You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Andreas Veithen (Moved) (JIRA)" <ji...@apache.org> on 2011/12/30 14:23:30 UTC

[jira] [Moved] (AXIS2-5225) Host provided by authenticator is treated incorrectly

     [ https://issues.apache.org/jira/browse/AXIS2-5225?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andreas Veithen moved AXIS-2856 to AXIS2-5225:
----------------------------------------------

          Component/s:     (was: Basic Architecture)
    Affects Version/s:     (was: 1.5)
                       1.5
                  Key: AXIS2-5225  (was: AXIS-2856)
              Project: Axis2  (was: Axis)
    
> Host provided by authenticator is treated incorrectly
> -----------------------------------------------------
>
>                 Key: AXIS2-5225
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5225
>             Project: Axis2
>          Issue Type: Bug
>    Affects Versions: 1.5
>         Environment: any OS
>            Reporter: Kirill Safonov
>
> As of 1.5.1 AbstractHTTPSender.setAuthenticationInfo() obtains host from authenticator. Then this value is used to:
> 1) Create NTCredentials instance. Here 'host' is expected to describe source party (Javadoc: "The host the authentication request is originating from...")
> 2) Create AuthScope instance. Here 'host' is stored and AuthScope instance is later matched with another instance provided by HttpMethodDirector.authenticateHost(), which uses host from connection (points to target machine).
> So, client has to pass server host to NTCredentials constructor, otherwise authentication will not be performed as expected. This contradicts to Javadoc and also may cause problems with NTLM authentication where client host name (and not server name) is part of the handshake message.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org