You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Oleg Kalnichevski (Commented) (JIRA)" <ji...@apache.org> on 2012/03/01 15:53:57 UTC

[jira] [Commented] (HTTPCLIENT-1171) Infinite loop if authenticate() method throws AuthenticationException

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13220075#comment-13220075 ] 

Oleg Kalnichevski commented on HTTPCLIENT-1171:
-----------------------------------------------

Besides, exactly what kind of exception gets thrown because this piece of code runs just fine for me?

{code}
Header challenge = new BasicHeader("WWW-Authenticate", 
        "Digest realm=\"realmoftheserver\", stale=false, " +
        "nonce=\"cc684f71295dce8113c30617d7b34ddc\", qop=\"auth\", algorithm=\"MD5\"");
DigestScheme authscheme = new DigestScheme();
authscheme.processChallenge(challenge);

HttpRequest request = new BasicHttpRequest("GET", "/");
UsernamePasswordCredentials creds = new UsernamePasswordCredentials("user:pwd");
Header authresp = authscheme.authenticate(creds, request);
System.out.println(authresp);
{code}
                
> Infinite loop if authenticate() method throws AuthenticationException
> ---------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1171
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1171
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>    Affects Versions: 4.1.3, 4.2 Alpha1
>            Reporter: Tomas Ruzicka
>
> - With 4.1.1: an infinite loop is entered if the exception is thrown. Httpclient then keeps sending the request w/o Authentication header in the loop.
> - With 4.2 Alpha1: the same as above *if there is no other scheme available*. So for example, if the server responds:
> WWW-Authenticate: BASIC realm="realmoftheserver"
> WWW-Authenticate: Digest realm="realmoftheserver", stale=false, nonce="cc684f71295dce8113c30617d7b34ddc", qop="auth", algorithm="MD5"
> and the Digest scheme throws AuthenticationException then Basic scheme is used but if the server responds just:
> WWW-Authenticate: Digest realm="realmoftheserver", stale=false, nonce="cc684f71295dce8113c30617d7b34ddc", qop="auth", algorithm="MD5"
> and the Digest scheme throws AuthenticationException then the client enter the loop

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org