[
https://issues.apache.org/jira/browse/HTTPCLIENT-1686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14935708#comment-14935708
]
Jim Cassidy commented on HTTPCLIENT-1686:
-----------------------------------------
Oleg,
I'm not directly accessing NTLMEngineImpl from multiple threads. I'm using
CloseableHttpClient from multiple threads, which is marked as thread safe.
However, CloseableHttpClient uses NLTMEngineImpl when authenticating to web
services via NTLM (Exchange Web Services, for instance). CloseableHttpClient
is marked as threadsafe, but since it's using NTLMScheme, et. al., it's failing
in this scenario.
Jim
> Threadsafe CloseableHttpClient uses non-threadsafe NTLMScheme, causing errors
> -----------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1686
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1686
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.5.1
> Environment: Java/OSX
> Reporter: Jim Cassidy
>
> The class org.apache.http.impl.client.CloseableHttpClient is marked as thread
> safe, but it may use org.apache.http.impl.auth.NTLMScheme during
> authentication (in this case, to Exchange's Exchange Web Services).
> NLTMScheme is not thread safe, and concurrent access can result in a crash
> when multiple threads access and modify the static NTLMEngineImpl
> Type1Message static private member, see stack trace below.
> I've verified a fix for this particular issue by removing the static
> Type1Message object and allocating a new one for each call to
> NTLMEngineImpl.getType1Message, but that's not necessarily sufficient to mark
> NTLMScheme as ThreadSafe.
> Stack trace:
> {noformat}
> Java.lang.ArrayIndexOutOfBoundsException: 40
> 0 = {StackTraceElement@8714}
> "org.apache.http.impl.auth.NTLMEngineImpl$NTLMMessage.addByte(NTLMEngineImpl.java:911)"
> 1 = {StackTraceElement@8715}
> "org.apache.http.impl.auth.NTLMEngineImpl$NTLMMessage.addULong(NTLMEngineImpl.java:941)"
> 2 = {StackTraceElement@8716}
> "org.apache.http.impl.auth.NTLMEngineImpl$Type1Message.getResponse(NTLMEngineImpl.java:1048)"
> 3 = {StackTraceElement@8717}
> "org.apache.http.impl.auth.NTLMEngineImpl.getType1Message(NTLMEngineImpl.java:148)"
> 4 = {StackTraceElement@8718}
> "org.apache.http.impl.auth.NTLMEngineImpl.generateType1Msg(NTLMEngineImpl.java:1628)"
> 5 = {StackTraceElement@8719}
> "org.apache.http.impl.auth.NTLMScheme.authenticate(NTLMScheme.java:139)"
> 6 = {StackTraceElement@8720}
> "org.apache.http.impl.auth.AuthSchemeBase.authenticate(AuthSchemeBase.java:138)"
> 7 = {StackTraceElement@8721}
> "org.apache.http.impl.auth.HttpAuthenticator.doAuth(HttpAuthenticator.java:239)"
> 8 = {StackTraceElement@8722}
> "org.apache.http.impl.auth.HttpAuthenticator.generateAuthResponse(HttpAuthenticator.java:202)"
> 9 = {StackTraceElement@8723}
> "org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:262)"
> 10 = {StackTraceElement@8724}
> "org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)"
> 11 = {StackTraceElement@8725}
> "org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)"
> 12 = {StackTraceElement@8726}
> "org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)"
> 13 = {StackTraceElement@8727}
> "org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)"
> 14 = {StackTraceElement@8728}
> "org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)"
> 15 = {StackTraceElement@8729}
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
