[jira] [Commented] (HTTPCLIENT-2414) Wrong path prefix caching in BasicAuth

Tue, 10 Feb 2026 04:28:34 -0800 


    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-2414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18057560#comment-18057560
 ] 

Roland Praml commented on HTTPCLIENT-2414:
------------------------------------------

Thanks, yes the PR will solve the issue (see comments on GH)


> Wrong path prefix caching in BasicAuth
> --------------------------------------
>
>                 Key: HTTPCLIENT-2414
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2414
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (classic)
>    Affects Versions: 5.7-alpha1
>            Reporter: Roland Praml
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> We noticed, that the HttpClient does not properly cache the authentications, 
> when changing paths.
>  
> The [https://datatracker.ietf.org/doc/html/rfc7617#section-2.2] says, that 
> you can reuse credentials, when you are authenticated to the path prefix 
> before.
> This does not work in all cases.
> *How to reproduce*
> Take the {{testBasicAuthenticationCredentialsCachingByPathPrefix}} test and 
> modify it:
> {code:java}
> ...
>   for (final String requestPath : new String[]\{"/blah/a", "/blubb/b"}) {
> ...
>   Assertions.assertEquals(Arrays.asList(401, 200, 401, 200) // fails with 
> 401,200, 200
> {code}
> The expectation is, that you get a 401+200 for {{/blah/a}} and a 401+200 for 
> {{/blubb/b}}.
> But for the second call, the credentials are sent, without checking the 
> path-prefix and we get a 401,200 - 200 pattern.
> I've tracked down this a bit and see, that the {{AuthExchange.pathPrefix}} is 
> cleared in the {{reset()}} method.
> Note: When accessing {{/blah/a}} two times in a row, everything works as 
> expected. The second access to {{/blah/a}} fixes the cached value:
> {code:java}
> ...
>   for (final String requestPath : new String[]\{"/blah/a", "/blah/a", 
> "/blubb/b"}) {
> ...
>   Assertions.assertEquals(Arrays.asList(401, 200, 200, 401, 200) // this will 
> work
> {code}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to