[jira] [Resolved] (HTTPCLIENT-1619) BasicScheme.authenticate(...) is not thread save

Thu, 26 Feb 2015 01:01:17 -0800 

     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1619?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleg Kalnichevski resolved HTTPCLIENT-1619.
-------------------------------------------
    Resolution: Invalid

BasicScheme is clearly marked as @NotThreadSafe. It is not meant to be 
thread-safe.

BasicAuthCache in 4.3 is NOT thread-safe either. It is thread safe 4.4. Please 
consider upgrading.

Oleg

> BasicScheme.authenticate(...) is not thread save
> ------------------------------------------------
>
>                 Key: HTTPCLIENT-1619
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1619
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 4.3.5, 4.3.6
>            Reporter: Grigori
>
> // 1. create one HttpClient with multi thread connection manager:
> {quote}
>     HttpClientConnectionManager connManager = new 
> PoolingHttpClientConnectionManager(...)
>     HttpClient client = HttpClientBuilder.create()
>         .setConnectionManager(connManager)
>         ...
>         .build();
>     AuthSchemeBase auth = new BasicScheme();
>     AuthCache authCache = new BasicAuthCache();
>     authCache.put(host, auth);
>     CredentialsProvider provider = ...;
>     HttpClientContext context = HttpClientContext.create();
>     context.setCredentialsProvider(provider);
>     context.setAuthCache(authCache);
> {quote}
> // 2. do parallel requests:
> {quote}
>     // multi thread:
>     HttpGet get = new HttpGet(requestUrl);
>     HttpResponse resp = client.execute(host, get, context);
> {quote}
> In 4.3.5 sometimes gets random wrong header: "Authorization: Basic 
> YXZ2dml0aXR...="
> In 4.3.6 sometimes happens NullPointerException
> Because {{org.apache.http.impl.auth.BasicScheme.authenticate(...)}} use *not 
> thread save* {{base64codec}}:
> {quote}
>   org.apache.http.impl.auth.BasicScheme:165
>       final byte[] base64password = base64codec.encode(
>                 EncodingUtils.getBytes(tmp.toString(), 
> getCredentialsCharset(request)));
> {quote}
>   



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to