hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Augusto de Oliveira Aragão <andre.augu...@ca.tco.net.br>
Subject RE: HTTPClient Ntlm Implementation
Date Thu, 17 Apr 2003 19:49:43 GMT
Debugging further, I discovered that httpclient always send authorization:
NTLM <base64-encoded message>. When it get the 401 reply, it sends the NTLM
<base64-encoded message type-1-message>, but does not process the server
reply WWW-Authenticate: NTLM <...>. In this point, it should reply with
WWW-Authenticate: NTLM <base64-encoded type-2-message>, and after the second
server reply, it should reply with Authorization: NTLM <base64-encoded
type-3-message>. The message types are described in the following document:
http://www.innovation.ch/java/ntlm.html. What am I missing?



-----Original Message-----
From: André Augusto de Oliveira Aragão 
Sent: quinta-feira, 17 de abril de 2003 16:06
To: 'commons-httpclient-dev@jakarta.apache.org'
Subject: HTTPClient Ntlm Implementation


I am still having a bad time trying to make ntlm authentication work. It
always returns 401. I tried it against a IIS server and against a jboss
server using a filter I developed a long time ago. This filter simulates the
ntlm authentication. I know that ntlm is done on connection establishment,
but if the server uses keep-alive (http 1.1), the filter works. Debugging
the filter, I find out that http-client uses only two steps to do ntlm
authentication. Is it correct?

Thanks in advance,


View raw message