[ https://issues.apache.org/jira/browse/HTTPCLIENT-1855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16189463#comment-16189463 ]
ASF subversion and git services commented on HTTPCLIENT-1855: ------------------------------------------------------------- Commit c82799f1eb29e3f74bac0c7be61c8f3e37d702e4 in httpcomponents-client's branch refs/heads/4.6.x from alessandro.gherardi [ https://git-wip-us.apache.org/repos/asf?p=httpcomponents-client.git;h=c82799f ] HTTPCLIENT-1855: Update DIGEST nonce counter in auth cache after auth challenge > Digest auth: Nonce counter not incremented after reuse > ------------------------------------------------------ > > Key: HTTPCLIENT-1855 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1855 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpClient (classic) > Affects Versions: 4.5.2 > Reporter: Alessandro Gherardi > Assignee: Oleg Kalnichevski > Fix For: 5.0 Alpha3 > > Attachments: HttpClientDigest.java, wireshark.txt > > > I have a client app using httpclient 4.5.2 with BasicCredentialsProvider and > BasicAuthCache. and web server that requires HTTP digest authentication. > The client sends 3 requests to the web server. > When the app sends the first request, the server returns an HTTP 401 with a > digest challenge. httpclient automatically retries the request with the > Authorization header. The header contains the nonce returned by the server > and a nonce counter (nc) of 1. The retry succeeds and httpclient caches the > DigestScheme. > For the second request, httpclient uses the cached DigestScheme to calculate > the Authorization header pre-emptively. The header contains the same nonce > and specifies a nonce counter of 2. The request succeed without requiring a > retry. > For the third request, httpclient uses the cached DigestScheme to calculate > the Authorization header pre-emptively. Even though the header contains the > same nonce, the nonce counter is set to 2 again. This causes the server to > return a 401. httpclient should have incremented the nonce counter to 3. > I believe that the root cause of this problem is that, although DigestScheme > increases the nonceCount field every time the authenticate() method is > called, HttpAuthenticator does not re-cache DigestScheme after reusing it. > The re-cache is needed because BasicAuthCache stores DigestScheme in > serialized format. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org