[jira] [Commented] (HTTPCLIENT-1171) Infinite loop if authenticate() method throws AuthenticationException

Thu, 01 Mar 2012 07:12:22 -0800 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13220085#comment-13220085
 ] 

Tomas Ruzicka commented on HTTPCLIENT-1171:
-------------------------------------------

To answer your comment...

We implement our own Digest and other authentication methods by means of SSPI 
on Windows and this way we have the SSO feature. If the user enters credentials 
with user name containing e.g. Japanese characters (or if he doesn't enter 
credential but his Windows'user name contains it) then Digest SSP returns 
SEC_E_INTERNAL_ERROR, which in turn is translated in our code to 
AuthenticationException. That is how we found this bug. 
                
> Infinite loop if authenticate() method throws AuthenticationException
> ---------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1171
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1171
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>    Affects Versions: 4.1.3, 4.2 Alpha1
>            Reporter: Tomas Ruzicka
>
> - With 4.1.1: an infinite loop is entered if the exception is thrown. 
> Httpclient then keeps sending the request w/o Authentication header in the 
> loop.
> - With 4.2 Alpha1: the same as above *if there is no other scheme available*. 
> So for example, if the server responds:
> WWW-Authenticate: BASIC realm="realmoftheserver"
> WWW-Authenticate: Digest realm="realmoftheserver", stale=false, 
> nonce="cc684f71295dce8113c30617d7b34ddc", qop="auth", algorithm="MD5"
> and the Digest scheme throws AuthenticationException then Basic scheme is 
> used but if the server responds just:
> WWW-Authenticate: Digest realm="realmoftheserver", stale=false, 
> nonce="cc684f71295dce8113c30617d7b34ddc", qop="auth", algorithm="MD5"
> and the Digest scheme throws AuthenticationException then the client enter 
> the loop

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to