HttpComponents HttpClient
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1168

HTTPClient doesn't send authentication header in threaded environment

    Details

      Description

      Using HTTPClient with multiple threads and basic authentication seems to create a race condition. The request headers sometimes don't contain the authorization entry, which results in a 401 (although the username and password credentials are correctly set).

        Activity

        Lennart Diedrich created issue -
        Hide
        Lennart Diedrich added a comment -

        Simple test to demonstrate the issue.

        Show
        Lennart Diedrich added a comment - Simple test to demonstrate the issue.
        Lennart Diedrich made changes -
        Field Original Value New Value
        Attachment ThreadedHttpBasicAuthTest.java [ 12516190 ]
        Hide
        Oleg Kalnichevski added a comment -

        Lennart,

        The race condition is caused by HttpContext instance being shared for all threads of execution. While theoretically HttpContext can be shared by multiple execution threads, authentication state clearly cannot.

        I'll see if I can fix this issue by synchronizing access to AuthState instances or by updating the documentation.

        Oleg

        Show
        Oleg Kalnichevski added a comment - Lennart, The race condition is caused by HttpContext instance being shared for all threads of execution. While theoretically HttpContext can be shared by multiple execution threads, authentication state clearly cannot. I'll see if I can fix this issue by synchronizing access to AuthState instances or by updating the documentation. Oleg
        Oleg Kalnichevski made changes -
        Fix Version/s 4.2 Beta2 [ 12319860 ]
        Priority Major [ 3 ] Minor [ 4 ]
        Oleg Kalnichevski made changes -
        Component/s Documentation [ 12311015 ]
        Component/s HttpClient [ 12311010 ]
        Hide
        Oleg Kalnichevski added a comment -

        AuthState instances are inherently thread unsafe as they maintain conversation state that can span across multiple HTTP exchanges. I opted for just documenting the recommended way of using HttpContext in multithreaded applications (one HttpContext instance per thread of execution).

        Oleg

        Show
        Oleg Kalnichevski added a comment - AuthState instances are inherently thread unsafe as they maintain conversation state that can span across multiple HTTP exchanges. I opted for just documenting the recommended way of using HttpContext in multithreaded applications (one HttpContext instance per thread of execution). Oleg
        Oleg Kalnichevski made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Oleg Kalnichevski made changes -
        Fix Version/s 4.2 Final [ 12316086 ]
        Fix Version/s 4.2 Beta2 [ 12319860 ]
        Oleg Kalnichevski made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        4d 19h 52m 1 Oleg Kalnichevski 03/Mar/12 13:44
        Resolved Resolved Closed Closed
        581d 5h 57m 1 Oleg Kalnichevski 05/Oct/13 20:41

          People

          • Assignee:
            Unassigned
            Reporter:
            Lennart Diedrich
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development