On Sun, 2013-07-07 at 03:42 -0700, Karl Wright wrote: > It is unlikely that messages are improperly encoded in ntlm handling > since they were compared directly in wireshark against modern Microsoft > products. So I would hesitate to include anything like that in a commit. > > Karl >
Hi Karl Those messages are used by test cases specifically to test the ability of HttpClient to handle malformed and out of sequence NTLM messages. I see no risk here. This in no way impacts productive code. Oleg > Sent from my Windows Phone > From: Ricardo Pereira (JIRA) > Sent: 7/6/2013 9:51 PM > To: [email protected] > Subject: [jira] [Updated] (HTTPCLIENT-1381) NullPointerException during > NTLM authentication using null workstation/domain > > [ > https://issues.apache.org/jira/browse/HTTPCLIENT-1381?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel > ] > > Ricardo Pereira updated HTTPCLIENT-1381: > ---------------------------------------- > > Attachment: HTTPCLIENT-1381_patch_tests > > Attached a patch (for trunk) with some changes to the NTLM tests: > - Adds a new (failing) test which uses NTLMv2 challenge message; > - Minor changes to use the same response handler; > - Renames some classes/methods (adds "Message" to "Type2" and adds > the version); > - Changes the NTLMv1 challenge message since it was not correctly > Base64 encoded (didn't affect the tests, though). > > > NullPointerException during NTLM authentication using null > > workstation/domain > > ----------------------------------------------------------------------------- > > > > Key: HTTPCLIENT-1381 > > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1381 > > Project: HttpComponents HttpClient > > Issue Type: Bug > > Components: HttpAuth > > Affects Versions: Snapshot > > Reporter: Ricardo Pereira > > Fix For: 4.2.6, 4.3 Beta3 > > > > Attachments: ClientNtlmProxyAuthentication.java, > > HTTPCLIENT-1381_patch_tests, wire.log > > > > > > Using NTCredentials with null workstation or null domain leads to a > > NullPointerException during the NTLM authentication. > > The workaround is to use an empty String for both the workstation and > > domain. > > Exception stack trace of an attempt to authenticate with null workstation: > > Exception in thread "main" java.lang.NullPointerException > > at > > org.apache.http.impl.auth.NTLMEngineImpl.stripDotSuffix(NTLMEngineImpl.java:186) > > at > > org.apache.http.impl.auth.NTLMEngineImpl.convertHost(NTLMEngineImpl.java:194) > > at > > org.apache.http.impl.auth.NTLMEngineImpl.access$14(NTLMEngineImpl.java:193) > > at > > org.apache.http.impl.auth.NTLMEngineImpl$Type1Message.<init>(NTLMEngineImpl.java:970) > > at > > org.apache.http.impl.auth.NTLMEngineImpl.getType1Message(NTLMEngineImpl.java:139) > > at > > org.apache.http.impl.auth.NTLMEngineImpl.generateType1Msg(NTLMEngineImpl.java:1608) > > at > > org.apache.http.impl.auth.NTLMScheme.authenticate(NTLMScheme.java:129) > > at > > org.apache.http.impl.auth.AuthSchemeBase.authenticate(AuthSchemeBase.java:136) > > at > > org.apache.http.impl.auth.HttpAuthenticator.doAuth(HttpAuthenticator.java:239) > > at > > org.apache.http.impl.auth.HttpAuthenticator.generateAuthResponse(HttpAuthenticator.java:202) > > at > > org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:251) > > at > > org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:176) > > at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:77) > > at > > org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:101) > > at > > org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) > > at > > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:115) > > at > > ClientNtlmProxyAuthentication.main(ClientNtlmProxyAuthentication.java:70) > > -- > This message is automatically generated by JIRA. > If you think it was sent incorrectly, please contact your JIRA administrators > For more information on JIRA, see: http://www.atlassian.com/software/jira > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
