axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Dunphy (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AXIS2-4595) No Credentials provider found when authenticating with NTLM
Date Thu, 26 Apr 2012 18:30:25 GMT

    [ https://issues.apache.org/jira/browse/AXIS2-4595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13262833#comment-13262833
] 

Peter Dunphy commented on AXIS2-4595:
-------------------------------------

I think there is some confusion in the authenticator credential look-up stuff for AXIS2 where
the "host" is confused with the "workstation" when it comes to retrieving the credentials.

When sending out the TYPE 1 and type 3 NTLM messages in AXIS2, If you do a wireshark trace
and reverse engineer the NTLM data sent it uses the "authenticator.setHost(this.host)" as
the WORKSTATION field in the NTLM protocol as you might expect.

However who ever wrote the piece that retrieves the credentials prior to sending out and generates
the error message "No credentials available for NTLM <any realm>@host:port" has mistaken
the "authenticator.setHost(this.host)" as the remote host (not the client workstation). If
there is is no entry made for the remote host via "authenticator.setHost(this.host)" then
you get this error. Really there should be two methods "authenticator.setWorkstation()" and
"authenticator.setRemoteHost()".

In the end this means the NTLM stuff is essentially broken.



                
> No Credentials provider found when authenticating with NTLM
> -----------------------------------------------------------
>
>                 Key: AXIS2-4595
>                 URL: https://issues.apache.org/jira/browse/AXIS2-4595
>             Project: Axis2
>          Issue Type: Bug
>          Components: transports
>    Affects Versions: 1.5.1
>         Environment: windows, NTLM authentication against Exchange WS 2007
>            Reporter: Dominique Jean-Prost
>
> I'm meeting a problem I really can't resolve and after reading many lines of code in
axis2, here where I am :
> - I'm trying to call a ms exchange 2007 WS
> - I setup I think my authentication code using this kind of code :
>          final Options options = this.serviceExchange._getServiceClient().getOptions();
>          final Authenticator authenticator = new Authenticator();
>  
>          // Cf. http://ws.apache.org/axis2/1_5_1/http-transport.html#preemptive_auth
>          final List<String> authScheme = new ArrayList<String>();
>          authScheme.add(Authenticator.NTLM);
>          authScheme.add(Authenticator.BASIC);
>  
>          authenticator.setAuthSchemes(authScheme);
>          authenticator.setUsername(this.username);
>          authenticator.setPassword(this.password);
>          authenticator.setHost(this.host);
>          authenticator.setDomain(this.domain);
>          authenticator.setPort(this.port);
>  
>          options.setTimeOutInMilliSeconds(this.timeout);
>          options.setProperty(HTTPConstants.CHUNKED, "false");
>          options.setProperty(HTTPConstants.REUSE_HTTP_CLIENT, "true");
>          options.setProperty(HTTPConstants.AUTHENTICATE, authenticator);
>  
>          this.serviceExchange._getServiceClient().setOptions(options);
> I then get the following execution logs where you can see that there is no credential
providers found.
> So I searched the net, and found this http://markmail.org/search/list:org%2Eapache%2Ews%2Eaxis-dev+CredentialsProvider
where you can see that the credential providers was first added and the deleted in org/apache/axis2/transport/http/AbstractHTTPSender.java
> Execution log:
> HttpMethodDirector.java:843)     - Authorization required
> 2009-12-21 12:01:11,447 DEBUG org.apache.commons.httpclient.HttpMethodDirector (    
  HttpMethodDirector.java:662)     - enter HttpMethodBase.processAuthenticationResponse(HttpState,
HttpConnection)
> 2009-12-21 12:01:11,447 DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor
(   AuthChallengeProcessor.java:90)     - Supported authentication schemes in the order of
preference: [NTLM, Basic]
> 2009-12-21 12:01:11,447 INFO  org.apache.commons.httpclient.auth.AuthChallengeProcessor
(   AuthChallengeProcessor.java:101)     - NTLM authentication scheme selected
> 2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor
(   AuthChallengeProcessor.java:155)     - Using authentication scheme: ntlm
> 2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor
(   AuthChallengeProcessor.java:163)     - Authorization challenge processed
> 2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.HttpMethodDirector (    
  HttpMethodDirector.java:714)     - Authentication scope: NTLM <any realm>@mercure:443
> 2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.HttpState (             
  HttpState.java:436)     - enter HttpState.getCredentials(AuthScope)
> 2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.HttpMethodDirector (    
  HttpMethodDirector.java:861)     - Credentials required
> 2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.HttpMethodDirector (    
  HttpMethodDirector.java:879)     - Credentials provider not available
> 2009-12-21 12:01:11,463 INFO  org.apache.commons.httpclient.HttpMethodDirector (    
  HttpMethodDirector.java:737)     - No credentials available for NTLM <any realm>@mercure:443
> 2009-12-21 12:01:11,463 DEBUG org.apache.axis2.transport.http.HTTPSender (          
    HTTPSender.java:278)     - Handling response - 401

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message