hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Osipov (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1545) Possible infinite loop when WindowsNegotiateScheme authentication fails
Date Mon, 13 Oct 2014 07:04:34 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14169024#comment-14169024

Michael Osipov commented on HTTPCLIENT-1545:

bq. If you prefer to throw {{SEC_E_TARGET_UNKNOWN}} in the unit test that's fine. The error
code choice is pretty arbitrary.

Personally, I do that would correspond the the huge comment in the test class.

bq. Even though that 1) it's true that that the SPN should be dynamically generated and 2)
the code is currently tagged as experimental, I'm hesitant to break an interface that is already
used by existing clients of HttpClient-win - I don't like breaking existing interfaces. I
guess we could deprecate that API first.

Exactly, *experimental* means it is in constant flux, do not rely on it, it could change/break
anytime. This is neither beta or alpha. You have the right to improve/polish the API.

Regarding server-side support. I have all stuff available, MIT Kerberos with Subversion on
Apache HTTPd, SPNEGO on Tomcat 6 with JGSS and SSPI on Windows Server. All is available for

> Possible infinite loop when WindowsNegotiateScheme authentication fails
> -----------------------------------------------------------------------
>                 Key: HTTPCLIENT-1545
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1545
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.4 Alpha1
>         Environment: Windows
>            Reporter: Ka-Lok Fung
>             Fix For: 4.4 Beta1
>         Attachments: HTTPCLIENT-1545.WinXP.diff, HTTPCLIENT-1545.patch.diff, HTTPCLIENT-1545.v2.patch.diff
> When {{WindowsNegotiateScheme}} authentication fails, it's possible for HttpClient to
retry the authentication in an endless loop because the {{continueNeeded}} flag is not set
to {{false}} when authentication fails.
> One possible way of causing authentication to fail is to use a service principle name
that is outside your Windows domain (e.g., HTTP/EXAMPLE.COM).

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message