Axis2
  1. Axis2
  2. AXIS2-5094

User with invalid credentials are authenticated for NTLM authentication.

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Critical Critical
    • Resolution: Unresolved
    • Affects Version/s: 1.5
    • Fix Version/s: None
    • Component/s: transports
    • Labels:
      None

      Description

      NTLM authentication is per connection. Since 1.5 onward connection is cached, so once a user is authenticated another user with invalid credentials is also getting same authenticated connection.

      If we create new MultiThreadedHttpConnectionManager for authenticate request; issue will be fixed. I did the following changes in AbstractHTTPSender#getHttpClient

      HttpConnectionManager connManager = null;
      Object obj = msgContext.getProperty(HTTPConstants.AUTHENTICATE);
      if (obj !=null)

      { connManager = new MultiThreadedHttpConnectionManager(); }

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            shivendra tripathi
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:

              Development