[jira] [Commented] (HTTPCLIENT-2414) Wrong path prefix caching in BasicAuth

Mon, 09 Feb 2026 02:05:07 -0800 


    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-2414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18057319#comment-18057319
 ] 

Arturo Bernal commented on HTTPCLIENT-2414:
-------------------------------------------

As a workarround you could {*}disable auth caching{*}, so HttpClient won’t 
reuse the previous Basic scheme preemptively across paths.

 
{code:java}
final CloseableHttpClient client = HttpClients.custom()
        .disableAuthCaching()
        .build();

{code}

> Wrong path prefix caching in BasicAuth
> --------------------------------------
>
>                 Key: HTTPCLIENT-2414
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2414
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (classic)
>    Affects Versions: 5.7-alpha1
>            Reporter: Roland Praml
>            Priority: Major
>
> We noticed, that the HttpClient does not properly cache the authentications, 
> when changing paths.
>  
> The [https://datatracker.ietf.org/doc/html/rfc7617#section-2.2] says, that 
> you can reuse credentials, when you are authenticated to the path prefix 
> before.
> This does not work in all cases.
> *How to reproduce*
> Take the {{testBasicAuthenticationCredentialsCachingByPathPrefix}} test and 
> modify it:
> {code:java}
> ...
>   for (final String requestPath : new String[]\{"/blah/a", "/blubb/b"}) {
> ...
>   Assertions.assertEquals(Arrays.asList(401, 200, 401, 200) // fails with 
> 401,200, 200
> {code}
> The expectation is, that you get a 401+200 for {{/blah/a}} and a 401+200 for 
> {{/blubb/b}}.
> But for the second call, the credentials are sent, without checking the 
> path-prefix and we get a 401,200 - 200 pattern.
> I've tracked down this a bit and see, that the {{AuthExchange.pathPrefix}} is 
> cleared in the {{reset()}} method.
> Note: When accessing {{/blah/a}} two times in a row, everything works as 
> expected. The second access to {{/blah/a}} fixes the cached value:
> {code:java}
> ...
>   for (final String requestPath : new String[]\{"/blah/a", "/blah/a", 
> "/blubb/b"}) {
> ...
>   Assertions.assertEquals(Arrays.asList(401, 200, 200, 401, 200) // this will 
> work
> {code}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to