Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8BF9318989 for ; Tue, 29 Sep 2015 19:43:09 +0000 (UTC) Received: (qmail 977 invoked by uid 500); 29 Sep 2015 19:43:04 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 933 invoked by uid 500); 29 Sep 2015 19:43:04 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 918 invoked by uid 99); 29 Sep 2015 19:43:04 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Sep 2015 19:43:04 +0000 Date: Tue, 29 Sep 2015 19:43:04 +0000 (UTC) From: "Oleg Kalnichevski (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HTTPCLIENT-1686) Threadsafe CloseableHttpClient uses non-threadsafe NTLMScheme, causing errors MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HTTPCLIENT-1686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14935723#comment-14935723 ] Oleg Kalnichevski commented on HTTPCLIENT-1686: ----------------------------------------------- > CloseableHttpClient uses NLTMEngineImpl No, it does not. Subsclasses of CloseableHttpClient use AuthSchemeProviders, which are expected to be thread-safe. Instances of AuthScheme are always accessed through HttpContext. They never get accessed directly by subclasses of CloseableHttpClient. Oleg > Threadsafe CloseableHttpClient uses non-threadsafe NTLMScheme, causing errors > ----------------------------------------------------------------------------- > > Key: HTTPCLIENT-1686 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1686 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpClient > Affects Versions: 4.5.1 > Environment: Java/OSX > Reporter: Jim Cassidy > > The class org.apache.http.impl.client.CloseableHttpClient is marked as thread safe, but it may use org.apache.http.impl.auth.NTLMScheme during authentication (in this case, to Exchange's Exchange Web Services). NLTMScheme is not thread safe, and concurrent access can result in a crash when multiple threads access and modify the static NTLMEngineImpl Type1Message static private member, see stack trace below. > I've verified a fix for this particular issue by removing the static Type1Message object and allocating a new one for each call to NTLMEngineImpl.getType1Message, but that's not necessarily sufficient to mark NTLMScheme as ThreadSafe. > Stack trace: > {noformat} > Java.lang.ArrayIndexOutOfBoundsException: 40 > 0 = {StackTraceElement@8714} "org.apache.http.impl.auth.NTLMEngineImpl$NTLMMessage.addByte(NTLMEngineImpl.java:911)" > 1 = {StackTraceElement@8715} "org.apache.http.impl.auth.NTLMEngineImpl$NTLMMessage.addULong(NTLMEngineImpl.java:941)" > 2 = {StackTraceElement@8716} "org.apache.http.impl.auth.NTLMEngineImpl$Type1Message.getResponse(NTLMEngineImpl.java:1048)" > 3 = {StackTraceElement@8717} "org.apache.http.impl.auth.NTLMEngineImpl.getType1Message(NTLMEngineImpl.java:148)" > 4 = {StackTraceElement@8718} "org.apache.http.impl.auth.NTLMEngineImpl.generateType1Msg(NTLMEngineImpl.java:1628)" > 5 = {StackTraceElement@8719} "org.apache.http.impl.auth.NTLMScheme.authenticate(NTLMScheme.java:139)" > 6 = {StackTraceElement@8720} "org.apache.http.impl.auth.AuthSchemeBase.authenticate(AuthSchemeBase.java:138)" > 7 = {StackTraceElement@8721} "org.apache.http.impl.auth.HttpAuthenticator.doAuth(HttpAuthenticator.java:239)" > 8 = {StackTraceElement@8722} "org.apache.http.impl.auth.HttpAuthenticator.generateAuthResponse(HttpAuthenticator.java:202)" > 9 = {StackTraceElement@8723} "org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:262)" > 10 = {StackTraceElement@8724} "org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)" > 11 = {StackTraceElement@8725} "org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)" > 12 = {StackTraceElement@8726} "org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)" > 13 = {StackTraceElement@8727} "org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)" > 14 = {StackTraceElement@8728} "org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)" > 15 = {StackTraceElement@8729} > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org