You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2012/04/24 16:17:36 UTC

[jira] [Updated] (HTTPCLIENT-1186) NTLM authenticated connections are mixed

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski updated HTTPCLIENT-1186:
------------------------------------------

    Fix Version/s: 4.2 Beta2

My bad. I did miss the fact that when the user token is not null the state does not get updated, while newly created connections do not get the state attribute state updated when leased from the manager. 

Oleg 
                
> NTLM authenticated connections are mixed
> ----------------------------------------
>
>                 Key: HTTPCLIENT-1186
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1186
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.3
>            Reporter: Ralf Pöhlmann
>            Priority: Critical
>              Labels: DefaultRequestDirector
>             Fix For: 4.2 Beta2
>
>
> Executing multiple request using the same http context as recommended mixes authenticated connections among different users. 
> If we execute two request usign the same context, the first request adds the user token to the http context as well as to the connection properties. The second request fins already a user token in the http context but if a new connection will be created (no free connection in the pool) this new connection is never assigned to an user token and is used independent of any user context!
> see DefaultRequestDirector:
> // See if we have a user token bound to the execution context
> Object userToken = context.getAttribute(ClientContext.USER_TOKEN);
> ...
> if (managedConn != null && userToken == null) {
>    userToken = userTokenHandler.getUserToken(context);
>    context.setAttribute(ClientContext.USER_TOKEN, userToken);
>    if (userToken != null) {
>       managedConn.setState(userToken);
>    }
> }
> and RouteSpecificPool:
>     public BasicPoolEntry allocEntry(final Object state) {
>         if (!freeEntries.isEmpty()) {
>             ListIterator<BasicPoolEntry> it = freeEntries.listIterator(freeEntries.size());
>             while (it.hasPrevious()) {
>                 BasicPoolEntry entry = it.previous();
>                 if (entry.getState() == null || LangUtils.equals(state, entry.getState())) {
>                     it.remove();
>                     return entry;
>                 }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org