers - http-outgoing-0 << Content-Length: 7
2014/06/05 21:24:56:018 CEST [DEBUG] headers - http-outgoing-0 << Content-Type: text/plain;
charset=US-ASCII
2014/06/05 21:24:56:018 CEST [DEBUG] headers - http-outgoing-0 << Connection: Keep-Alive
2014/06/05 21:24:56:019 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:56:019 CEST [DEBUG] HttpAuthenticator - Authentication succeeded
2014/06/05 21:24:56:020 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy
- Caching 'basic' auth scheme for http://localhost:38870
2014/06/05 21:24:56:024 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection [id:
0][route: {}->http://localhost:38870] can be kept alive indefinitely
2014/06/05 21:24:56:025 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection released:
[id: 0][route: {}->http://localhost:38870][total kept alive: 1; route allocated: 1 of 2;
total allocated: 1 of 20]
2014/06/05 21:24:56:026 CEST [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2014/06/05 21:24:56:026 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection request:
[route: {}->http://localhost:38870][total kept alive: 1; route allocated: 1 of 2; total
allocated: 1 of 20]
2014/06/05 21:24:56:027 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection leased:
[id: 0][route: {}->http://localhost:38870][total kept alive: 0; route allocated: 1 of 2;
total allocated: 1 of 20]
2014/06/05 21:24:56:027 CEST [DEBUG] MainClientExec - Stale connection check
2014/06/05 21:24:56:029 CEST [DEBUG] MainClientExec - Executing request GET /this HTTP/1.1
2014/06/05 21:24:56:029 CEST [DEBUG] MainClientExec - Target auth state: SUCCESS
2014/06/05 21:24:56:029 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:56:029 CEST [DEBUG] headers - http-outgoing-0 >> GET /this HTTP/1.1
2014/06/05 21:24:56:030 CEST [DEBUG] headers - http-outgoing-0 >> Host: localhost:38870
2014/06/05 21:24:56:030 CEST [DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
2014/06/05 21:24:56:030 CEST [DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT
(Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:031 CEST [DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:031 CEST [DEBUG] headers - http-outgoing-0 >> Authorization: Basic
dGVzdDp0aGlz
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 OK
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << Date: Thu, 05 Jun
2014 19:24:55 GMT
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << Content-Length: 7
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << Content-Type: text/plain;
charset=US-ASCII
2014/06/05 21:24:56:033 CEST [DEBUG] headers - http-outgoing-0 << Connection: Keep-Alive
2014/06/05 21:24:56:033 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:56:033 CEST [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2014/06/05 21:24:56:034 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection request:
[route: {}->http://localhost:38870][total kept alive: 0; route allocated: 1 of 2; total
allocated: 1 of 20]
2014/06/05 21:24:56:034 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection leased:
[id: 1][route: {}->http://localhost:38870][total kept alive: 0; route allocated: 2 of 2;
total allocated: 2 of 20]
2014/06/05 21:24:56:035 CEST [DEBUG] MainClientExec - Opening connection {}->http://localhost:38870
2014/06/05 21:24:56:035 CEST [DEBUG] DefaultHttpClientConnectionOperator - Connecting to localhost/127.0.0.1:38870
2014/06/05 21:24:56:036 CEST [DEBUG] DefaultHttpClientConnectionOperator - Connection established
127.0.0.1:60308<->127.0.0.1:38870
2014/06/05 21:24:56:036 CEST [DEBUG] MainClientExec - Executing request GET /that HTTP/1.1
2014/06/05 21:24:56:036 CEST [DEBUG] MainClientExec - Target auth state: SUCCESS
2014/06/05 21:24:56:037 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:56:037 CEST [DEBUG] headers - http-outgoing-1 >> GET /that HTTP/1.1
2014/06/05 21:24:56:037 CEST [DEBUG] headers - http-outgoing-1 >> Host: localhost:38870
2014/06/05 21:24:56:038 CEST [DEBUG] headers - http-outgoing-1 >> Connection: Keep-Alive
2014/06/05 21:24:56:038 CEST [DEBUG] headers - http-outgoing-1 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT
(Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:038 CEST [DEBUG] headers - http-outgoing-1 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:039 CEST [DEBUG] headers - http-outgoing-1 >> Authorization: Basic
dGVzdDp0aGlz
2014/06/05 21:24:56:039 CEST [DEBUG] headers - http-outgoing-1 << HTTP/1.1 401 Unauthorized
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << WWW-Authenticate:
Basic realm="that realm"
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << Date: Thu, 05 Jun
2014 19:24:55 GMT
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << Content-Length: 0
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << Connection: Keep-Alive
2014/06/05 21:24:56:041 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:56:041 CEST [DEBUG] HttpAuthenticator - Authentication required
2014/06/05 21:24:56:041 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy
- Clearing cached auth scheme for http://localhost:38870
2014/06/05 21:24:56:042 CEST [DEBUG] HttpAuthenticator - localhost:38870 requested authentication
2014/06/05 21:24:56:043 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy
- Authentication schemes in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
2014/06/05 21:24:56:044 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy
- Challenge for negotiate authentication scheme not available
2014/06/05 21:24:56:044 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy
- Challenge for Kerberos authentication scheme not available
2014/06/05 21:24:56:045 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy
- Challenge for NTLM authentication scheme not available
2014/06/05 21:24:56:045 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy
- Challenge for Digest authentication scheme not available
2014/06/05 21:24:56:046 CEST [DEBUG] HttpAuthenticator - Selected authentication options:
[BASIC [complete=true]]
2014/06/05 21:24:56:047 CEST [DEBUG] MainClientExec - Executing request GET /that HTTP/1.1
2014/06/05 21:24:56:047 CEST [DEBUG] MainClientExec - Target auth state: CHALLENGED
2014/06/05 21:24:56:047 CEST [DEBUG] HttpAuthenticator - Generating response to an authentication
challenge using basic scheme
2014/06/05 21:24:56:048 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:56:049 CEST [DEBUG] headers - http-outgoing-1 >> GET /that HTTP/1.1
2014/06/05 21:24:56:049 CEST [DEBUG] headers - http-outgoing-1 >> Host: localhost:38870
2014/06/05 21:24:56:049 CEST [DEBUG] headers - http-outgoing-1 >> Connection: Keep-Alive
2014/06/05 21:24:56:050 CEST [DEBUG] headers - http-outgoing-1 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT
(Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:051 CEST [DEBUG] headers - http-outgoing-1 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:051 CEST [DEBUG] headers - http-outgoing-1 >> Authorization: Basic
dGVzdDp0aGF0
2014/06/05 21:24:56:059 CEST [DEBUG] headers - http-outgoing-1 << HTTP/1.1 200 OK
2014/06/05 21:24:56:059 CEST [DEBUG] headers - http-outgoing-1 << Date: Thu, 05 Jun
2014 19:24:55 GMT
2014/06/05 21:24:56:059 CEST [DEBUG] headers - http-outgoing-1 << Content-Length: 7
2014/06/05 21:24:56:060 CEST [DEBUG] headers - http-outgoing-1 << Content-Type: text/plain;
charset=US-ASCII
2014/06/05 21:24:56:060 CEST [DEBUG] headers - http-outgoing-1 << Connection: Keep-Alive
2014/06/05 21:24:56:061 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:56:061 CEST [DEBUG] HttpAuthenticator - Authentication succeeded
2014/06/05 21:24:56:062 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy
- Caching 'basic' auth scheme for http://localhost:38870
2014/06/05 21:24:56:062 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection manager
is shutting down
2014/06/05 21:24:56:063 CEST [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-1:
Close connection
2014/06/05 21:24:56:064 CEST [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0:
Close connection
2014/06/05 21:24:56:064 CEST [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-1:
Close connection
2014/06/05 21:24:56:065 CEST [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0:
Close connection
2014/06/05 21:24:56:065 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection manager
shut down
{noformat}

Please consider upgrading to HC 4.3
 
Oleg


[1] http://svn.apache.org/r1600737

> auth caches do not take auth realm into account
> -----------------------------------------------
>
>                 Key: HTTPCLIENT-1490
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1490
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 4.3.3
>         Environment: HttpClient 4.1.1
>            Reporter: Daniel Kugel
>
> HttpClient does not take into account different realms for the same host and as a result
the wrong credentials are sent during the authentication process.
> When the host is first authenticated with one set of credentials it is sent again when
authentication is requested although the realm has changed and a different set of credentials
should be used for the new realm.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message