Comments (18)
rburgst
commented on July 23, 2024
Sounds like you are talking to a faulty server that sends a Digest challenge without a nonce, which would IMHO be illegal. Is there any way that you could capture a HTTP trace?
from okhttp-digest.
emauro
commented on July 23, 2024
We have more than 100.000 sessions per day and we have just a few dozen reports, so I don't think it is the server. Also, older versions of the app, using a different lib for http (async-http) and the iOS version do not show the problem. I cannot reproduce it so I will not be able to capture a HTTP trace. I have other stack traces if you need. Let me know if you need any other info.
from okhttp-digest.
emauro
commented on July 23, 2024
Some more info. Analysing the log files I noticed that the error happens after some calls, i.e., it is not the first call. Here a different stack trace, with a different error message. Perhaps it is related.
java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.String.equals(java.lang.Object)' on a null object reference
at com.burgstaller.okhttp.digest.DigestAuthenticator.createDigestHeader(DigestAuthenticator.java:289)
at com.burgstaller.okhttp.digest.DigestAuthenticator.authenticateWithState(DigestAuthenticator.java:190)
at com.burgstaller.okhttp.digest.DigestAuthenticator.authenticate(DigestAuthenticator.java:148)
at com.burgstaller.okhttp.DispatchingAuthenticator.authenticate(DispatchingAuthenticator.java:45)
at com.burgstaller.okhttp.CachingAuthenticatorDecorator.authenticate(CachingAuthenticatorDecorator.java:30)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.followUpRequest(RetryAndFollowUpInterceptor.java:283)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:153)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at com.burgstaller.okhttp.AuthenticationCacheInterceptor.intercept(AuthenticationCacheInterceptor.java:37)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at com.xxxxxxx.xxxxxxx.singleton.HTTPClient$1.intercept(HTTPClient.java:64)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:170)
at okhttp3.RealCall.access$100(RealCall.java:33)
at okhttp3.RealCall$AsyncCall.execute(RealCall.java:120)
at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
from okhttp-digest.
rburgst
commented on July 23, 2024
I am 99% certain that your server is sometimes not sending out a nonce which IMHO is not legal
https://tools.ietf.org/html/rfc2617#section-3.2.1
I can add some more logging so that the exception would also print out the WWW-authenticate header which would clarify this issue.
from okhttp-digest.
rburgst
commented on July 23, 2024
one more thing, are you using the authenticator on multiple threads in parallel? I can see an issue if you are running multiple threads and there is a race between the first one (for the caching) and the subsequent one.
from okhttp-digest.
rburgst
commented on July 23, 2024
I have added some preliminary improvements for multi-threaded operation.
from okhttp-digest.
emauro
commented on July 23, 2024
Indeed, it is possible that sometimes multiple threads can be running making requests. If you add some logging I can generate a new build and upload it to the store.
from okhttp-digest.
rburgst
commented on July 23, 2024
I haven't released a new version yet but if you can build the lib yourself you can try the current master, this should add some concurrency protection so it should work better.
from okhttp-digest.
emauro
commented on July 23, 2024
I am trying to add the master to gradle but it always fail. Checking JitPack there is a report informing that there is an error in the build script.
from okhttp-digest.
rburgst
commented on July 23, 2024
the build works fine on the CI environment. Are you sure you are building with gradlew?
from okhttp-digest.
emauro
commented on July 23, 2024
I am using the following line in my gradle file.
compile 'com.github.rburgst:okhttp-digest:master-SNAPSHOT'
Jitpack log shows an error when I build my project.
from okhttp-digest.
rburgst
commented on July 23, 2024
That won't work as I don't release snapshots to bintray. I will release a version for you.
from okhttp-digest.
emauro
commented on July 23, 2024
Thanks!
from okhttp-digest.
rburgst
commented on July 23, 2024
done, please upgrade to 1.8 and let me know if it fixes the problem.
from okhttp-digest.
emauro
commented on July 23, 2024
The new build was released and till now no more reports. So I think it solved the problem. Thank you very much!
from okhttp-digest.
emauro
commented on July 23, 2024
In the last 24 hours I haven't received any report. In the previous version I received more than 3000 reports. I just received with the new version one report, but with a different message (null object reference). Do you want the stack trace?
from okhttp-digest.
rburgst
commented on July 23, 2024
sure thing.
from okhttp-digest.
emauro
commented on July 23, 2024
ava.lang.NullPointerException: Attempt to invoke virtual method 'byte[] java.lang.String.getBytes(java.lang.String)' on a null object reference
at com.burgstaller.okhttp.digest.DigestAuthenticator.getBytes(DigestAuthenticator.java:452)
at com.burgstaller.okhttp.digest.DigestAuthenticator.createDigestHeader(DigestAuthenticator.java:335)
at com.burgstaller.okhttp.digest.DigestAuthenticator.authenticateWithState(DigestAuthenticator.java:197)
at com.burgstaller.okhttp.DispatchingAuthenticator.authenticateWithState(DispatchingAuthenticator.java:55)
at com.burgstaller.okhttp.AuthenticationCacheInterceptor.intercept(AuthenticationCacheInterceptor.java:32)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at com.xxxxxxxxx.xxxxx.singleton.HTTPClient$1.intercept(HTTPClient.java:64)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:170)
at okhttp3.RealCall.access$100(RealCall.java:33)
at okhttp3.RealCall$AsyncCall.execute(RealCall.java:120)
at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
from okhttp-digest.
Related Issues (20)
- IncompatibleClassChangeError using digest access authentication and latest OkHttp HOT 4
- Explain how to run ProxyAuthenticationManualTest HOT 4
- java.lang.NoSuchMethodError with okhttp 4.3.0 HOT 1
- Error code 401 HOT 5
- Authentication Cache Concurrent Modification Exception HOT 3
- Still getting 401 after Authentication Challenge HOT 8
- Http proxy with digest auth, error when server sends HTTP-301 redirect HOT 2
- How to use UTF-8 in basic and digest access authentication HOT 7
- Failed to resolve: com.burgstaller:okhttp-digest:1.19 HOT 5
- How to use OkHttp 3.12.x which supports API level 9+ in okhttp-digest HOT 3
- Copyright missing HOT 1
- Jcenter closing in May HOT 5
- Latest 1.x version is not in Maven Central HOT 2
- How can I Set Realm and Client Nonce in ADVANCED of Authorization Digest Auth HOT 3
- Send initial request with authentication header HOT 6
- java.lang.NoSuchFieldError HOT 17
- After putting app idle for some time it gives 401 issue for authorised request HOT 6
- Authentication fails if the site being accessed during proxy setup is HTTPS and digest authentication is used. HOT 4
- Are the `com.burgstaller:okhttp-digest` artifacts hosted on any public repo? HOT 5
- org.springframework.web.util.NestedServletException: Handler dispatch failed; nested exception is **java.lang.IncompatibleClassChangeError**: Expected static method okhttp3.internal.http.RequestLine.requestPath(Lokhttp3/HttpUrl;)Ljava/lang/String; HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from okhttp-digest.