You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2021/08/17 06:12:00 UTC

[jira] [Commented] (HTTPCLIENT-2170) NTLM Authentication not working when sending multiple request concurrently

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-2170?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17400155#comment-17400155 ] 

Michael Osipov commented on HTTPCLIENT-2170:
--------------------------------------------

Synchronizating this method is wrong because the state on the connection needs to be maintained by the authenticator, not this method. You need to search a solution in the NTLM classes.

> NTLM Authentication not working when sending multiple request concurrently
> --------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-2170
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2170
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (classic)
>    Affects Versions: 5.0.4, 5.1
>         Environment: Java 1.8 and Android 
>            Reporter: Erick 
>            Priority: Critical
>              Labels: 5.04, 5.1, NTLM, http-client
>         Attachments: NTLMTestSample.zip
>
>
> We migrated our apache version from 4.5.x to 5.0.4 and we have encountered an authentication error using NTLM. 
> We are making multiple requests in different threads to a NTLM secured server concurrently such as: 
> {code:java}
> private fun test_Standalone() {    val username = "username"    val password = "password"    val serverName = "localhost"
>     val requestUrls = arrayOf(        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/0/0/0",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/63/0/0",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11433",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13083/5716",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/1/0/0",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11432",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/14/6541/2858",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5716",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13083/5715",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11431",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5715",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/14/6541/2857",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26165/11434",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5717"    )
>     for(url in requestUrls) {        makeRequestAsync(url, username, password)    }}
> {code}
> Some of the data request succeed but others fail with a *401 Unauthorized.*
> **the output looks something like this:
>  
> {code:java}
> <------[Thread-7] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-1] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-4] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-6] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-3] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-10] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-2] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-9] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-13] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-12] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-0] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-11] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-5] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-8] 200 :200 OK HTTP/1.1
> {code}
>  
> Looking at the logs, it seems that the NTLM handshake fails for some request 
> **We found that by synchronizing the method [ProtocolExec.execute()|https://github.com/apache/httpcomponents-client/blob/5.0.x/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java#L103], all the NTLM authentication requests succeed and we are able to fetch the data successfully. 
>  
> Attached is the repro java project that we are using. 
> The project only needs an NTLM server and credentials to run. 
>  
> We tested version 5.1 and it was also reproducible. 
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org