[
https://issues.apache.org/jira/browse/HTTPCLIENT-2170?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17401558#comment-17401558
]
Oleg Kalnichevski commented on HTTPCLIENT-2170:
-----------------------------------------------
> We found that by adding this line to the CachingHttpClients.custom() the
> request are working as expected
[[email protected]] [~Erick_001] I think this is not the case. Apparently your
original code was not re-using persistent connections. NTLM authenticated
connections carry a user identity and are treated as state-ful. A new
connection was created for each and every request, thus also triggering an NTLM
handshake for each and every request. Therefore, the defect, whatever it might
be, was much more likely to happen. With a custom `UserTokenHandler` your code
started to re-use NTLM authnticated connections and the frequency of NTLM
handshakes got massively reduced. The problem is now less likely to happen but
the root cause of it is still there.
Having said that, the problem might as well be on the server side and not on
the client's. At this point I cannot confirm this issue as a defect in
HttpClient.
Oleg
> NTLM Authentication not working when sending multiple request concurrently
> --------------------------------------------------------------------------
>
> Key: HTTPCLIENT-2170
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2170
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 5.0.4, 5.1
> Environment: Java 1.8 and Android
> Reporter: Erick
> Priority: Minor
> Labels: 5.04, 5.1, NTLM, http-client
> Attachments: NTLMTestSample.zip, NTLM_logs.txt
>
>
> We migrated our apache version from 4.5.x to 5.0.4 and we have encountered an
> authentication error using NTLM.
> We are making multiple requests in different threads to a NTLM secured server
> concurrently such as:
> {code:java}
> private fun test_Standalone() { val username = "username" val password
> = "password" val serverName = "localhost"
> val requestUrls = arrayOf(
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/0/0/0";,
>
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/63/0/0";,
>
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11433";,
>
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13083/5716";,
>
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/1/0/0";,
>
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11432";,
>
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/14/6541/2858";,
>
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5716";,
>
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13083/5715";,
>
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26166/11431";,
>
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5715";,
>
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/14/6541/2857";,
>
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/16/26165/11434";,
>
> "https://${serverName}/server/rest/services/CERT_Secured_Basemap/MapServer/tile/15/13082/5717";
> )
> for(url in requestUrls) { makeRequestAsync(url, username,
> password) }}
> {code}
> Some of the data request succeed but others fail with a *401 Unauthorized.*
> **the output looks something like this:
>
> {code:java}
> <------[Thread-7] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-1] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-4] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-6] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-3] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-10] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-2] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-9] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-13] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-12] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-0] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-11] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-5] 401 :401 Unauthorized HTTP/1.1
> <------[Thread-8] 200 :200 OK HTTP/1.1
> {code}
>
> Looking at the logs, it seems that the NTLM handshake fails for some request
> **We found that by synchronizing the method
> [ProtocolExec.execute()|https://github.com/apache/httpcomponents-client/blob/5.0.x/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java#L103],
> all the NTLM authentication requests succeed and we are able to fetch the
> data successfully.
>
> Attached is the repro java project that we are using.
> The project only needs an NTLM server and credentials to run.
>
> We tested version 5.1 and it was also reproducible.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
