[jira] [Updated] (HTTPCLIENT-1619) BasicScheme.authenticate(...) is not thread save

Thu, 26 Feb 2015 01:44:00 -0800 

     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1619?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Grigori updated HTTPCLIENT-1619:
--------------------------------
    Description: 
// 1. create one HttpClient with multi thread connection manager:
{quote}
    HttpClientConnectionManager connManager = new 
PoolingHttpClientConnectionManager(...)

    HttpClient client = HttpClientBuilder.create()
        .setConnectionManager(connManager)
        ...
        .build();

    AuthSchemeBase auth = new BasicScheme();
    AuthCache authCache = new BasicAuthCache();
    authCache.put(host, auth);

    CredentialsProvider provider = ...;

    HttpClientContext context = HttpClientContext.create();
    context.setCredentialsProvider(provider);
    context.setAuthCache(authCache);
{quote}

// 2. do parallel requests:
{quote}
    // multi thread:
    HttpGet get = new HttpGet(requestUrl);
    HttpResponse resp = client.execute(host, get, context);
{quote}

In 4.3.5 sometimes gets random wrong header: "Authorization: Basic 
YXZ2dml0aXR...="
In 4.3.6 sometimes happens NullPointerException
Because {{org.apache.http.impl.auth.BasicScheme.authenticate(...)}} use *not 
thread save* {{base64codec}}:
{quote}
  org.apache.http.impl.auth.BasicScheme:165

      final byte[] base64password = base64codec.encode(
                EncodingUtils.getBytes(tmp.toString(), 
getCredentialsCharset(request)));
{quote}
  

This is fix for myself:
{quote}
AuthSchemeBase auth = new BasicScheme() \{
    @Override
    public Header authenticate(Credentials credentials, HttpRequest request, 
HttpContext context) throws AuthenticationException \{
      *synchronized* (this) \{
          return super.authenticate(credentials, request, context);
      }
    }
  }
{quote}

  was:
// 1. create one HttpClient with multi thread connection manager:
{quote}
    HttpClientConnectionManager connManager = new 
PoolingHttpClientConnectionManager(...)

    HttpClient client = HttpClientBuilder.create()
        .setConnectionManager(connManager)
        ...
        .build();

    AuthSchemeBase auth = new BasicScheme();
    AuthCache authCache = new BasicAuthCache();
    authCache.put(host, auth);

    CredentialsProvider provider = ...;

    HttpClientContext context = HttpClientContext.create();
    context.setCredentialsProvider(provider);
    context.setAuthCache(authCache);
{quote}

// 2. do parallel requests:
{quote}
    // multi thread:
    HttpGet get = new HttpGet(requestUrl);
    HttpResponse resp = client.execute(host, get, context);
{quote}

In 4.3.5 sometimes gets random wrong header: "Authorization: Basic 
YXZ2dml0aXR...="
In 4.3.6 sometimes happens NullPointerException
Because {{org.apache.http.impl.auth.BasicScheme.authenticate(...)}} use *not 
thread save* {{base64codec}}:
{quote}
  org.apache.http.impl.auth.BasicScheme:165

      final byte[] base64password = base64codec.encode(
                EncodingUtils.getBytes(tmp.toString(), 
getCredentialsCharset(request)));
{quote}
  


> BasicScheme.authenticate(...) is not thread save
> ------------------------------------------------
>
>                 Key: HTTPCLIENT-1619
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1619
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 4.3.5, 4.3.6
>            Reporter: Grigori
>
> // 1. create one HttpClient with multi thread connection manager:
> {quote}
>     HttpClientConnectionManager connManager = new 
> PoolingHttpClientConnectionManager(...)
>     HttpClient client = HttpClientBuilder.create()
>         .setConnectionManager(connManager)
>         ...
>         .build();
>     AuthSchemeBase auth = new BasicScheme();
>     AuthCache authCache = new BasicAuthCache();
>     authCache.put(host, auth);
>     CredentialsProvider provider = ...;
>     HttpClientContext context = HttpClientContext.create();
>     context.setCredentialsProvider(provider);
>     context.setAuthCache(authCache);
> {quote}
> // 2. do parallel requests:
> {quote}
>     // multi thread:
>     HttpGet get = new HttpGet(requestUrl);
>     HttpResponse resp = client.execute(host, get, context);
> {quote}
> In 4.3.5 sometimes gets random wrong header: "Authorization: Basic 
> YXZ2dml0aXR...="
> In 4.3.6 sometimes happens NullPointerException
> Because {{org.apache.http.impl.auth.BasicScheme.authenticate(...)}} use *not 
> thread save* {{base64codec}}:
> {quote}
>   org.apache.http.impl.auth.BasicScheme:165
>       final byte[] base64password = base64codec.encode(
>                 EncodingUtils.getBytes(tmp.toString(), 
> getCredentialsCharset(request)));
> {quote}
>   
> This is fix for myself:
> {quote}
> AuthSchemeBase auth = new BasicScheme() \{
>     @Override
>     public Header authenticate(Credentials credentials, HttpRequest request, 
> HttpContext context) throws AuthenticationException \{
>       *synchronized* (this) \{
>           return super.authenticate(credentials, request, context);
>       }
>     }
>   }
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to