Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C5B1718AC1 for ; Tue, 13 Oct 2015 14:56:15 +0000 (UTC) Received: (qmail 86480 invoked by uid 500); 13 Oct 2015 14:56:06 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 86434 invoked by uid 500); 13 Oct 2015 14:56:06 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 86419 invoked by uid 99); 13 Oct 2015 14:56:06 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Oct 2015 14:56:06 +0000 Date: Tue, 13 Oct 2015 14:56:06 +0000 (UTC) From: "Michael Osipov (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HTTPCLIENT-1686) Threadsafe CloseableHttpClient uses non-threadsafe NTLMScheme, causing errors MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HTTPCLIENT-1686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14955067#comment-14955067 ] Michael Osipov commented on HTTPCLIENT-1686: -------------------------------------------- Ask {{svn blame}} and Karl Wright. You will surely get your answer. > Threadsafe CloseableHttpClient uses non-threadsafe NTLMScheme, causing errors > ----------------------------------------------------------------------------- > > Key: HTTPCLIENT-1686 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1686 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpClient > Affects Versions: 4.5.1 > Environment: Java/OSX > Reporter: Jim Cassidy > > The class org.apache.http.impl.client.CloseableHttpClient is marked as thread safe, but it may use org.apache.http.impl.auth.NTLMScheme during authentication (in this case, to Exchange's Exchange Web Services). NLTMScheme is not thread safe, and concurrent access can result in a crash when multiple threads access and modify the static NTLMEngineImpl Type1Message static private member, see stack trace below. > I've verified a fix for this particular issue by removing the static Type1Message object and allocating a new one for each call to NTLMEngineImpl.getType1Message, but that's not necessarily sufficient to mark NTLMScheme as ThreadSafe. > Stack trace: > {noformat} > Java.lang.ArrayIndexOutOfBoundsException: 40 > 0 = {StackTraceElement@8714} "org.apache.http.impl.auth.NTLMEngineImpl$NTLMMessage.addByte(NTLMEngineImpl.java:911)" > 1 = {StackTraceElement@8715} "org.apache.http.impl.auth.NTLMEngineImpl$NTLMMessage.addULong(NTLMEngineImpl.java:941)" > 2 = {StackTraceElement@8716} "org.apache.http.impl.auth.NTLMEngineImpl$Type1Message.getResponse(NTLMEngineImpl.java:1048)" > 3 = {StackTraceElement@8717} "org.apache.http.impl.auth.NTLMEngineImpl.getType1Message(NTLMEngineImpl.java:148)" > 4 = {StackTraceElement@8718} "org.apache.http.impl.auth.NTLMEngineImpl.generateType1Msg(NTLMEngineImpl.java:1628)" > 5 = {StackTraceElement@8719} "org.apache.http.impl.auth.NTLMScheme.authenticate(NTLMScheme.java:139)" > 6 = {StackTraceElement@8720} "org.apache.http.impl.auth.AuthSchemeBase.authenticate(AuthSchemeBase.java:138)" > 7 = {StackTraceElement@8721} "org.apache.http.impl.auth.HttpAuthenticator.doAuth(HttpAuthenticator.java:239)" > 8 = {StackTraceElement@8722} "org.apache.http.impl.auth.HttpAuthenticator.generateAuthResponse(HttpAuthenticator.java:202)" > 9 = {StackTraceElement@8723} "org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:262)" > 10 = {StackTraceElement@8724} "org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)" > 11 = {StackTraceElement@8725} "org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)" > 12 = {StackTraceElement@8726} "org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)" > 13 = {StackTraceElement@8727} "org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)" > 14 = {StackTraceElement@8728} "org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)" > 15 = {StackTraceElement@8729} > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org