[jira] [Resolved] (HTTPCLIENT-1490) auth caches do not take auth realm into account

Fri, 06 Jun 2014 00:41:18 -0700 

     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleg Kalnichevski resolved HTTPCLIENT-1490.
-------------------------------------------

       Resolution: Invalid
    Fix Version/s:     (was: 4.4 Alpha1)

What I said on the mailing list tuned out wrong. When authenticating 
pre-emptively using cached credentials HttpClient cannot take auth realm into 
account because it is simply not known. Only when explicitly challenged 
HttpClient can extract a realm from the auth challenge. 

I added a test case to SVN trunk [1] verifying that HttpClient can successfully 
re-authenticate in case of unsuccessful pre-emptive authentication with auth 
response form a different realm

{noformat}
2014/06/05 21:24:55:912 CEST [DEBUG] RequestAddCookies - CookieSpec selected: 
best-match
2014/06/05 21:24:55:942 CEST [DEBUG] RequestAuthCache - Auth cache not set in 
the context
2014/06/05 21:24:55:944 CEST [DEBUG] PoolingHttpClientConnectionManager - 
Connection request: [route: {}->http://localhost:38870][total kept alive: 0; 
route allocated: 0 of 2; total allocated: 0 of 20]
2014/06/05 21:24:55:968 CEST [DEBUG] PoolingHttpClientConnectionManager - 
Connection leased: [id: 0][route: {}->http://localhost:38870][total kept alive: 
0; route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:55:971 CEST [DEBUG] MainClientExec - Opening connection 
{}->http://localhost:38870
2014/06/05 21:24:55:975 CEST [DEBUG] DefaultHttpClientConnectionOperator - 
Connecting to localhost/127.0.0.1:38870
2014/06/05 21:24:55:977 CEST [DEBUG] DefaultHttpClientConnectionOperator - 
Connection established 127.0.0.1:60307<->127.0.0.1:38870
2014/06/05 21:24:55:978 CEST [DEBUG] MainClientExec - Executing request GET 
/this HTTP/1.1
2014/06/05 21:24:55:978 CEST [DEBUG] MainClientExec - Target auth state: 
UNCHALLENGED
2014/06/05 21:24:55:980 CEST [DEBUG] MainClientExec - Proxy auth state: 
UNCHALLENGED
2014/06/05 21:24:55:983 CEST [DEBUG] headers - http-outgoing-0 >> GET /this 
HTTP/1.1
2014/06/05 21:24:55:983 CEST [DEBUG] headers - http-outgoing-0 >> Host: 
localhost:38870
2014/06/05 21:24:55:983 CEST [DEBUG] headers - http-outgoing-0 >> Connection: 
Keep-Alive
2014/06/05 21:24:55:984 CEST [DEBUG] headers - http-outgoing-0 >> User-Agent: 
Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:55:984 CEST [DEBUG] headers - http-outgoing-0 >> 
Accept-Encoding: gzip,deflate
2014/06/05 21:24:55:989 CEST [DEBUG] headers - http-outgoing-0 << HTTP/1.1 401 
Unauthorized
2014/06/05 21:24:55:990 CEST [DEBUG] headers - http-outgoing-0 << 
WWW-Authenticate: Basic realm="this realm"
2014/06/05 21:24:55:990 CEST [DEBUG] headers - http-outgoing-0 << Date: Thu, 05 
Jun 2014 19:24:55 GMT
2014/06/05 21:24:55:991 CEST [DEBUG] headers - http-outgoing-0 << 
Content-Length: 0
2014/06/05 21:24:55:991 CEST [DEBUG] headers - http-outgoing-0 << Connection: 
Keep-Alive
2014/06/05 21:24:55:996 CEST [DEBUG] MainClientExec - Connection can be kept 
alive indefinitely
2014/06/05 21:24:55:996 CEST [DEBUG] HttpAuthenticator - Authentication required
2014/06/05 21:24:55:997 CEST [DEBUG] HttpAuthenticator - localhost:38870 
requested authentication
2014/06/05 21:24:55:998 CEST [DEBUG] 
TestClientAuthentication$TestTargetAuthenticationStrategy - Authentication 
schemes in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
2014/06/05 21:24:55:998 CEST [DEBUG] 
TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for 
negotiate authentication scheme not available
2014/06/05 21:24:56:000 CEST [DEBUG] 
TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for 
Kerberos authentication scheme not available
2014/06/05 21:24:56:000 CEST [DEBUG] 
TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for NTLM 
authentication scheme not available
2014/06/05 21:24:56:001 CEST [DEBUG] 
TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for 
Digest authentication scheme not available
2014/06/05 21:24:56:006 CEST [DEBUG] HttpAuthenticator - Selected 
authentication options: [BASIC [complete=true]]
2014/06/05 21:24:56:007 CEST [DEBUG] MainClientExec - Executing request GET 
/this HTTP/1.1
2014/06/05 21:24:56:008 CEST [DEBUG] MainClientExec - Target auth state: 
CHALLENGED
2014/06/05 21:24:56:008 CEST [DEBUG] HttpAuthenticator - Generating response to 
an authentication challenge using basic scheme
2014/06/05 21:24:56:012 CEST [DEBUG] MainClientExec - Proxy auth state: 
UNCHALLENGED
2014/06/05 21:24:56:012 CEST [DEBUG] headers - http-outgoing-0 >> GET /this 
HTTP/1.1
2014/06/05 21:24:56:012 CEST [DEBUG] headers - http-outgoing-0 >> Host: 
localhost:38870
2014/06/05 21:24:56:013 CEST [DEBUG] headers - http-outgoing-0 >> Connection: 
Keep-Alive
2014/06/05 21:24:56:013 CEST [DEBUG] headers - http-outgoing-0 >> User-Agent: 
Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:013 CEST [DEBUG] headers - http-outgoing-0 >> 
Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:014 CEST [DEBUG] headers - http-outgoing-0 >> 
Authorization: Basic dGVzdDp0aGlz
2014/06/05 21:24:56:017 CEST [DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 
OK
2014/06/05 21:24:56:017 CEST [DEBUG] headers - http-outgoing-0 << Date: Thu, 05 
Jun 2014 19:24:55 GMT
2014/06/05 21:24:56:018 CEST [DEBUG] headers - http-outgoing-0 << 
Content-Length: 7
2014/06/05 21:24:56:018 CEST [DEBUG] headers - http-outgoing-0 << Content-Type: 
text/plain; charset=US-ASCII
2014/06/05 21:24:56:018 CEST [DEBUG] headers - http-outgoing-0 << Connection: 
Keep-Alive
2014/06/05 21:24:56:019 CEST [DEBUG] MainClientExec - Connection can be kept 
alive indefinitely
2014/06/05 21:24:56:019 CEST [DEBUG] HttpAuthenticator - Authentication 
succeeded
2014/06/05 21:24:56:020 CEST [DEBUG] 
TestClientAuthentication$TestTargetAuthenticationStrategy - Caching 'basic' 
auth scheme for http://localhost:38870
2014/06/05 21:24:56:024 CEST [DEBUG] PoolingHttpClientConnectionManager - 
Connection [id: 0][route: {}->http://localhost:38870] can be kept alive 
indefinitely
2014/06/05 21:24:56:025 CEST [DEBUG] PoolingHttpClientConnectionManager - 
Connection released: [id: 0][route: {}->http://localhost:38870][total kept 
alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:56:026 CEST [DEBUG] RequestAddCookies - CookieSpec selected: 
best-match
2014/06/05 21:24:56:026 CEST [DEBUG] PoolingHttpClientConnectionManager - 
Connection request: [route: {}->http://localhost:38870][total kept alive: 1; 
route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:56:027 CEST [DEBUG] PoolingHttpClientConnectionManager - 
Connection leased: [id: 0][route: {}->http://localhost:38870][total kept alive: 
0; route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:56:027 CEST [DEBUG] MainClientExec - Stale connection check
2014/06/05 21:24:56:029 CEST [DEBUG] MainClientExec - Executing request GET 
/this HTTP/1.1
2014/06/05 21:24:56:029 CEST [DEBUG] MainClientExec - Target auth state: SUCCESS
2014/06/05 21:24:56:029 CEST [DEBUG] MainClientExec - Proxy auth state: 
UNCHALLENGED
2014/06/05 21:24:56:029 CEST [DEBUG] headers - http-outgoing-0 >> GET /this 
HTTP/1.1
2014/06/05 21:24:56:030 CEST [DEBUG] headers - http-outgoing-0 >> Host: 
localhost:38870
2014/06/05 21:24:56:030 CEST [DEBUG] headers - http-outgoing-0 >> Connection: 
Keep-Alive
2014/06/05 21:24:56:030 CEST [DEBUG] headers - http-outgoing-0 >> User-Agent: 
Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:031 CEST [DEBUG] headers - http-outgoing-0 >> 
Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:031 CEST [DEBUG] headers - http-outgoing-0 >> 
Authorization: Basic dGVzdDp0aGlz
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 
OK
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << Date: Thu, 05 
Jun 2014 19:24:55 GMT
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << 
Content-Length: 7
2014/06/05 21:24:56:032 CEST [DEBUG] headers - http-outgoing-0 << Content-Type: 
text/plain; charset=US-ASCII
2014/06/05 21:24:56:033 CEST [DEBUG] headers - http-outgoing-0 << Connection: 
Keep-Alive
2014/06/05 21:24:56:033 CEST [DEBUG] MainClientExec - Connection can be kept 
alive indefinitely
2014/06/05 21:24:56:033 CEST [DEBUG] RequestAddCookies - CookieSpec selected: 
best-match
2014/06/05 21:24:56:034 CEST [DEBUG] PoolingHttpClientConnectionManager - 
Connection request: [route: {}->http://localhost:38870][total kept alive: 0; 
route allocated: 1 of 2; total allocated: 1 of 20]
2014/06/05 21:24:56:034 CEST [DEBUG] PoolingHttpClientConnectionManager - 
Connection leased: [id: 1][route: {}->http://localhost:38870][total kept alive: 
0; route allocated: 2 of 2; total allocated: 2 of 20]
2014/06/05 21:24:56:035 CEST [DEBUG] MainClientExec - Opening connection 
{}->http://localhost:38870
2014/06/05 21:24:56:035 CEST [DEBUG] DefaultHttpClientConnectionOperator - 
Connecting to localhost/127.0.0.1:38870
2014/06/05 21:24:56:036 CEST [DEBUG] DefaultHttpClientConnectionOperator - 
Connection established 127.0.0.1:60308<->127.0.0.1:38870
2014/06/05 21:24:56:036 CEST [DEBUG] MainClientExec - Executing request GET 
/that HTTP/1.1
2014/06/05 21:24:56:036 CEST [DEBUG] MainClientExec - Target auth state: SUCCESS
2014/06/05 21:24:56:037 CEST [DEBUG] MainClientExec - Proxy auth state: 
UNCHALLENGED
2014/06/05 21:24:56:037 CEST [DEBUG] headers - http-outgoing-1 >> GET /that 
HTTP/1.1
2014/06/05 21:24:56:037 CEST [DEBUG] headers - http-outgoing-1 >> Host: 
localhost:38870
2014/06/05 21:24:56:038 CEST [DEBUG] headers - http-outgoing-1 >> Connection: 
Keep-Alive
2014/06/05 21:24:56:038 CEST [DEBUG] headers - http-outgoing-1 >> User-Agent: 
Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:038 CEST [DEBUG] headers - http-outgoing-1 >> 
Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:039 CEST [DEBUG] headers - http-outgoing-1 >> 
Authorization: Basic dGVzdDp0aGlz
2014/06/05 21:24:56:039 CEST [DEBUG] headers - http-outgoing-1 << HTTP/1.1 401 
Unauthorized
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << 
WWW-Authenticate: Basic realm="that realm"
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << Date: Thu, 05 
Jun 2014 19:24:55 GMT
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << 
Content-Length: 0
2014/06/05 21:24:56:040 CEST [DEBUG] headers - http-outgoing-1 << Connection: 
Keep-Alive
2014/06/05 21:24:56:041 CEST [DEBUG] MainClientExec - Connection can be kept 
alive indefinitely
2014/06/05 21:24:56:041 CEST [DEBUG] HttpAuthenticator - Authentication required
2014/06/05 21:24:56:041 CEST [DEBUG] 
TestClientAuthentication$TestTargetAuthenticationStrategy - Clearing cached 
auth scheme for http://localhost:38870
2014/06/05 21:24:56:042 CEST [DEBUG] HttpAuthenticator - localhost:38870 
requested authentication
2014/06/05 21:24:56:043 CEST [DEBUG] 
TestClientAuthentication$TestTargetAuthenticationStrategy - Authentication 
schemes in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
2014/06/05 21:24:56:044 CEST [DEBUG] 
TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for 
negotiate authentication scheme not available
2014/06/05 21:24:56:044 CEST [DEBUG] 
TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for 
Kerberos authentication scheme not available
2014/06/05 21:24:56:045 CEST [DEBUG] 
TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for NTLM 
authentication scheme not available
2014/06/05 21:24:56:045 CEST [DEBUG] 
TestClientAuthentication$TestTargetAuthenticationStrategy - Challenge for 
Digest authentication scheme not available
2014/06/05 21:24:56:046 CEST [DEBUG] HttpAuthenticator - Selected 
authentication options: [BASIC [complete=true]]
2014/06/05 21:24:56:047 CEST [DEBUG] MainClientExec - Executing request GET 
/that HTTP/1.1
2014/06/05 21:24:56:047 CEST [DEBUG] MainClientExec - Target auth state: 
CHALLENGED
2014/06/05 21:24:56:047 CEST [DEBUG] HttpAuthenticator - Generating response to 
an authentication challenge using basic scheme
2014/06/05 21:24:56:048 CEST [DEBUG] MainClientExec - Proxy auth state: 
UNCHALLENGED
2014/06/05 21:24:56:049 CEST [DEBUG] headers - http-outgoing-1 >> GET /that 
HTTP/1.1
2014/06/05 21:24:56:049 CEST [DEBUG] headers - http-outgoing-1 >> Host: 
localhost:38870
2014/06/05 21:24:56:049 CEST [DEBUG] headers - http-outgoing-1 >> Connection: 
Keep-Alive
2014/06/05 21:24:56:050 CEST [DEBUG] headers - http-outgoing-1 >> User-Agent: 
Apache-HttpClient/4.4-alpha1-SNAPSHOT (Java 1.5 minimum; Java/1.7.0_21)
2014/06/05 21:24:56:051 CEST [DEBUG] headers - http-outgoing-1 >> 
Accept-Encoding: gzip,deflate
2014/06/05 21:24:56:051 CEST [DEBUG] headers - http-outgoing-1 >> 
Authorization: Basic dGVzdDp0aGF0
2014/06/05 21:24:56:059 CEST [DEBUG] headers - http-outgoing-1 << HTTP/1.1 200 
OK
2014/06/05 21:24:56:059 CEST [DEBUG] headers - http-outgoing-1 << Date: Thu, 05 
Jun 2014 19:24:55 GMT
2014/06/05 21:24:56:059 CEST [DEBUG] headers - http-outgoing-1 << 
Content-Length: 7
2014/06/05 21:24:56:060 CEST [DEBUG] headers - http-outgoing-1 << Content-Type: 
text/plain; charset=US-ASCII
2014/06/05 21:24:56:060 CEST [DEBUG] headers - http-outgoing-1 << Connection: 
Keep-Alive
2014/06/05 21:24:56:061 CEST [DEBUG] MainClientExec - Connection can be kept 
alive indefinitely
2014/06/05 21:24:56:061 CEST [DEBUG] HttpAuthenticator - Authentication 
succeeded
2014/06/05 21:24:56:062 CEST [DEBUG] 
TestClientAuthentication$TestTargetAuthenticationStrategy - Caching 'basic' 
auth scheme for http://localhost:38870
2014/06/05 21:24:56:062 CEST [DEBUG] PoolingHttpClientConnectionManager - 
Connection manager is shutting down
2014/06/05 21:24:56:063 CEST [DEBUG] DefaultManagedHttpClientConnection - 
http-outgoing-1: Close connection
2014/06/05 21:24:56:064 CEST [DEBUG] DefaultManagedHttpClientConnection - 
http-outgoing-0: Close connection
2014/06/05 21:24:56:064 CEST [DEBUG] DefaultManagedHttpClientConnection - 
http-outgoing-1: Close connection
2014/06/05 21:24:56:065 CEST [DEBUG] DefaultManagedHttpClientConnection - 
http-outgoing-0: Close connection
2014/06/05 21:24:56:065 CEST [DEBUG] PoolingHttpClientConnectionManager - 
Connection manager shut down
{noformat}

Please consider upgrading to HC 4.3
 
Oleg


[1] http://svn.apache.org/r1600737

> auth caches do not take auth realm into account
> -----------------------------------------------
>
>                 Key: HTTPCLIENT-1490
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1490
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 4.3.3
>         Environment: HttpClient 4.1.1
>            Reporter: Daniel Kugel
>
> HttpClient does not take into account different realms for the same host and 
> as a result the wrong credentials are sent during the authentication process.
> When the host is first authenticated with one set of credentials it is sent 
> again when authentication is requested although the realm has changed and a 
> different set of credentials should be used for the new realm.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to