You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Lennart Diedrich (Created) (JIRA)" <ji...@apache.org> on 2012/02/27 18:52:49 UTC

[jira] [Created] (HTTPCLIENT-1168) HTTPClient doesn't send authentication header in threaded environment

HTTPClient doesn't send authentication header in threaded environment
---------------------------------------------------------------------

                 Key: HTTPCLIENT-1168
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1168
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.2 Beta1, 4.1.3
            Reporter: Lennart Diedrich


Using HTTPClient with multiple threads and basic authentication seems to create a race condition. The request headers sometimes don't contain the authorization entry, which results in a 401 (although the username and password credentials are correctly set). 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

[jira] [Updated] (HTTPCLIENT-1168) HTTPClient doesn't send authentication header in threaded environment

Posted by "Oleg Kalnichevski (Updated) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski updated HTTPCLIENT-1168:
------------------------------------------

    Component/s:     (was: HttpClient)
                 Documentation
    
> HTTPClient doesn't send authentication header in threaded environment
> ---------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1168
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1168
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 4.1.3, 4.2 Beta1
>            Reporter: Lennart Diedrich
>            Priority: Minor
>              Labels: auth, authentication, basic, multithread, thread
>             Fix For: 4.2 Beta2
>
>         Attachments: ThreadedHttpBasicAuthTest.java
>
>
> Using HTTPClient with multiple threads and basic authentication seems to create a race condition. The request headers sometimes don't contain the authorization entry, which results in a 401 (although the username and password credentials are correctly set). 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

[jira] [Updated] (HTTPCLIENT-1168) HTTPClient doesn't send authentication header in threaded environment

Posted by "Lennart Diedrich (Updated) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lennart Diedrich updated HTTPCLIENT-1168:
-----------------------------------------

    Attachment: ThreadedHttpBasicAuthTest.java

Simple test to demonstrate the issue.
                
> HTTPClient doesn't send authentication header in threaded environment
> ---------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1168
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1168
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.3, 4.2 Beta1
>            Reporter: Lennart Diedrich
>              Labels: auth, authentication, basic, multithread, thread
>         Attachments: ThreadedHttpBasicAuthTest.java
>
>
> Using HTTPClient with multiple threads and basic authentication seems to create a race condition. The request headers sometimes don't contain the authorization entry, which results in a 401 (although the username and password credentials are correctly set). 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

[jira] [Updated] (HTTPCLIENT-1168) HTTPClient doesn't send authentication header in threaded environment

Posted by "Oleg Kalnichevski (Updated) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski updated HTTPCLIENT-1168:
------------------------------------------

         Priority: Minor  (was: Major)
    Fix Version/s: 4.2 Beta2

Lennart,

The race condition is caused by HttpContext instance being shared for all threads of execution. While theoretically HttpContext can be shared by multiple execution threads, authentication state clearly cannot. 

I'll see if I can fix this issue by synchronizing access to AuthState instances or by updating the documentation.

Oleg 
                
> HTTPClient doesn't send authentication header in threaded environment
> ---------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1168
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1168
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.3, 4.2 Beta1
>            Reporter: Lennart Diedrich
>            Priority: Minor
>              Labels: auth, authentication, basic, multithread, thread
>             Fix For: 4.2 Beta2
>
>         Attachments: ThreadedHttpBasicAuthTest.java
>
>
> Using HTTPClient with multiple threads and basic authentication seems to create a race condition. The request headers sometimes don't contain the authorization entry, which results in a 401 (although the username and password credentials are correctly set). 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

[jira] [Resolved] (HTTPCLIENT-1168) HTTPClient doesn't send authentication header in threaded environment

Posted by "Oleg Kalnichevski (Resolved) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski resolved HTTPCLIENT-1168.
-------------------------------------------

    Resolution: Fixed

AuthState instances are inherently thread unsafe as they maintain conversation state that can span across multiple HTTP exchanges. I opted for just documenting the recommended way of using HttpContext in multithreaded applications (one HttpContext instance per thread of execution).

Oleg 
                
> HTTPClient doesn't send authentication header in threaded environment
> ---------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1168
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1168
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 4.1.3, 4.2 Beta1
>            Reporter: Lennart Diedrich
>            Priority: Minor
>              Labels: auth, authentication, basic, multithread, thread
>             Fix For: 4.2 Beta2
>
>         Attachments: ThreadedHttpBasicAuthTest.java
>
>
> Using HTTPClient with multiple threads and basic authentication seems to create a race condition. The request headers sometimes don't contain the authorization entry, which results in a 401 (although the username and password credentials are correctly set). 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org