I just discovered a bug introduced with the recent changes in the authentication logic
for which I bear full responsibility. Basically NTLM authentication scheme fails to
properly handle authentication failures caused by invalid credentials, and a result
HttpClient enters an infinite loop in HttpMethodDirector code.
Because the bug is quite ugly and the fix appears pretty straight-forward, I will take
liberty in committing the patch shortly.
Oleg
Index: NTLMScheme.java
===================================================================
RCS file:
/home/cvspublic/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/NTLMScheme.java,v
retrieving revision 1.16
diff -u -r1.16 NTLMScheme.java
--- NTLMScheme.java 14 Jan 2004 20:48:43 -0000 1.16
+++ NTLMScheme.java 21 Jan 2004 18:48:22 -0000
@@ -95,6 +95,7 @@
private static final int TYPE1_MSG_GENERATED = 2;
private static final int TYPE2_MSG_RECEIVED = 3;
private static final int TYPE3_MSG_GENERATED = 4;
+ private static final int FAILED = Integer.MAX_VALUE;
/** Authentication process state */
private int state;
@@ -140,7 +141,11 @@
this.state = TYPE2_MSG_RECEIVED;
} else {
this.ntlmchallenge = "";
- this.state = INITIATED;
+ if (this.state == UNINITIATED) {
+ this.state = INITIATED;
+ } else {
+ this.state = FAILED;
+ }
}
}
@@ -151,7 +156,7 @@
* <tt>false</tt> otherwise.
*/
public boolean isComplete() {
- return this.state == TYPE3_MSG_GENERATED;
+ return this.state == TYPE3_MSG_GENERATED || this.state == FAILED;
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
