Marcin Krystianc created HTTPCLIENT-1938:
--------------------------------------------
Summary: OS resources leak in
HttpAuthenticator/WindowsNegotiateScheme
Key: HTTPCLIENT-1938
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1938
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient (Windows)
Affects Versions: 4.5.3
Reporter: Marcin Krystianc
I've discovered a resource leak in Http authentication process on Windows, when
Negotiate method is used. It manifests itself as a slow memory leak in
{{lsass.exe}} process. Every time a Negotiate authentication is performed a
handle to client credentials and a handle to security context are leaked. The
direct reason for it is that {{dispose()}} method from
{{WindowsNegotiateScheme}} class is never called.
As far I understand the interaction between {{HttpAuthenticator}} and
{{WindowsNegotiateScheme}}, it is caused by {{HttpAuthenticator}} not
processing final authentication header, as it goes directly to the {{SUCCESS}}
state. Without processing final authentication header,
{{WindowsNegotiateScheme}} class doesn't have a chance to complete security
context initialisation. which is the cause for not releasing OS resources.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
