Uploaded image for project: 'Gradle'
  1. Gradle
  2. GRADLE-2650

HttpClient forces connection reset while attempting NTLM proxy authentication

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.4-rc-3

      Description

      As related in the forums, certain configuration of authenticating proxy can cause HttpClient to enter an infinite loop, repeatedly re-attempting authentication of the same url.

      Examining some log files in detail, it appears that the HttpClient is being reset in the middle of NTLM authentication: the first NTLM authorisation header is being sent and subsequent challenge is received, but the second authorisation request is never sent in response to the challenge.

      At this point the debug logs for 1.4-rc-2 look like:

      07:45:59.564 [DEBUG] [org.apache.http.impl.client.SystemDefaultHttpClient] Authorization challenge processed
      07:45:59.565 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnection] Connection 0.0.0.0:58759<->XX.XX.XX.XX:8080 closed
      07:45:59.565 [DEBUG] [org.apache.http.impl.client.SystemDefaultHttpClient] Resetting proxy auth state
      07:45:59.565 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to proxy2-eu.XXX.com:8080
      07:45:59.567 [DEBUG] [org.apache.http.client.protocol.RequestAuthCache] Auth cache not set in the context
      07:45:59.568 [DEBUG] [org.apache.http.client.protocol.RequestTargetAuthentication] Target auth state: UNCHALLENGED
      07:45:59.568 [DEBUG] [org.apache.http.client.protocol.RequestProxyAuthentication] Proxy auth state: UNCHALLENGED
      

      while the debug logs for 1.3 look like:

      07:49:55.378 [DEBUG] [org.apache.http.impl.client.SystemDefaultHttpClient] Authorization challenge processed
      07:49:55.379 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnection] Connection 0.0.0.0:59864<->XX.XX.XX.XX:8080 closed
      07:49:55.379 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to proxy2-eu.XXX.com:8080
      07:49:55.381 [DEBUG] [org.apache.http.client.protocol.RequestAuthCache] Auth cache not set in the context
      07:49:55.382 [DEBUG] [org.apache.http.client.protocol.RequestTargetAuthentication] Target auth state: UNCHALLENGED
      07:49:55.382 [DEBUG] [org.apache.http.client.protocol.RequestProxyAuthentication] Proxy auth state: HANDSHAKE
      

      The following line looks suspicious in 1.4:

      07:45:59.565 [DEBUG] [org.apache.http.impl.client.SystemDefaultHttpClient] Resetting proxy auth state
      

      I think this might be related to the following fix that was put into HttpClient 4.2.3 (which we are not using):

      • SystemDefaultHttpClient misinterprets 'http.keepAlive' default value and disables
        connection persistence if the system property is not set. This causes connection
        based authentication schemes such as NTLM to fail.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              daz Daz DeBoer
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: