[
https://issues.apache.org/jira/browse/HTTPCLIENT-1715?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15118875#comment-15118875
]
Karl Wright edited comment on HTTPCLIENT-1715 at 1/27/16 8:44 AM:
------------------------------------------------------------------
Hi [~ggregory],
As you may know, this NTLM implementation was constructed from specifications
developed by reverse engineering the proprietary NTLM protocol on various
versions of Windows. There is no "best behavior" because everything has to be
tested against multiple windows versions. The reverse engineered specification
includes a place for domain and host in the Type 1 message, but many windows
versions do not seem to set these values, and we could not guarantee that
setting them would not cause trouble in some instances.
was (Author: [email protected]):
Hi Gary,
As you may know, this NTLM implementation was constructed from specifications
developed by reverse engineering the proprietary NTLM protocol on various
versions of Windows. There is no "best behavior" because everything has to be
tested against multiple windows versions. The reverse engineered specification
includes a place for domain and host in the Type 1 message, but many windows
versions do not seem to set these values, and we could not guarantee that
setting them would not cause trouble in some instances.
> NTLMEngineImpl.Type1Message not thread safe but declared as a constant
> ----------------------------------------------------------------------
>
> Key: HTTPCLIENT-1715
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1715
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.5.1
> Reporter: Olivier Lafontaine
> Assignee: Gary Gregory
> Fix For: 4.5.2, 5.0 Alpha2
>
>
> {{NTLMEngineImpl}} declares a {{static final}} member named
> {{TYPE_1_MESSAGE}} of type {{Type1Message}}. Members of {{Type1Message}} are
> final and do not change, but that is not the case for members of its
> superclass {{NTLMMessage}}.
> Whenever the method {{NTLMEngineImpl#getType1Message(String, String)}} is
> called, the method {{NTLMMessage#getResponse()}} get called on the
> {{TYPE_1_MESSAGE}} instance and this modifies the following members of
> {{NTLMMessage}}:
> * messageContents
> * currentOutputPosition
> This is not thread safe and we get exceptions as seen in HTTPCLIENT-1686.
> My guess is that the computed response string should be kept in a constant
> instead of a {{Type1Message}} instance.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
