hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jim Cassidy (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1686) Threadsafe CloseableHttpClient uses non-threadsafe NTLMScheme, causing errors
Date Tue, 29 Sep 2015 22:29:04 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14936029#comment-14936029
] 

Jim Cassidy commented on HTTPCLIENT-1686:
-----------------------------------------

Understood, so the end result is the same.  The code I'm debugging (a third party library
that uses CloseableHttpClient), configured it to use NTLM authentication, which uses org.apache.http.impl.auth,NTLMScheme,
which results in a CloseableHttpClient that isn't threadsafe, since NTLMScheme is not threadsafe.

Are there any current efforts underway to make the NTLM* hierarchy of auth scheme classes
and friends thread safe?  Since it's explicitly marked as not thread safe, I'm wondering if
there's any history here or known gotchas before I try to make it thread safe.

> Threadsafe CloseableHttpClient uses non-threadsafe NTLMScheme, causing errors
> -----------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1686
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1686
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.5.1
>         Environment: Java/OSX
>            Reporter: Jim Cassidy
>
> The class org.apache.http.impl.client.CloseableHttpClient is marked as thread safe, but
it may use org.apache.http.impl.auth.NTLMScheme during authentication (in this case, to Exchange's
Exchange Web Services).  NLTMScheme is not thread safe, and concurrent access can result in
a crash when multiple threads access and modify the static NTLMEngineImpl Type1Message static
private member, see stack trace below.
> I've verified a fix for this particular issue by removing the static Type1Message object
and allocating a new one for each call to NTLMEngineImpl.getType1Message, but that's not necessarily
sufficient to mark NTLMScheme as ThreadSafe.
> Stack trace:
> {noformat}
> Java.lang.ArrayIndexOutOfBoundsException: 40
> 0 = {StackTraceElement@8714} "org.apache.http.impl.auth.NTLMEngineImpl$NTLMMessage.addByte(NTLMEngineImpl.java:911)"
> 1 = {StackTraceElement@8715} "org.apache.http.impl.auth.NTLMEngineImpl$NTLMMessage.addULong(NTLMEngineImpl.java:941)"
> 2 = {StackTraceElement@8716} "org.apache.http.impl.auth.NTLMEngineImpl$Type1Message.getResponse(NTLMEngineImpl.java:1048)"
> 3 = {StackTraceElement@8717} "org.apache.http.impl.auth.NTLMEngineImpl.getType1Message(NTLMEngineImpl.java:148)"
> 4 = {StackTraceElement@8718} "org.apache.http.impl.auth.NTLMEngineImpl.generateType1Msg(NTLMEngineImpl.java:1628)"
> 5 = {StackTraceElement@8719} "org.apache.http.impl.auth.NTLMScheme.authenticate(NTLMScheme.java:139)"
> 6 = {StackTraceElement@8720} "org.apache.http.impl.auth.AuthSchemeBase.authenticate(AuthSchemeBase.java:138)"
> 7 = {StackTraceElement@8721} "org.apache.http.impl.auth.HttpAuthenticator.doAuth(HttpAuthenticator.java:239)"
> 8 = {StackTraceElement@8722} "org.apache.http.impl.auth.HttpAuthenticator.generateAuthResponse(HttpAuthenticator.java:202)"
> 9 = {StackTraceElement@8723} "org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:262)"
> 10 = {StackTraceElement@8724} "org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)"
> 11 = {StackTraceElement@8725} "org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)"
> 12 = {StackTraceElement@8726} "org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)"
> 13 = {StackTraceElement@8727} "org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)"
> 14 = {StackTraceElement@8728} "org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)"
> 15 = {StackTraceElement@8729} 
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message