Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1938

OS resources leak in HttpAuthenticator/WindowsNegotiateScheme

    XMLWordPrintableJSON

Details

    Description

      I've discovered a resource leak in Http authentication process on Windows, when Negotiate method is used.  It manifests itself as a slow memory leak in lsass.exe process. Every time a Negotiate authentication is performed a handle to  client credentials and a handle to security context are leaked. The direct reason for it is that dispose() method from WindowsNegotiateScheme class is never called.
      As far I understand the interaction between HttpAuthenticator and WindowsNegotiateScheme, it is caused by HttpAuthenticator not processing final authentication header, as it goes directly to the SUCCESS state. Without processing final authentication header, WindowsNegotiateScheme class doesn't have a chance to complete security context initialisation. which is the cause for not releasing OS resources.

      Attachments

        Issue Links

          depends upon

          Task - A task that needs to be done. HTTPCLIENT-1625 Completely overhaul GSS-API-based authentication backend

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              marcin.krystianc Marcin Krystianc
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: