[jira] [Commented] (HTTPCLIENT-1715) NTLMEngineImpl.Type1Message not thread safe but declared as a constant

[Gary Gregory (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1715?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15118837#comment-15118837
 ] 

Gary Gregory commented on HTTPCLIENT-1715:
------------------------------------------

Hi [~olegk]:

I read:

{code:java}
    /**
     * Creates the first message (type 1 message) in the NTLM authentication
     * sequence. This message includes the user name, domain and host for the
     * authentication session.
     *
     * @param host
     *            the computer name of the host requesting authentication.
     * @param domain
     *            The domain to authenticate with.
     * @return String the message to add to the HTTP request header.
     */
    static String getType1Message(final String host, final String domain) {
        // For compatibility reason do not include domain and host in type 1 
message
        //return new Type1Message(domain, host).getResponse();
        return TYPE_1_MESSAGE.getResponse();
    }
{code}

Reading "For compatibility reason", I wonder: Compatibility with what? Our 
version 3, 4? We could change this now in version 5. What is the best behavior?


> NTLMEngineImpl.Type1Message not thread safe but declared as a constant
> ----------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1715
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1715
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.5.1
>            Reporter: Olivier Lafontaine
>
> {{NTLMEngineImpl}} declares a {{static final}} member named 
> {{TYPE_1_MESSAGE}} of type {{Type1Message}}. Members of {{Type1Message}} are 
> final and do not change, but that is not the case for members of its 
> superclass {{NTLMMessage}}.
> Whenever the method {{NTLMEngineImpl#getType1Message(String, String)}} is 
> called, the method {{NTLMMessage#getResponse()}} get called on the 
> {{TYPE_1_MESSAGE}} instance and this modifies the following members of 
> {{NTLMMessage}}:
> * messageContents
> * currentOutputPosition
> This is not thread safe and we get exceptions as seen in HTTPCLIENT-1686.
> My guess is that the computed response string should be kept in a constant 
> instead of a {{Type1Message}} instance.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org