Return-Path: 
 <dev-return-30450-apmail-hc-dev-archive=hc.apache.org@hc.apache.org>
X-Original-To: apmail-hc-dev-archive@www.apache.org
Delivered-To: apmail-hc-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 75EDF1102A
	for <apmail-hc-dev-archive@www.apache.org>;
 Fri,  6 Jun 2014 07:41:02 +0000 (UTC)
Received: (qmail 65343 invoked by uid 500); 6 Jun 2014 07:41:02 -0000
Delivered-To: apmail-hc-dev-archive@hc.apache.org
Received: (qmail 64967 invoked by uid 500); 6 Jun 2014 07:41:02 -0000
Mailing-List: contact dev-help@hc.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@hc.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@hc.apache.org>
List-Post: <mailto:dev@hc.apache.org>
List-Id: <dev.hc.apache.org>
Reply-To: "HttpComponents Project" <dev@hc.apache.org>
Delivered-To: mailing list dev@hc.apache.org
Received: (qmail 64953 invoked by uid 99); 6 Jun 2014 07:41:02 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jun 2014 07:41:02 +0000
Date: Fri, 6 Jun 2014 07:41:02 +0000 (UTC)
From: "Oleg Kalnichevski (JIRA)" <jira@apache.org>
To: dev@hc.apache.org
Message-ID: <JIRA.12703487.1395761131291.80630.1402040461997@arcas>
In-Reply-To: <JIRA.12703487.1395761131291@arcas>
References: <JIRA.12703487.1395761131291@arcas>
Subject: [jira] [Resolved] (HTTPCLIENT-1490) auth caches do not take auth
 realm into account
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski resolved HTTPCLIENT-1490.
-------------------------------------------

       Resolution: Invalid
    Fix Version/s:     (was: 4.4 Alpha1)

What I said on the mailing list tuned out wrong. When authenticating pre-emptively using cached credentials HttpClient cannot take auth realm into account because it is simply not known. Only when explicitly challenged HttpClient can extract a realm from the auth challenge. 

I added a test case to SVN trunk [1] verifying that HttpClient can successfully re-authenticate in case of unsuccessful pre-emptive authentication with auth response form a different realm

{noformat}
2014/06/05 21:24:55:912 CEST [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2014/06/05 21:24:55:942 CEST [DEBUG] RequestAuthCache - Auth cache not set in the context
2014/06/05 21:24:55:944 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection request: [route: {}->http://localhost:38870][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
2014/06/05 21:24:55:968 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {}->http://localhost:38870][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:55:971 CEST [DEBUG] MainClientExec - Opening connection {}->http://localhost:38870
2014/06/05 21:24:55:975 CEST [DEBUG] DefaultHttpClientConnectionOperator - Connecting to localhost/127.0.0.1:38870
2014/06/05 21:24:55:977 CEST [DEBUG] DefaultHttpClientConnectionOperator - Connection established 127.0.0.1:60307<->127.0.0.1:38870
2014/06/05 21:24:55:978 CEST [DEBUG] MainClientExec - Executing request GET /this HTTP/1.1
2014/06/05 21:24:55:978 CEST [DEBUG] MainClientExec - Target auth state: UNCHALLENGED
2014/06/05 21:24:55:980 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:55:983 CEST [DEBUG] headers - http-outgoing-0 >> GET /this HTTP/1.1
2014/06/05 21:24:55:983 CEST [DEBUG] headers - http-outgoing-0 >> Host: localhost:38870
2014/06/05 21:24:55:983 CEST [DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
2014/06/05 21:24:55:984 CEST [DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:55:984 CEST [DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:55:989 CEST [DEBUG] headers - http-outgoing-0 << HTTP/1.1 401 Unauthorized
2014/06/05 21:24:55:990 CEST [DEBUG] headers - http-outgoing-0 << WWW-Authenticate: Basic realm="this realm"
2014/06/05 21:24:55:990 CEST [DEBUG] headers - http-outgoing-0 << Date: Thu, 05 Jun 2014 19:24:55 GMT
2014/06/05 21:24:55:991 CEST [DEBUG] headers - http-outgoing-0 << Content-Length: 0
2014/06/05 21:24:55:991 CEST [DEBUG] headers - http-outgoing-0 << Connection: Keep-Alive
2014/06/05 21:24:55:996 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:55:996 CEST [DEBUG] HttpAuthenticator - Authentication required
2014/06/05 21:24:55:997 CEST [DEBUG] HttpAuthenticator - localhost:38870 requested authentication
2014/06/05 21:24:55:998 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Authentication schemes in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
2014/06/05 21:24:55:998 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for negotiate authentication scheme not available
2014/06/05 21:24:56:000 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
2014/06/05 21:24:56:000 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
2014/06/05 21:24:56:001 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
2014/06/05 21:24:56:006 CEST [DEBUG] HttpAuthenticator - Selected authentication options: [BASIC [complete=true]]
2014/06/05 21:24:56:007 CEST [DEBUG] MainClientExec - Executing request GET /this HTTP/1.1
2014/06/05 21:24:56:008 CEST [DEBUG] MainClientExec - Target auth state: CHALLENGED
2014/06/05 21:24:56:008 CEST [DEBUG] HttpAuthenticator - Generating response to an authentication challenge using basic scheme
2014/06/05 21:24:56:012 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:56:012 CEST [DEBUG] headers - http-outgoing-0 >> GET /this HTTP/1.1
2014/06/05 21:24:56:012 CEST [DEBUG] headers - http-outgoing-0 >> Host: localhost:38870
2014/06/05 21:24:56:013 CEST [DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
2014/06/05 21:24:56:013 CEST [DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:013 CEST [DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:014 CEST [DEBUG] headers - http-outgoing-0 >> Authorization: Basic dGVzdDp0aGlz
2014/06/05 21:24:56:017 CEST [DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 OK
2014/06/05 21:24:56:017 CEST [DEBUG] headers - http-outgoing-0 << Date: Thu, 05 Jun 2014 19:24:55 GMT
2014/06/05 21:24:56:018 CEST [DEBUG] headers - http-outgoing-0 << Content-Length: 7
2014/06/05 21:24:56:018 CEST [DEBUG] headers - http-outgoing-0 << Content-Type: text/plain; charset=US-ASCII
2014/06/05 21:24:56:018 CEST [DEBUG] headers - http-outgoing-0 << Connection: Keep-Alive
2014/06/05 21:24:56:019 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:56:019 CEST [DEBUG] HttpAuthenticator - Authentication succeeded
2014/06/05 21:24:56:020 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Caching 'basic' auth scheme for http://localhost:38870
2014/06/05 21:24:56:024 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection [id: 0][route: {}->http://localhost:38870] can be kept alive indefinitely
2014/06/05 21:24:56:025 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {}->http://localhost:38870][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:56:026 CEST [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2014/06/05 21:24:56:026 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection request: [route: {}->http://localhost:38870][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:56:027 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {}->http://localhost:38870][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:56:027 CEST [DEBUG] MainClientExec - Stale connection check
2014/06/05 21:24:56:029 CEST [DEBUG] MainClientExec - Executing request GET /this HTTP/1.1
2014/06/05 21:24:56:029 CEST [DEBUG] MainClientExec - Target auth state: SUCCESS
2014/06/05 21:24:56:029 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:56:029 CEST [DEBUG] headers - http-outgoing-0 >> GET /this HTTP/1.1
2014/06/05 21:24:56:030 CEST [DEBUG] headers - http-outgoing-0 >> Host: localhost:38870
2014/06/05 21:24:56:030 CEST [DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
2014/06/05 21:24:56:030 CEST [DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:031 CEST [DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:031 CEST [DEBUG] headers - http-outgoing-0 >> Authorization: Basic dGVzdDp0aGlz
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 OK
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << Date: Thu, 05 Jun 2014 19:24:55 GMT
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << Content-Length: 7
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << Content-Type: text/plain; charset=US-ASCII
2014/06/05 21:24:56:033 CEST [DEBUG] headers - http-outgoing-0 << Connection: Keep-Alive
2014/06/05 21:24:56:033 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:56:033 CEST [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2014/06/05 21:24:56:034 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection request: [route: {}->http://localhost:38870][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:56:034 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection leased: [id: 1][route: {}->http://localhost:38870][total kept alive: 0; route allocated: 2 of 2; total allocated: 2 of 20]
2014/06/05 21:24:56:035 CEST [DEBUG] MainClientExec - Opening connection {}->http://localhost:38870
2014/06/05 21:24:56:035 CEST [DEBUG] DefaultHttpClientConnectionOperator - Connecting to localhost/127.0.0.1:38870
2014/06/05 21:24:56:036 CEST [DEBUG] DefaultHttpClientConnectionOperator - Connection established 127.0.0.1:60308<->127.0.0.1:38870
2014/06/05 21:24:56:036 CEST [DEBUG] MainClientExec - Executing request GET /that HTTP/1.1
2014/06/05 21:24:56:036 CEST [DEBUG] MainClientExec - Target auth state: SUCCESS
2014/06/05 21:24:56:037 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:56:037 CEST [DEBUG] headers - http-outgoing-1 >> GET /that HTTP/1.1
2014/06/05 21:24:56:037 CEST [DEBUG] headers - http-outgoing-1 >> Host: localhost:38870
2014/06/05 21:24:56:038 CEST [DEBUG] headers - http-outgoing-1 >> Connection: Keep-Alive
2014/06/05 21:24:56:038 CEST [DEBUG] headers - http-outgoing-1 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:038 CEST [DEBUG] headers - http-outgoing-1 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:039 CEST [DEBUG] headers - http-outgoing-1 >> Authorization: Basic dGVzdDp0aGlz
2014/06/05 21:24:56:039 CEST [DEBUG] headers - http-outgoing-1 << HTTP/1.1 401 Unauthorized
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << WWW-Authenticate: Basic realm="that realm"
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << Date: Thu, 05 Jun 2014 19:24:55 GMT
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << Content-Length: 0
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << Connection: Keep-Alive
2014/06/05 21:24:56:041 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:56:041 CEST [DEBUG] HttpAuthenticator - Authentication required
2014/06/05 21:24:56:041 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Clearing cached auth scheme for http://localhost:38870
2014/06/05 21:24:56:042 CEST [DEBUG] HttpAuthenticator - localhost:38870 requested authentication
2014/06/05 21:24:56:043 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Authentication schemes in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
2014/06/05 21:24:56:044 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for negotiate authentication scheme not available
2014/06/05 21:24:56:044 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
2014/06/05 21:24:56:045 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
2014/06/05 21:24:56:045 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
2014/06/05 21:24:56:046 CEST [DEBUG] HttpAuthenticator - Selected authentication options: [BASIC [complete=true]]
2014/06/05 21:24:56:047 CEST [DEBUG] MainClientExec - Executing request GET /that HTTP/1.1
2014/06/05 21:24:56:047 CEST [DEBUG] MainClientExec - Target auth state: CHALLENGED
2014/06/05 21:24:56:047 CEST [DEBUG] HttpAuthenticator - Generating response to an authentication challenge using basic scheme
2014/06/05 21:24:56:048 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:56:049 CEST [DEBUG] headers - http-outgoing-1 >> GET /that HTTP/1.1
2014/06/05 21:24:56:049 CEST [DEBUG] headers - http-outgoing-1 >> Host: localhost:38870
2014/06/05 21:24:56:049 CEST [DEBUG] headers - http-outgoing-1 >> Connection: Keep-Alive
2014/06/05 21:24:56:050 CEST [DEBUG] headers - http-outgoing-1 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:051 CEST [DEBUG] headers - http-outgoing-1 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:051 CEST [DEBUG] headers - http-outgoing-1 >> Authorization: Basic dGVzdDp0aGF0
2014/06/05 21:24:56:059 CEST [DEBUG] headers - http-outgoing-1 << HTTP/1.1 200 OK
2014/06/05 21:24:56:059 CEST [DEBUG] headers - http-outgoing-1 << Date: Thu, 05 Jun 2014 19:24:55 GMT
2014/06/05 21:24:56:059 CEST [DEBUG] headers - http-outgoing-1 << Content-Length: 7
2014/06/05 21:24:56:060 CEST [DEBUG] headers - http-outgoing-1 << Content-Type: text/plain; charset=US-ASCII
2014/06/05 21:24:56:060 CEST [DEBUG] headers - http-outgoing-1 << Connection: Keep-Alive
2014/06/05 21:24:56:061 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:56:061 CEST [DEBUG] HttpAuthenticator - Authentication succeeded
2014/06/05 21:24:56:062 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Caching 'basic' auth scheme for http://localhost:38870
2014/06/05 21:24:56:062 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection manager is shutting down
2014/06/05 21:24:56:063 CEST [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-1: Close connection
2014/06/05 21:24:56:064 CEST [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
2014/06/05 21:24:56:064 CEST [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-1: Close connection
2014/06/05 21:24:56:065 CEST [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
2014/06/05 21:24:56:065 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection manager shut down
{noformat}

Please consider upgrading to HC 4.3
 
Oleg


[1] http://svn.apache.org/r1600737

> auth caches do not take auth realm into account
> -----------------------------------------------
>
>                 Key: HTTPCLIENT-1490
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1490
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 4.3.3
>         Environment: HttpClient 4.1.1
>            Reporter: Daniel Kugel
>
> HttpClient does not take into account different realms for the same host and as a result the wrong credentials are sent during the authentication process.
> When the host is first authenticated with one set of credentials it is sent again when authentication is requested although the realm has changed and a different set of credentials should be used for the new realm.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org