hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HTTPCLIENT-1715) NTLMEngineImpl.Type1Message not thread safe but declared as a constant
Date Wed, 27 Jan 2016 08:45:40 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1715?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15118875#comment-15118875
] 

Karl Wright edited comment on HTTPCLIENT-1715 at 1/27/16 8:44 AM:
------------------------------------------------------------------

Hi [~ggregory],

As you may know, this NTLM implementation was constructed from specifications developed by
reverse engineering the proprietary NTLM protocol on various versions of Windows.  There is
no "best behavior" because everything has to be tested against multiple windows versions.
 The reverse engineered specification includes a place for domain and host in the Type 1 message,
but many windows versions do not seem to set these values, and we could not guarantee that
setting them would not cause trouble in some instances.


was (Author: kwright@metacarta.com):
Hi Gary,

As you may know, this NTLM implementation was constructed from specifications developed by
reverse engineering the proprietary NTLM protocol on various versions of Windows.  There is
no "best behavior" because everything has to be tested against multiple windows versions.
 The reverse engineered specification includes a place for domain and host in the Type 1 message,
but many windows versions do not seem to set these values, and we could not guarantee that
setting them would not cause trouble in some instances.

> NTLMEngineImpl.Type1Message not thread safe but declared as a constant
> ----------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1715
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1715
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.5.1
>            Reporter: Olivier Lafontaine
>            Assignee: Gary Gregory
>             Fix For: 4.5.2, 5.0 Alpha2
>
>
> {{NTLMEngineImpl}} declares a {{static final}} member named {{TYPE_1_MESSAGE}} of type
{{Type1Message}}. Members of {{Type1Message}} are final and do not change, but that is not
the case for members of its superclass {{NTLMMessage}}.
> Whenever the method {{NTLMEngineImpl#getType1Message(String, String)}} is called, the
method {{NTLMMessage#getResponse()}} get called on the {{TYPE_1_MESSAGE}} instance and this
modifies the following members of {{NTLMMessage}}:
> * messageContents
> * currentOutputPosition
> This is not thread safe and we get exceptions as seen in HTTPCLIENT-1686.
> My guess is that the computed response string should be kept in a constant instead of
a {{Type1Message}} instance.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message