Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1938

OS resources leak in HttpAuthenticator/WindowsNegotiateScheme

    XMLWordPrintableJSON

    Details

      Description

      I've discovered a resource leak in Http authentication process on Windows, when Negotiate method is used.  It manifests itself as a slow memory leak in lsass.exe process. Every time a Negotiate authentication is performed a handle to  client credentials and a handle to security context are leaked. The direct reason for it is that dispose() method from WindowsNegotiateScheme class is never called.
      As far I understand the interaction between HttpAuthenticator and WindowsNegotiateScheme, it is caused by HttpAuthenticator not processing final authentication header, as it goes directly to the SUCCESS state. Without processing final authentication header, WindowsNegotiateScheme class doesn't have a chance to complete security context initialisation. which is the cause for not releasing OS resources.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                marcin.krystianc Marcin Krystianc
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: