Erick created HTTPCLIENT-2170:
----------------------------------
Summary: NTLM Authentication not working when sending multiple
request concurrently
Key: HTTPCLIENT-2170
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2170
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient (classic)
Affects Versions: 5.1, 5.0.4
Environment: Java 1.8 and Android
Reporter: Erick
Attachments: NTLMTestSample.zip
We migrated our apache version from 4.5.x to 5.0.4 and we have encountered an
authentication error using NTLM.
We are making multiple requests in different threads to a NTLM secured server
concurrently such as:
{code:java}
private fun test_Standalone() { val username = "username" val password =
"password" val serverName = "localhost"
val requestUrls = arrayOf(
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/0/0/0";,
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/63/0/0";,
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11433";,
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13083/5716";,
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/1/0/0";,
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11432";,
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/14/6541/2858";,
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5716";,
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13083/5715";,
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11431";,
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5715";,
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/14/6541/2857";,
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26165/11434";,
"https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5717";
)
for(url in requestUrls) { makeRequestAsync(url, username, password)
}}
{code}
Some of the data request succeed but others fail with a *401 Unauthorized.*
**the output looks something like this:
{code:java}
<------[Thread-7] 401 :401 Unauthorized HTTP/1.1
<------[Thread-1] 401 :401 Unauthorized HTTP/1.1
<------[Thread-4] 401 :401 Unauthorized HTTP/1.1
<------[Thread-6] 401 :401 Unauthorized HTTP/1.1
<------[Thread-3] 401 :401 Unauthorized HTTP/1.1
<------[Thread-10] 401 :401 Unauthorized HTTP/1.1
<------[Thread-2] 401 :401 Unauthorized HTTP/1.1
<------[Thread-9] 401 :401 Unauthorized HTTP/1.1
<------[Thread-13] 401 :401 Unauthorized HTTP/1.1
<------[Thread-12] 401 :401 Unauthorized HTTP/1.1
<------[Thread-0] 401 :401 Unauthorized HTTP/1.1
<------[Thread-11] 401 :401 Unauthorized HTTP/1.1
<------[Thread-5] 401 :401 Unauthorized HTTP/1.1
<------[Thread-8] 200 :200 OK HTTP/1.1
{code}
Looking at the logs, it seems that the NTLM handshake fails for some request
**We found that by synchronizing the method
[ProtocolExec.execute()|https://github.com/apache/httpcomponents-client/blob/5.0.x/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java#L103],
all the NTLM authentication requests succeed and we are able to fetch the data
successfully.
Attached is some the repro java project that we are using.
The project only needs an NTLM server and credentials to run.
We tested version 5.1 and it was also reproducible.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
