[
https://issues.apache.org/jira/browse/HTTPCLIENT-1686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15117670#comment-15117670
]
Olivier Lafontaine commented on HTTPCLIENT-1686:
------------------------------------------------
I'v created HTTPCLIENT-1715 hoping this will get fixed sooner than later.
> Threadsafe CloseableHttpClient uses non-threadsafe NTLMScheme, causing errors
> -----------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1686
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1686
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.5.1
> Environment: Java/OSX
> Reporter: Jim Cassidy
>
> The class org.apache.http.impl.client.CloseableHttpClient is marked as thread
> safe, but it may use org.apache.http.impl.auth.NTLMScheme during
> authentication (in this case, to Exchange's Exchange Web Services).
> NLTMScheme is not thread safe, and concurrent access can result in a crash
> when multiple threads access and modify the static NTLMEngineImpl
> Type1Message static private member, see stack trace below.
> I've verified a fix for this particular issue by removing the static
> Type1Message object and allocating a new one for each call to
> NTLMEngineImpl.getType1Message, but that's not necessarily sufficient to mark
> NTLMScheme as ThreadSafe.
> Stack trace:
> {noformat}
> Java.lang.ArrayIndexOutOfBoundsException: 40
> 0 = {StackTraceElement@8714}
> "org.apache.http.impl.auth.NTLMEngineImpl$NTLMMessage.addByte(NTLMEngineImpl.java:911)"
> 1 = {StackTraceElement@8715}
> "org.apache.http.impl.auth.NTLMEngineImpl$NTLMMessage.addULong(NTLMEngineImpl.java:941)"
> 2 = {StackTraceElement@8716}
> "org.apache.http.impl.auth.NTLMEngineImpl$Type1Message.getResponse(NTLMEngineImpl.java:1048)"
> 3 = {StackTraceElement@8717}
> "org.apache.http.impl.auth.NTLMEngineImpl.getType1Message(NTLMEngineImpl.java:148)"
> 4 = {StackTraceElement@8718}
> "org.apache.http.impl.auth.NTLMEngineImpl.generateType1Msg(NTLMEngineImpl.java:1628)"
> 5 = {StackTraceElement@8719}
> "org.apache.http.impl.auth.NTLMScheme.authenticate(NTLMScheme.java:139)"
> 6 = {StackTraceElement@8720}
> "org.apache.http.impl.auth.AuthSchemeBase.authenticate(AuthSchemeBase.java:138)"
> 7 = {StackTraceElement@8721}
> "org.apache.http.impl.auth.HttpAuthenticator.doAuth(HttpAuthenticator.java:239)"
> 8 = {StackTraceElement@8722}
> "org.apache.http.impl.auth.HttpAuthenticator.generateAuthResponse(HttpAuthenticator.java:202)"
> 9 = {StackTraceElement@8723}
> "org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:262)"
> 10 = {StackTraceElement@8724}
> "org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)"
> 11 = {StackTraceElement@8725}
> "org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)"
> 12 = {StackTraceElement@8726}
> "org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)"
> 13 = {StackTraceElement@8727}
> "org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)"
> 14 = {StackTraceElement@8728}
> "org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)"
> 15 = {StackTraceElement@8729}
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
