You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Erick (Jira)" <ji...@apache.org> on 2021/08/17 00:29:00 UTC

[jira] [Updated] (HTTPCLIENT-2170) NTLM Authentication not working when sending multiple request concurrently

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-2170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Erick  updated HTTPCLIENT-2170:
-------------------------------
    Description: 
We migrated our apache version from 4.5.x to 5.0.4 and we have encountered an authentication error using NTLM. 

We are making multiple requests in different threads to a NTLM secured server concurrently such as: 
{code:java}
private fun test_Standalone() {    val username = "username"    val password = "password"    val serverName = "localhost"
    val requestUrls = arrayOf(        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/0/0/0",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/63/0/0",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11433",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13083/5716",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/1/0/0",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11432",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/14/6541/2858",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5716",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13083/5715",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11431",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5715",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/14/6541/2857",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26165/11434",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5717"    )
    for(url in requestUrls) {        makeRequestAsync(url, username, password)    }}
{code}
Some of the data request succeed but others fail with a *401 Unauthorized.*

**the output looks something like this:

 
{code:java}
<------[Thread-7] 401 :401 Unauthorized HTTP/1.1
<------[Thread-1] 401 :401 Unauthorized HTTP/1.1
<------[Thread-4] 401 :401 Unauthorized HTTP/1.1
<------[Thread-6] 401 :401 Unauthorized HTTP/1.1
<------[Thread-3] 401 :401 Unauthorized HTTP/1.1
<------[Thread-10] 401 :401 Unauthorized HTTP/1.1
<------[Thread-2] 401 :401 Unauthorized HTTP/1.1
<------[Thread-9] 401 :401 Unauthorized HTTP/1.1
<------[Thread-13] 401 :401 Unauthorized HTTP/1.1
<------[Thread-12] 401 :401 Unauthorized HTTP/1.1
<------[Thread-0] 401 :401 Unauthorized HTTP/1.1
<------[Thread-11] 401 :401 Unauthorized HTTP/1.1
<------[Thread-5] 401 :401 Unauthorized HTTP/1.1
<------[Thread-8] 200 :200 OK HTTP/1.1
{code}
 

Looking at the logs, it seems that the NTLM handshake fails for some request 

**We found that by synchronizing the method [ProtocolExec.execute()|https://github.com/apache/httpcomponents-client/blob/5.0.x/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java#L103], all the NTLM authentication requests succeed and we are able to fetch the data successfully. 

 

Attached is the repro java project that we are using. 

The project only needs an NTLM server and credentials to run. 

 

We tested version 5.1 and it was also reproducible. 

 

  was:
We migrated our apache version from 4.5.x to 5.0.4 and we have encountered an authentication error using NTLM. 

We are making multiple requests in different threads to a NTLM secured server concurrently such as: 
{code:java}
private fun test_Standalone() {    val username = "username"    val password = "password"    val serverName = "localhost"
    val requestUrls = arrayOf(        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/0/0/0",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/63/0/0",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11433",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13083/5716",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/1/0/0",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11432",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/14/6541/2858",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5716",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13083/5715",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11431",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5715",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/14/6541/2857",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26165/11434",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5717"    )
    for(url in requestUrls) {        makeRequestAsync(url, username, password)    }}
{code}
Some of the data request succeed but others fail with a *401 Unauthorized.*

**the output looks something like this:

 
{code:java}
<------[Thread-7] 401 :401 Unauthorized HTTP/1.1
<------[Thread-1] 401 :401 Unauthorized HTTP/1.1
<------[Thread-4] 401 :401 Unauthorized HTTP/1.1
<------[Thread-6] 401 :401 Unauthorized HTTP/1.1
<------[Thread-3] 401 :401 Unauthorized HTTP/1.1
<------[Thread-10] 401 :401 Unauthorized HTTP/1.1
<------[Thread-2] 401 :401 Unauthorized HTTP/1.1
<------[Thread-9] 401 :401 Unauthorized HTTP/1.1
<------[Thread-13] 401 :401 Unauthorized HTTP/1.1
<------[Thread-12] 401 :401 Unauthorized HTTP/1.1
<------[Thread-0] 401 :401 Unauthorized HTTP/1.1
<------[Thread-11] 401 :401 Unauthorized HTTP/1.1
<------[Thread-5] 401 :401 Unauthorized HTTP/1.1
<------[Thread-8] 200 :200 OK HTTP/1.1
{code}
 

Looking at the logs, it seems that the NTLM handshake fails for some request 

**We found that by synchronizing the method [ProtocolExec.execute()|https://github.com/apache/httpcomponents-client/blob/5.0.x/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java#L103], all the NTLM authentication requests succeed and we are able to fetch the data successfully. 

 

Attached is some the repro java project that we are using. 

The project only needs an NTLM server and credentials to run. 

 

We tested version 5.1 and it was also reproducible. 

 


> NTLM Authentication not working when sending multiple request concurrently
> --------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-2170
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2170
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (classic)
>    Affects Versions: 5.0.4, 5.1
>         Environment: Java 1.8 and Android 
>            Reporter: Erick 
>            Priority: Critical
>              Labels: 5.04, 5.1, NTLM, http-client
>         Attachments: NTLMTestSample.zip
>
>
> We migrated our apache version from 4.5.x to 5.0.4 and we have encountered an authentication error using NTLM. 
> We are making multiple requests in different threads to a NTLM secured server concurrently such as: 
> {code:java}
> private fun test_Standalone() {    val username = "username"    val password = "password"    val serverName = "localhost"
>     val requestUrls = arrayOf(        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/0/0/0",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/63/0/0",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11433",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13083/5716",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/1/0/0",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11432",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/14/6541/2858",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5716",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13083/5715",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11431",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5715",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/14/6541/2857",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26165/11434",        "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5717"    )
>     for(url in requestUrls) {        makeRequestAsync(url, username, password)    }}
> {code}
> Some of the data request succeed but others fail with a *401 Unauthorized.*
> **the output looks something like this:
>  
> {code:java}
> <------[Thread-7] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-1] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-4] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-6] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-3] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-10] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-2] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-9] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-13] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-12] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-0] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-11] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-5] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-8] 200 :200 OK HTTP/1.1
> {code}
>  
> Looking at the logs, it seems that the NTLM handshake fails for some request 
> **We found that by synchronizing the method [ProtocolExec.execute()|https://github.com/apache/httpcomponents-client/blob/5.0.x/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java#L103], all the NTLM authentication requests succeed and we are able to fetch the data successfully. 
>  
> Attached is the repro java project that we are using. 
> The project only needs an NTLM server and credentials to run. 
>  
> We tested version 5.1 and it was also reproducible. 
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org