You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2014/06/06 09:41:02 UTC
[jira] [Resolved] (HTTPCLIENT-1490) auth caches do not take auth
realm into account
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-1490.
-------------------------------------------
Resolution: Invalid
Fix Version/s: (was: 4.4 Alpha1)
What I said on the mailing list tuned out wrong. When authenticating pre-emptively using cached credentials HttpClient cannot take auth realm into account because it is simply not known. Only when explicitly challenged HttpClient can extract a realm from the auth challenge.
I added a test case to SVN trunk [1] verifying that HttpClient can successfully re-authenticate in case of unsuccessful pre-emptive authentication with auth response form a different realm
{noformat}
2014/06/05 21:24:55:912 CEST [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2014/06/05 21:24:55:942 CEST [DEBUG] RequestAuthCache - Auth cache not set in the context
2014/06/05 21:24:55:944 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection request: [route: {}->http://localhost:38870][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
2014/06/05 21:24:55:968 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {}->http://localhost:38870][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:55:971 CEST [DEBUG] MainClientExec - Opening connection {}->http://localhost:38870
2014/06/05 21:24:55:975 CEST [DEBUG] DefaultHttpClientConnectionOperator - Connecting to localhost/127.0.0.1:38870
2014/06/05 21:24:55:977 CEST [DEBUG] DefaultHttpClientConnectionOperator - Connection established 127.0.0.1:60307<->127.0.0.1:38870
2014/06/05 21:24:55:978 CEST [DEBUG] MainClientExec - Executing request GET /this HTTP/1.1
2014/06/05 21:24:55:978 CEST [DEBUG] MainClientExec - Target auth state: UNCHALLENGED
2014/06/05 21:24:55:980 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:55:983 CEST [DEBUG] headers - http-outgoing-0 >> GET /this HTTP/1.1
2014/06/05 21:24:55:983 CEST [DEBUG] headers - http-outgoing-0 >> Host: localhost:38870
2014/06/05 21:24:55:983 CEST [DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
2014/06/05 21:24:55:984 CEST [DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:55:984 CEST [DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:55:989 CEST [DEBUG] headers - http-outgoing-0 << HTTP/1.1 401 Unauthorized
2014/06/05 21:24:55:990 CEST [DEBUG] headers - http-outgoing-0 << WWW-Authenticate: Basic realm="this realm"
2014/06/05 21:24:55:990 CEST [DEBUG] headers - http-outgoing-0 << Date: Thu, 05 Jun 2014 19:24:55 GMT
2014/06/05 21:24:55:991 CEST [DEBUG] headers - http-outgoing-0 << Content-Length: 0
2014/06/05 21:24:55:991 CEST [DEBUG] headers - http-outgoing-0 << Connection: Keep-Alive
2014/06/05 21:24:55:996 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:55:996 CEST [DEBUG] HttpAuthenticator - Authentication required
2014/06/05 21:24:55:997 CEST [DEBUG] HttpAuthenticator - localhost:38870 requested authentication
2014/06/05 21:24:55:998 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Authentication schemes in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
2014/06/05 21:24:55:998 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for negotiate authentication scheme not available
2014/06/05 21:24:56:000 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
2014/06/05 21:24:56:000 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
2014/06/05 21:24:56:001 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
2014/06/05 21:24:56:006 CEST [DEBUG] HttpAuthenticator - Selected authentication options: [BASIC [complete=true]]
2014/06/05 21:24:56:007 CEST [DEBUG] MainClientExec - Executing request GET /this HTTP/1.1
2014/06/05 21:24:56:008 CEST [DEBUG] MainClientExec - Target auth state: CHALLENGED
2014/06/05 21:24:56:008 CEST [DEBUG] HttpAuthenticator - Generating response to an authentication challenge using basic scheme
2014/06/05 21:24:56:012 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:56:012 CEST [DEBUG] headers - http-outgoing-0 >> GET /this HTTP/1.1
2014/06/05 21:24:56:012 CEST [DEBUG] headers - http-outgoing-0 >> Host: localhost:38870
2014/06/05 21:24:56:013 CEST [DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
2014/06/05 21:24:56:013 CEST [DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:013 CEST [DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:014 CEST [DEBUG] headers - http-outgoing-0 >> Authorization: Basic dGVzdDp0aGlz
2014/06/05 21:24:56:017 CEST [DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 OK
2014/06/05 21:24:56:017 CEST [DEBUG] headers - http-outgoing-0 << Date: Thu, 05 Jun 2014 19:24:55 GMT
2014/06/05 21:24:56:018 CEST [DEBUG] headers - http-outgoing-0 << Content-Length: 7
2014/06/05 21:24:56:018 CEST [DEBUG] headers - http-outgoing-0 << Content-Type: text/plain; charset=US-ASCII
2014/06/05 21:24:56:018 CEST [DEBUG] headers - http-outgoing-0 << Connection: Keep-Alive
2014/06/05 21:24:56:019 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:56:019 CEST [DEBUG] HttpAuthenticator - Authentication succeeded
2014/06/05 21:24:56:020 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Caching 'basic' auth scheme for http://localhost:38870
2014/06/05 21:24:56:024 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection [id: 0][route: {}->http://localhost:38870] can be kept alive indefinitely
2014/06/05 21:24:56:025 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {}->http://localhost:38870][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:56:026 CEST [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2014/06/05 21:24:56:026 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection request: [route: {}->http://localhost:38870][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:56:027 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {}->http://localhost:38870][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:56:027 CEST [DEBUG] MainClientExec - Stale connection check
2014/06/05 21:24:56:029 CEST [DEBUG] MainClientExec - Executing request GET /this HTTP/1.1
2014/06/05 21:24:56:029 CEST [DEBUG] MainClientExec - Target auth state: SUCCESS
2014/06/05 21:24:56:029 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:56:029 CEST [DEBUG] headers - http-outgoing-0 >> GET /this HTTP/1.1
2014/06/05 21:24:56:030 CEST [DEBUG] headers - http-outgoing-0 >> Host: localhost:38870
2014/06/05 21:24:56:030 CEST [DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
2014/06/05 21:24:56:030 CEST [DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:031 CEST [DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:031 CEST [DEBUG] headers - http-outgoing-0 >> Authorization: Basic dGVzdDp0aGlz
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 OK
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << Date: Thu, 05 Jun 2014 19:24:55 GMT
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << Content-Length: 7
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << Content-Type: text/plain; charset=US-ASCII
2014/06/05 21:24:56:033 CEST [DEBUG] headers - http-outgoing-0 << Connection: Keep-Alive
2014/06/05 21:24:56:033 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:56:033 CEST [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2014/06/05 21:24:56:034 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection request: [route: {}->http://localhost:38870][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:56:034 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection leased: [id: 1][route: {}->http://localhost:38870][total kept alive: 0; route allocated: 2 of 2; total allocated: 2 of 20]
2014/06/05 21:24:56:035 CEST [DEBUG] MainClientExec - Opening connection {}->http://localhost:38870
2014/06/05 21:24:56:035 CEST [DEBUG] DefaultHttpClientConnectionOperator - Connecting to localhost/127.0.0.1:38870
2014/06/05 21:24:56:036 CEST [DEBUG] DefaultHttpClientConnectionOperator - Connection established 127.0.0.1:60308<->127.0.0.1:38870
2014/06/05 21:24:56:036 CEST [DEBUG] MainClientExec - Executing request GET /that HTTP/1.1
2014/06/05 21:24:56:036 CEST [DEBUG] MainClientExec - Target auth state: SUCCESS
2014/06/05 21:24:56:037 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:56:037 CEST [DEBUG] headers - http-outgoing-1 >> GET /that HTTP/1.1
2014/06/05 21:24:56:037 CEST [DEBUG] headers - http-outgoing-1 >> Host: localhost:38870
2014/06/05 21:24:56:038 CEST [DEBUG] headers - http-outgoing-1 >> Connection: Keep-Alive
2014/06/05 21:24:56:038 CEST [DEBUG] headers - http-outgoing-1 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:038 CEST [DEBUG] headers - http-outgoing-1 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:039 CEST [DEBUG] headers - http-outgoing-1 >> Authorization: Basic dGVzdDp0aGlz
2014/06/05 21:24:56:039 CEST [DEBUG] headers - http-outgoing-1 << HTTP/1.1 401 Unauthorized
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << WWW-Authenticate: Basic realm="that realm"
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << Date: Thu, 05 Jun 2014 19:24:55 GMT
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << Content-Length: 0
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << Connection: Keep-Alive
2014/06/05 21:24:56:041 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:56:041 CEST [DEBUG] HttpAuthenticator - Authentication required
2014/06/05 21:24:56:041 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Clearing cached auth scheme for http://localhost:38870
2014/06/05 21:24:56:042 CEST [DEBUG] HttpAuthenticator - localhost:38870 requested authentication
2014/06/05 21:24:56:043 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Authentication schemes in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
2014/06/05 21:24:56:044 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for negotiate authentication scheme not available
2014/06/05 21:24:56:044 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
2014/06/05 21:24:56:045 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
2014/06/05 21:24:56:045 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
2014/06/05 21:24:56:046 CEST [DEBUG] HttpAuthenticator - Selected authentication options: [BASIC [complete=true]]
2014/06/05 21:24:56:047 CEST [DEBUG] MainClientExec - Executing request GET /that HTTP/1.1
2014/06/05 21:24:56:047 CEST [DEBUG] MainClientExec - Target auth state: CHALLENGED
2014/06/05 21:24:56:047 CEST [DEBUG] HttpAuthenticator - Generating response to an authentication challenge using basic scheme
2014/06/05 21:24:56:048 CEST [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
2014/06/05 21:24:56:049 CEST [DEBUG] headers - http-outgoing-1 >> GET /that HTTP/1.1
2014/06/05 21:24:56:049 CEST [DEBUG] headers - http-outgoing-1 >> Host: localhost:38870
2014/06/05 21:24:56:049 CEST [DEBUG] headers - http-outgoing-1 >> Connection: Keep-Alive
2014/06/05 21:24:56:050 CEST [DEBUG] headers - http-outgoing-1 >> User-Agent: Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:051 CEST [DEBUG] headers - http-outgoing-1 >> Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:051 CEST [DEBUG] headers - http-outgoing-1 >> Authorization: Basic dGVzdDp0aGF0
2014/06/05 21:24:56:059 CEST [DEBUG] headers - http-outgoing-1 << HTTP/1.1 200 OK
2014/06/05 21:24:56:059 CEST [DEBUG] headers - http-outgoing-1 << Date: Thu, 05 Jun 2014 19:24:55 GMT
2014/06/05 21:24:56:059 CEST [DEBUG] headers - http-outgoing-1 << Content-Length: 7
2014/06/05 21:24:56:060 CEST [DEBUG] headers - http-outgoing-1 << Content-Type: text/plain; charset=US-ASCII
2014/06/05 21:24:56:060 CEST [DEBUG] headers - http-outgoing-1 << Connection: Keep-Alive
2014/06/05 21:24:56:061 CEST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2014/06/05 21:24:56:061 CEST [DEBUG] HttpAuthenticator - Authentication succeeded
2014/06/05 21:24:56:062 CEST [DEBUG] TestClientAuthentication$TestTargetAuthenticationStrategy - Caching 'basic' auth scheme for http://localhost:38870
2014/06/05 21:24:56:062 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection manager is shutting down
2014/06/05 21:24:56:063 CEST [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-1: Close connection
2014/06/05 21:24:56:064 CEST [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
2014/06/05 21:24:56:064 CEST [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-1: Close connection
2014/06/05 21:24:56:065 CEST [DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
2014/06/05 21:24:56:065 CEST [DEBUG] PoolingHttpClientConnectionManager - Connection manager shut down
{noformat}
Please consider upgrading to HC 4.3
Oleg
[1] http://svn.apache.org/r1600737
> auth caches do not take auth realm into account
> -----------------------------------------------
>
> Key: HTTPCLIENT-1490
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1490
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.3.3
> Environment: HttpClient 4.1.1
> Reporter: Daniel Kugel
>
> HttpClient does not take into account different realms for the same host and as a result the wrong credentials are sent during the authentication process.
> When the host is first authenticated with one set of credentials it is sent again when authentication is requested although the realm has changed and a different set of credentials should be used for the new realm.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org