[jira] [Commented] (HTTPCLIENT-1686) Threadsafe CloseableHttpClient uses non-threadsafe NTLMScheme, causing errors

["Oleg Kalnichevski (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14935694#comment-14935694 ] 

Oleg Kalnichevski commented on HTTPCLIENT-1686:
-----------------------------------------------

Jim,
I am sorry I do not understand. NTLMEngineImpl is not supposed to be thread-safe and is not supposed to be used concurrently by multiple threads.

Why are you trying to access the same instance NTLMEngineImpl from multiple threads?

Oleg

> Threadsafe CloseableHttpClient uses non-threadsafe NTLMScheme, causing errors
> -----------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1686
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1686
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.5.1
>         Environment: Java/OSX
>            Reporter: Jim Cassidy
>
> The class org.apache.http.impl.client.CloseableHttpClient is marked as thread safe, but it may use org.apache.http.impl.auth.NTLMScheme during authentication (in this case, to Exchange's Exchange Web Services).  NLTMScheme is not thread safe, and concurrent access can result in a crash when multiple threads access and modify the static NTLMEngineImpl Type1Message static private member, see stack trace below.
> I've verified a fix for this particular issue by removing the static Type1Message object and allocating a new one for each call to NTLMEngineImpl.getType1Message, but that's not necessarily sufficient to mark NTLMScheme as ThreadSafe.
> Stack trace:
> {noformat}
> Java.lang.ArrayIndexOutOfBoundsException: 40
> 0 = {StackTraceElement@8714} "org.apache.http.impl.auth.NTLMEngineImpl$NTLMMessage.addByte(NTLMEngineImpl.java:911)"
> 1 = {StackTraceElement@8715} "org.apache.http.impl.auth.NTLMEngineImpl$NTLMMessage.addULong(NTLMEngineImpl.java:941)"
> 2 = {StackTraceElement@8716} "org.apache.http.impl.auth.NTLMEngineImpl$Type1Message.getResponse(NTLMEngineImpl.java:1048)"
> 3 = {StackTraceElement@8717} "org.apache.http.impl.auth.NTLMEngineImpl.getType1Message(NTLMEngineImpl.java:148)"
> 4 = {StackTraceElement@8718} "org.apache.http.impl.auth.NTLMEngineImpl.generateType1Msg(NTLMEngineImpl.java:1628)"
> 5 = {StackTraceElement@8719} "org.apache.http.impl.auth.NTLMScheme.authenticate(NTLMScheme.java:139)"
> 6 = {StackTraceElement@8720} "org.apache.http.impl.auth.AuthSchemeBase.authenticate(AuthSchemeBase.java:138)"
> 7 = {StackTraceElement@8721} "org.apache.http.impl.auth.HttpAuthenticator.doAuth(HttpAuthenticator.java:239)"
> 8 = {StackTraceElement@8722} "org.apache.http.impl.auth.HttpAuthenticator.generateAuthResponse(HttpAuthenticator.java:202)"
> 9 = {StackTraceElement@8723} "org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:262)"
> 10 = {StackTraceElement@8724} "org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)"
> 11 = {StackTraceElement@8725} "org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)"
> 12 = {StackTraceElement@8726} "org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)"
> 13 = {StackTraceElement@8727} "org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)"
> 14 = {StackTraceElement@8728} "org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)"
> 15 = {StackTraceElement@8729} 
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org