[jira] [Commented] (HTTPCLIENT-1545) Possible infinite loop when WindowsNegotiateScheme authentication fails

Mon, 13 Oct 2014 00:04:59 -0700 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14169024#comment-14169024
 ] 

Michael Osipov commented on HTTPCLIENT-1545:
--------------------------------------------

bq. If you prefer to throw {{SEC_E_TARGET_UNKNOWN}} in the unit test that's 
fine. The error code choice is pretty arbitrary.

Personally, I do that would correspond the the huge comment in the test class.

bq. Even though that 1) it's true that that the SPN should be dynamically 
generated and 2) the code is currently tagged as experimental, I'm hesitant to 
break an interface that is already used by existing clients of HttpClient-win - 
I don't like breaking existing interfaces. I guess we could deprecate that API 
first.

Exactly, *experimental* means it is in constant flux, do not rely on it, it 
could change/break anytime. This is neither beta or alpha. You have the right 
to improve/polish the API.

Regarding server-side support. I have all stuff available, MIT Kerberos with 
Subversion on Apache HTTPd, SPNEGO on Tomcat 6 with JGSS and SSPI on Windows 
Server. All is available for testing.

> Possible infinite loop when WindowsNegotiateScheme authentication fails
> -----------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1545
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1545
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.4 Alpha1
>         Environment: Windows
>            Reporter: Ka-Lok Fung
>             Fix For: 4.4 Beta1
>
>         Attachments: HTTPCLIENT-1545.WinXP.diff, HTTPCLIENT-1545.patch.diff, 
> HTTPCLIENT-1545.v2.patch.diff
>
>
> When {{WindowsNegotiateScheme}} authentication fails, it's possible for 
> HttpClient to retry the authentication in an endless loop because the 
> {{continueNeeded}} flag is not set to {{false}} when authentication fails.
> One possible way of causing authentication to fail is to use a service 
> principle name that is outside your Windows domain (e.g., HTTP/EXAMPLE.COM).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

Reply via email to