hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Augusto de Oliveira Aragão <andre.augu...@ca.tco.net.br>
Subject RE: HTTPClient Ntlm Implementation
Date Thu, 17 Apr 2003 21:26:12 GMT
Adrian,

I'm sending the logs... Hope that helps.

Have a nice Easters Day!

Andre

-----Original Message-----
From: Adrian Sutton [mailto:adrian@intencha.com]
Sent: quinta-feira, 17 de abril de 2003 18:18
To: Commons HttpClient Project
Subject: Re: HTTPClient Ntlm Implementation


Andre,
This is very strange and is not my experience with NTLM.  I wonder if  
one of the more recent changes reduced the number of retries for  
authorization and thus prevents us from completing the authorization.   
I'll take a look into it once I get through the Good Friday church  
services this morning (Easters a busy time for an organist :) but in  
the mean time getting a full wire trace and trace log (trace level is  
more useful than debug level) would be quite useful.

Thanks for the detailed description of the problem, NTLM is a very  
difficult scheme to work with so getting as much detail as possible is  
greatly appreciated.

Regards,

Adrian Sutton.

On Friday, April 18, 2003, at 06:13  AM, André Augusto de Oliveira  
Aragão wrote:

> Sorry...
>
> Just forget the last message. The correct sequence should be:
>     httpclient -> Server   GET ...
>
>     Server -> httpclient   401 Unauthorized
>                            WWW-Authenticate: NTLM
>
>     httpclient -> Server   GET ...
>                            Authorization: NTLM
> TlRMTVNTUAABAAAAA7IAAAoACgApAAAACQAJACAAAABMSUdIVENJVFlVUlNBLU1JTk9S
>
>     Server -> httpclient   401 Unauthorized
>                            WWW-Authenticate: NTLM
> TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==
>
>     httpclient -> Server   GET ...
>              Authorization: NTLM
> TlRMTVNTUAADAAAAGAAYAHIAAAAYABgAigAAABQAFABAAAAADAAMAFQAAAASABIAYAAAAAA 
> AAACi
> AAAAAYIAAFUAUgBTAEEALQBNAEkATgBPAFIAWgBhAHAAaABvAGQATABJAEcASABUAEMASQB 
> UAFkA
> rYfKbe/jRoW5xDxHeoxC1gBmfWiS5+iX4OAN4xBKG/IFPwfH3agtPEia6YnhsADT
>
>     Server -> httpclient   200 Ok
>
> But actually it is:
>
>     httpclient -> Server   GET ...
>
>     Server -> httpclient   401 Unauthorized
>                            WWW-Authenticate: NTLM
>     <comment> I know that the connection must be closed here, and  
> httpclient
> handles it nicely (Connection: close header).   </comment>
>
>     httpclient -> Server   GET ...
>                            Authorization: NTLM
> TlRMTVNTUAABAAAAA7IAAAoACgApAAAACQAJACAAAABMSUdIVENJVFlVUlNBLU1JTk9S
>
>     Server -> httpclient   401 Unauthorized
>                            WWW-Authenticate: NTLM
> TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==
>
>     httpclient stops here, and returns 401.
>
> Andre
>
> -----Original Message-----
> From: André Augusto de Oliveira Aragão
> Sent: quinta-feira, 17 de abril de 2003 16:50
> To: 'Commons HttpClient Project'
> Subject: RE: HTTPClient Ntlm Implementation
>
>
> Debugging further, I discovered that httpclient always send  
> authorization:
> NTLM <base64-encoded message>. When it get the 401 reply, it sends the  
> NTLM
> <base64-encoded message type-1-message>, but does not process the  
> server
> reply WWW-Authenticate: NTLM <...>. In this point, it should reply with
> WWW-Authenticate: NTLM <base64-encoded type-2-message>, and after the  
> second
> server reply, it should reply with Authorization: NTLM <base64-encoded
> type-3-message>. The message types are described in the following  
> document:
> http://www.innovation.ch/java/ntlm.html. What am I missing?
>
> Regards,
>
> Andre
>
> -----Original Message-----
> From: André Augusto de Oliveira Aragão
> Sent: quinta-feira, 17 de abril de 2003 16:06
> To: 'commons-httpclient-dev@jakarta.apache.org'
> Subject: HTTPClient Ntlm Implementation
>
>
> HI!
>
> I am still having a bad time trying to make ntlm authentication work.  
> It
> always returns 401. I tried it against a IIS server and against a jboss
> server using a filter I developed a long time ago. This filter  
> simulates the
> ntlm authentication. I know that ntlm is done on connection  
> establishment,
> but if the server uses keep-alive (http 1.1), the filter works.  
> Debugging
> the filter, I find out that http-client uses only two steps to do ntlm
> authentication. Is it correct?
>
> Thanks in advance,
>
> Andre
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> commons-httpclient-dev-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:  
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:  
> commons-httpclient-dev-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org


Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message