You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2020/06/14 17:09:00 UTC
[jira] [Commented] (HTTPCLIENT-2086) NTLM Message parse Error
[ https://issues.apache.org/jira/browse/HTTPCLIENT-2086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17135233#comment-17135233 ]
Michael Osipov commented on HTTPCLIENT-2086:
--------------------------------------------
Something is wrong here. {{Authorization}} is sent by the client, not pased the mentioned class. How is this subject to cient-side parsing?
> NTLM Message parse Error
> ------------------------
>
> Key: HTTPCLIENT-2086
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2086
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCache
> Affects Versions: 5.0
> Reporter: Michael Wagner
> Priority: Critical
>
> My Authentication endpoint returns an NTLM Message header like this:
> {code}
> "Authorization: NTLM TlRM....AAACgAAAAFASgKAAAADw==[\r][\n]"
> {code}
> Upon reading this header with {{AuthChallengeParser}} hc parses this field using the code in [line 70|https://github.com/apache/httpcomponents-client/blob/3730b03a99308ff99769fdd60e80a43230cf5aac/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/AuthChallengeParser.java#L70]:
> {code}
> if (!cursor.atEnd() && buffer.charAt(cursor.getPos()) == EQUAL_CHAR) {
> cursor.updatePos(cursor.getPos() + 1);
> final String value = tokenParser.parseValue(buffer, cursor, DELIMITER);
> return new BasicNameValuePair(token, value);
> }
> {code}
> When reading the first "=" char of the message, it interprets the value as a key-value pair. The first part of the NTLM message being the key and the second "=" the value. [Later|https://github.com/apache/httpcomponents-client/blob/3730b03a99308ff99769fdd60e80a43230cf5aac/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/AuthChallengeParser.java#L126] an AuthChallenge is later created with
> {code}
> new AuthChallenge(challengeType, schemeName, null, params.size() > 0 ? params : null);
> {code}
> where {{value}} is null and params a list containing the NTLM message without the equals signs.
> Without the "==" the next auth step fails.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org