[GRADLE-2650] HttpClient forces connection reset while attempting NTLM proxy authentication Created: 23/Jan/13 Updated: 06/Feb/15 Resolved: 24/Jan/13 |
|
| Status: | Resolved |
| Project: | Gradle |
| Affects Version/s: | None |
| Fix Version/s: | 1.4-rc-3 |
| Type: | Bug | ||
| Reporter: | Daz DeBoer | Assignee: | Unassigned |
| Resolution: | Fixed | Votes: | 0 |
| Known Issue Of: |
| Description |
|
As related in the forums, certain configuration of authenticating proxy can cause HttpClient to enter an infinite loop, repeatedly re-attempting authentication of the same url. Examining some log files in detail, it appears that the HttpClient is being reset in the middle of NTLM authentication: the first NTLM authorisation header is being sent and subsequent challenge is received, but the second authorisation request is never sent in response to the challenge. At this point the debug logs for 1.4-rc-2 look like: 07:45:59.564 [DEBUG] [org.apache.http.impl.client.SystemDefaultHttpClient] Authorization challenge processed 07:45:59.565 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnection] Connection 0.0.0.0:58759<->XX.XX.XX.XX:8080 closed 07:45:59.565 [DEBUG] [org.apache.http.impl.client.SystemDefaultHttpClient] Resetting proxy auth state 07:45:59.565 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to proxy2-eu.XXX.com:8080 07:45:59.567 [DEBUG] [org.apache.http.client.protocol.RequestAuthCache] Auth cache not set in the context 07:45:59.568 [DEBUG] [org.apache.http.client.protocol.RequestTargetAuthentication] Target auth state: UNCHALLENGED 07:45:59.568 [DEBUG] [org.apache.http.client.protocol.RequestProxyAuthentication] Proxy auth state: UNCHALLENGED while the debug logs for 1.3 look like: 07:49:55.378 [DEBUG] [org.apache.http.impl.client.SystemDefaultHttpClient] Authorization challenge processed 07:49:55.379 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnection] Connection 0.0.0.0:59864<->XX.XX.XX.XX:8080 closed 07:49:55.379 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to proxy2-eu.XXX.com:8080 07:49:55.381 [DEBUG] [org.apache.http.client.protocol.RequestAuthCache] Auth cache not set in the context 07:49:55.382 [DEBUG] [org.apache.http.client.protocol.RequestTargetAuthentication] Target auth state: UNCHALLENGED 07:49:55.382 [DEBUG] [org.apache.http.client.protocol.RequestProxyAuthentication] Proxy auth state: HANDSHAKE The following line looks suspicious in 1.4: 07:45:59.565 [DEBUG] [org.apache.http.impl.client.SystemDefaultHttpClient] Resetting proxy auth state I think this might be related to the following fix that was put into HttpClient 4.2.3 (which we are not using):
|
| Comments |
| Comment by Daz DeBoer [ 24/Jan/13 ] |
|
HttpClient 4.2.2 does not correctly treat the default value of http.keepAlive ("true"). So if the system property is not set, "false" is assumed. When http.keepAlive is "false", then proxy authentication is reset when a connection is closed, as happens in the middle of a 2 phase authentication protocol like NTLM. When this happens, HttpClient reattempts the entire authentication process, leading to an infinite loop. Gradle works-around this bug by always setting the "http.keepAlive" system property to "true". |
| Comment by vijay gudimella [ 05/Dec/13 ] |
|
This is still a problem in 1.9 (it failed even in 1.6). Same dependencies requested from Maven, Leiningen works fine. 2:38:23.696 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to XX.XX.XX.XX:8080 |