[
https://issues.apache.org/jira/browse/HTTPCLIENT-1938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski resolved HTTPCLIENT-1938.
-------------------------------------------
Resolution: Won't Fix
NTML scheme has been deprecated and is no longer supported.
Oleg
> OS resources leak in HttpAuthenticator/WindowsNegotiateScheme
> -------------------------------------------------------------
>
> Key: HTTPCLIENT-1938
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1938
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (Windows)
> Affects Versions: 4.5.3
> Reporter: Marcin Krystianc
> Priority: Major
> Labels: Authentication, leak, negotiate, stuck, volunteers-wanted
>
> I've discovered a resource leak in Http authentication process on Windows,
> when Negotiate method is used. It manifests itself as a slow memory leak in
> {{lsass.exe}} process. Every time a Negotiate authentication is performed a
> handle to client credentials and a handle to security context are leaked.
> The direct reason for it is that {{dispose()}} method from
> {{WindowsNegotiateScheme}} class is never called.
> As far I understand the interaction between {{HttpAuthenticator}} and
> {{WindowsNegotiateScheme}}, it is caused by {{HttpAuthenticator}} not
> processing final authentication header, as it goes directly to the
> {{SUCCESS}} state. Without processing final authentication header,
> {{WindowsNegotiateScheme}} class doesn't have a chance to complete security
> context initialisation. which is the cause for not releasing OS resources.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
