[
https://issues.apache.org/jira/browse/HTTPCLIENT-1338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski updated HTTPCLIENT-1338:
------------------------------------------
Fix Version/s: 4.3 Beta2
Could you please provide wire / context logs before and after the regression?
Please also upgrade to 4.2.4 just in case.
Oleg
> Caching of digest credentials broken when server expires nonce (regression
> bug)
> --------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1338
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1338
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.2.3
> Reporter: F Carlsen
> Labels: digest, performance
> Fix For: 4.3 Beta2
>
>
> In 4.2.3 caching of digest authentication is broken after server issues new
> nonce.
> By default (when using a new local HttpContext for each request) the client
> will receive a 401 before every successful 200. To avoid this, the
> HttpContext must be reused between requests. This initializes the AuthCache
> and creates 1 DigestScheme instance, and subsequent requests will be
> "pre-authenticated" based on the first returned nonce from the server. One
> will then get one 401 first with server issued nonce, then subsequent
> requests will make use of this nonce to authenticate and avoid superfluous
> 401s. As the BasicHttpContext is not thread-safe it must be cached by thread
> if the client can issue requests on multiple threads.
> So far so good,
> However, when the server issues a new nonce (after it perhaps has expired or
> maybe been reverse proxied over to a different server instance) then it
> doesn't cache the updated nonce, but we end up trying to reuse the old one as
> long as we reuse an AuthCache. So caching the nonce from the server only
> works for a short while until the server decideds to change it, and
> thereafter it is back to getting a 401 for every request first before it
> succeeds.
> This happens because when it fails after nonce is expired it creates a new
> DigestScheme instance inside the TargetAuthenticationStrategy, but this new
> instance is only cached for the ongoing request (until 200 received) and
> afterwards discarded, while the reused HttpContext now has an AuthCache which
> references the old DigestScheme with the original nonce from the server. On
> subsequent tries we then end up reusing an old DigestScheme instance with an
> out-of-date nonce, but have no way detecting that the nonce was updated as
> this takes place wholly inside AbstractHttpClient, and it creates a new
> DigestScheme which isn't set in the reused HttpContext.
> The result is a performance issue, as it then has to issue two http calls for
> every request to succeed, even though the credentials provided are cached and
> available on the client.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
