[
https://issues.apache.org/jira/browse/HTTPCLIENT-1171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tomas Ruzicka updated HTTPCLIENT-1171:
--------------------------------------
Description:
- With 4.1.1: an infinite loop is entered if the exception is thrown.
Httpclient then keeps sending the request w/o Authentication header in the loop.
- With 4.2 Alpha1: the same as above *if there is no other scheme available*.
So for example, if the server responds:
WWW-Authenticate: BASIC realm="realmoftheserver"
WWW-Authenticate: Digest realm="realmoftheserver", stale=false,
nonce="cc684f71295dce8113c30617d7b34ddc", qop="auth", algorithm="MD5"
and the Digest scheme throws AuthenticationException then Basic scheme is used
but if the server responds just:
WWW-Authenticate: Digest realm="realmoftheserver", stale=false,
nonce="cc684f71295dce8113c30617d7b34ddc", qop="auth", algorithm="MD5"
and the Digest scheme throws AuthenticationException then the client enter the
loop
was:
- With 4.1.1: an infinite loop is entered if the exception is thrown.
Httpclient then keeps sending the request w/o Authentication header in the loop.
- With 4.2 Alpha1: the same as above if there is no other scheme available. So
for example, if the server responds:
{quote}
WWW-Authenticate: BASIC realm="realmoftheserver"
WWW-Authenticate: Digest realm="realmoftheserver", stale=false,
nonce="cc684f71295dce8113c30617d7b34ddc", qop="auth", algorithm="MD5"
{quote}
and the Digest scheme throws AuthenticationException then Basic scheme is used
but if the server responds just:
{quote}
WWW-Authenticate: Digest realm="realmoftheserver", stale=false,
nonce="cc684f71295dce8113c30617d7b34ddc", qop="auth", algorithm="MD5"
{quote}
and the Digest scheme throws AuthenticationException then the client enter the
loop
> Infinite loop if authenticate() method throws AuthenticationException
> ---------------------------------------------------------------------
>
> Key: HTTPCLIENT-1171
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1171
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Affects Versions: 4.2 Alpha1
> Reporter: Tomas Ruzicka
>
> - With 4.1.1: an infinite loop is entered if the exception is thrown.
> Httpclient then keeps sending the request w/o Authentication header in the
> loop.
> - With 4.2 Alpha1: the same as above *if there is no other scheme available*.
> So for example, if the server responds:
> WWW-Authenticate: BASIC realm="realmoftheserver"
> WWW-Authenticate: Digest realm="realmoftheserver", stale=false,
> nonce="cc684f71295dce8113c30617d7b34ddc", qop="auth", algorithm="MD5"
> and the Digest scheme throws AuthenticationException then Basic scheme is
> used but if the server responds just:
> WWW-Authenticate: Digest realm="realmoftheserver", stale=false,
> nonce="cc684f71295dce8113c30617d7b34ddc", qop="auth", algorithm="MD5"
> and the Digest scheme throws AuthenticationException then the client enter
> the loop
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
