From e2fa3ae38f0afbf56ab2021fe24a5a7ce2069df5 Mon Sep 17 00:00:00 2001
From: Oleg Kalnichevski <olegk@apache.org>
Date: Tue, 17 May 2011 12:54:14 +0000
Subject: [PATCH] HTTPCLIENT-1087: NTLM proxy authentication fails on retry if
 the underlying connection is closed as a result of a target authentication
 failure

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1104207 13f79535-47bb-0310-9956-ffa450edef68
---
 RELEASE_NOTES.txt                                    |  4 ++++
 .../http/impl/client/DefaultRequestDirector.java     | 12 ++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
index 7a7f0b8cf..831223db0 100644
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@@ -1,5 +1,9 @@
 Changes since 4.1.1
 
+* [HTTPCLIENT-1087] NTLM proxy authentication fails on retry if the underlying connection is closed
+  as a result of a target authentication failure.
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
 * [HTTPCLIENT-1079] Fixed Kerberos cross-realm support
   Contributed by Michael Osipov <1983-01-06 at gmx.net> 
 
diff --git a/httpclient/src/main/java/org/apache/http/impl/client/DefaultRequestDirector.java b/httpclient/src/main/java/org/apache/http/impl/client/DefaultRequestDirector.java
index 469f41e9b..9ba592b33 100644
--- a/httpclient/src/main/java/org/apache/http/impl/client/DefaultRequestDirector.java
+++ b/httpclient/src/main/java/org/apache/http/impl/client/DefaultRequestDirector.java
@@ -492,6 +492,8 @@ public class DefaultRequestDirector implements RequestDirector {
                         managedConn.markReusable();
                     } else {
                         managedConn.close();
+                        invalidateAuthIfSuccessful(this.proxyAuthState);                        
+                        invalidateAuthIfSuccessful(this.targetAuthState);                        
                     }
                     // check if we can use the same connection for the followup
                     if (!followup.getRoute().equals(roureq.getRoute())) {
@@ -1232,4 +1234,14 @@ public class DefaultRequestDirector implements RequestDirector {
         authState.setCredentials(creds);
     }
 
+    private void invalidateAuthIfSuccessful(final AuthState authState) {
+        AuthScheme authscheme = authState.getAuthScheme();
+        if (authscheme != null
+                && authscheme.isConnectionBased()
+                && authscheme.isComplete()
+                && authState.getCredentials() != null) {
+            authState.invalidate();
+        }
+    }
+
 } // class DefaultClientRequestDirector