Roland Praml created HTTPCLIENT-2414:
----------------------------------------
Summary: Wrong path prefix caching in BasicAuth
Key: HTTPCLIENT-2414
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2414
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient (classic)
Affects Versions: 5.7-alpha1
Reporter: Roland Praml
We noticed, that the HttpClient does not properly cache the authentications,
when changing paths.
The [https://datatracker.ietf.org/doc/html/rfc7617#section-2.2] says, that you
can reuse credentials, when you are authenticated to the path prefix before.
This does not work in all cases.
*How to reproduce*
Take the {{testBasicAuthenticationCredentialsCachingByPathPrefix}} test and
modify it:
{code:java}
...
for (final String requestPath : new String[]\{"/blah/a", "/blubb/b"}) {
...
Assertions.assertEquals(Arrays.asList(401, 200, 401, 200) // fails with
401,200, 200
{code}
The expectation is, that you get a 401+200 for {{/blah/a}} and a 401+200 for
{{/blubb/b}}.
But for the second call, the credentials are sent, without checking the
path-prefix and we get a 401,200 - 200 pattern.
I've tracked down this a bit and see, that the {{AuthExchange.pathPrefix}} is
cleared in the {{reset()}} method.
Note: When accessing {{/blah/a}} two times in a row, everything works as
expected. The second access to {{/blah/a}} fixes the cached value:
{code:java}
...
for (final String requestPath : new String[]\{"/blah/a", "/blah/a",
"/blubb/b"}) {
...
Assertions.assertEquals(Arrays.asList(401, 200, 200, 401, 200) // this will
work
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
