'[jira] [Updated] (HTTPCLIENT-2086) NTLM Message parse Error'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-commons-dev
Subject:    [jira] [Updated] (HTTPCLIENT-2086) NTLM Message parse Error
From:       "Eric Kerwin (Jira)" <jira () apache ! org>
Date:       2020-06-30 15:08:00
Message-ID: JIRA.13311345.1592151709000.364655.1593529680487 () Atlassian ! JIRA
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/HTTPCLIENT-2086?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Eric Kerwin updated HTTPCLIENT-2086:
------------------------------------
    Attachment: ntlm working.txt

> NTLM Message parse Error
> ------------------------
> 
> Key: HTTPCLIENT-2086
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2086
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Affects Versions: 5.0
> Reporter: Michael Wagner
> Priority: Minor
> Fix For: 5.0.2
> 
> Attachments: ntlm 407 log and stacktrace.txt, ntlm working.txt, screenshot-1.png
> 
> Time Spent: 1h 10m
> Remaining Estimate: 0h
> 
> My Authentication endpoint returns an NTLM Message header like this:
> {code}
> "WWW-Authenticate: NTLM \
> TlRMTVNTUAACAAAABgAGADgAAAAF.....QByAGcALgBkAGUABwAIAMG9LHviQtYBAAAAAA==" {code}
> Upon reading this header with {{AuthChallengeParser}} hc parses this field using \
> the code in [line 70|https://github.com/apache/httpcomponents-client/blob/3730b03a99 \
> 308ff99769fdd60e80a43230cf5aac/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/AuthChallengeParser.java#L70]:
>  {code}
> if (!cursor.atEnd() && buffer.charAt(cursor.getPos()) == EQUAL_CHAR) {
> cursor.updatePos(cursor.getPos() + 1);
> final String value = tokenParser.parseValue(buffer, cursor, DELIMITER);
> return new BasicNameValuePair(token, value);
> }
> {code}
> When reading the first "=" char of the message, it interprets the value as a \
> key-value pair. The first part of the NTLM message being the key and the second "=" \
> the value. [Later|https://github.com/apache/httpcomponents-client/blob/3730b03a99308 \
> ff99769fdd60e80a43230cf5aac/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/AuthChallengeParser.java#L126] \
> an AuthChallenge is later created with {code}
> new AuthChallenge(challengeType, schemeName, null, params.size() > 0 ? params : \
> null); {code}
> where {{value}} is null and params a list containing the NTLM message without the \
> equals signs.  Without the "==" the next auth step fails.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic