You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Lennart Diedrich (Created) (JIRA)" <ji...@apache.org> on 2012/02/27 18:52:49 UTC
[jira] [Created] (HTTPCLIENT-1168) HTTPClient doesn't send
authentication header in threaded environment
HTTPClient doesn't send authentication header in threaded environment
---------------------------------------------------------------------
Key: HTTPCLIENT-1168
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1168
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient
Affects Versions: 4.2 Beta1, 4.1.3
Reporter: Lennart Diedrich
Using HTTPClient with multiple threads and basic authentication seems to create a race condition. The request headers sometimes don't contain the authorization entry, which results in a 401 (although the username and password credentials are correctly set).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1168) HTTPClient doesn't send
authentication header in threaded environment
Posted by "Oleg Kalnichevski (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski updated HTTPCLIENT-1168:
------------------------------------------
Component/s: (was: HttpClient)
Documentation
> HTTPClient doesn't send authentication header in threaded environment
> ---------------------------------------------------------------------
>
> Key: HTTPCLIENT-1168
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1168
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 4.1.3, 4.2 Beta1
> Reporter: Lennart Diedrich
> Priority: Minor
> Labels: auth, authentication, basic, multithread, thread
> Fix For: 4.2 Beta2
>
> Attachments: ThreadedHttpBasicAuthTest.java
>
>
> Using HTTPClient with multiple threads and basic authentication seems to create a race condition. The request headers sometimes don't contain the authorization entry, which results in a 401 (although the username and password credentials are correctly set).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1168) HTTPClient doesn't send
authentication header in threaded environment
Posted by "Lennart Diedrich (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lennart Diedrich updated HTTPCLIENT-1168:
-----------------------------------------
Attachment: ThreadedHttpBasicAuthTest.java
Simple test to demonstrate the issue.
> HTTPClient doesn't send authentication header in threaded environment
> ---------------------------------------------------------------------
>
> Key: HTTPCLIENT-1168
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1168
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.1.3, 4.2 Beta1
> Reporter: Lennart Diedrich
> Labels: auth, authentication, basic, multithread, thread
> Attachments: ThreadedHttpBasicAuthTest.java
>
>
> Using HTTPClient with multiple threads and basic authentication seems to create a race condition. The request headers sometimes don't contain the authorization entry, which results in a 401 (although the username and password credentials are correctly set).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1168) HTTPClient doesn't send
authentication header in threaded environment
Posted by "Oleg Kalnichevski (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski updated HTTPCLIENT-1168:
------------------------------------------
Priority: Minor (was: Major)
Fix Version/s: 4.2 Beta2
Lennart,
The race condition is caused by HttpContext instance being shared for all threads of execution. While theoretically HttpContext can be shared by multiple execution threads, authentication state clearly cannot.
I'll see if I can fix this issue by synchronizing access to AuthState instances or by updating the documentation.
Oleg
> HTTPClient doesn't send authentication header in threaded environment
> ---------------------------------------------------------------------
>
> Key: HTTPCLIENT-1168
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1168
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.1.3, 4.2 Beta1
> Reporter: Lennart Diedrich
> Priority: Minor
> Labels: auth, authentication, basic, multithread, thread
> Fix For: 4.2 Beta2
>
> Attachments: ThreadedHttpBasicAuthTest.java
>
>
> Using HTTPClient with multiple threads and basic authentication seems to create a race condition. The request headers sometimes don't contain the authorization entry, which results in a 401 (although the username and password credentials are correctly set).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Resolved] (HTTPCLIENT-1168) HTTPClient doesn't send
authentication header in threaded environment
Posted by "Oleg Kalnichevski (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-1168.
-------------------------------------------
Resolution: Fixed
AuthState instances are inherently thread unsafe as they maintain conversation state that can span across multiple HTTP exchanges. I opted for just documenting the recommended way of using HttpContext in multithreaded applications (one HttpContext instance per thread of execution).
Oleg
> HTTPClient doesn't send authentication header in threaded environment
> ---------------------------------------------------------------------
>
> Key: HTTPCLIENT-1168
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1168
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 4.1.3, 4.2 Beta1
> Reporter: Lennart Diedrich
> Priority: Minor
> Labels: auth, authentication, basic, multithread, thread
> Fix For: 4.2 Beta2
>
> Attachments: ThreadedHttpBasicAuthTest.java
>
>
> Using HTTPClient with multiple threads and basic authentication seems to create a race condition. The request headers sometimes don't contain the authorization entry, which results in a 401 (although the username and password credentials are correctly set).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org