hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 19969] - Problems with redirect when NTLM authentication is used
Date Fri, 16 May 2003 17:53:03 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19969>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19969

Problems with redirect when NTLM authentication is used

olegk@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Problems with ---GetMethod  |Problems with redirect when
                   |                            |NTLM authentication is used



------- Additional Comments From olegk@apache.org  2003-05-16 17:53 -------
Omar,

We still can't rule out a bug in the HttpClient that has been causing this
problem, however, the server also clearly plays a part in it. Have a look for
yourself: with the 25022003 build the server responds with 200 status code,
whereas with the 15052003 build it responds with 203 status code (redirect) and
'connection: close' header. 


25 Feb

10:30:37:171 EDT [DEBUG] wire - ->> "GET /script/action=GetValue&NAME& HTTP/1.1"
[\r\n]

10:30:37:202 EDT [DEBUG] wire - -<< "HTTP/1.1 401 Access Denied" [\r\n]

10:30:37:218 EDT [DEBUG] wire - -<< "WWW-Authenticate: NTLM" [\r\n]

10:30:37:218 EDT [DEBUG] wire - -<< "Connection: close" [\r\n]

10:30:40:139 EDT [DEBUG] wire - ->> "GET /script/action=GetValue&NAME& HTTP/1.1"
[\r\n]

10:30:44:764 EDT [DEBUG] wire - ->> "Authorization: *******" [\r\n]

10:30:44:764 EDT [DEBUG] wire - -<< "HTTP/1.1 401 Access Denied" [\r\n]

10:30:44:780 EDT [DEBUG] wire - -<< "WWW-Authenticate: NTLM *******" [\r\n]

10:30:47:968 EDT [DEBUG] wire - ->> "GET /script/action=GetValue&NAME& HTTP/1.1"
[\r\n]

10:30:47:999 EDT [DEBUG] wire - ->> "Authorization: NTLM *******" [\r\n]

10:30:48:421 EDT [DEBUG] wire - -<< "HTTP/1.1 200 OK

10:30:52:452 EDT [DEBUG] wire - -<< "Connection: close

Build 11 May

18:37:41:124 EDT [DEBUG] wire - ->> "GET /script/action=GetValue&NAME&
HTTP/1.1[\r][\n]"

18:37:41:170 EDT [DEBUG] wire - -<< "HTTP/1.1 401 Access Denied[\r][\n]"
18:37:41:217 EDT [DEBUG] wire - -<< "WWW-Authenticate: NTLM[\r][\n]"

18:37:41:233 EDT [DEBUG] wire - -<< "Connection: close[\r][\n]"

18:37:57:420 EDT [DEBUG] wire - ->> "GET /script/action=GetValue&NAME&
HTTP/1.1[\r][\n]"

18:37:57:467 EDT [DEBUG] wire - ->> "Authorization: NTLM *******[\r][\n]"

18:37:57:483 EDT [DEBUG] wire - -<< "HTTP/1.1 401 Access Denied[\r][\n]"

18:37:57:561 EDT [DEBUG] wire - -<< "WWW-Authenticate: NTLM *******[\r][\n]"

18:38:12:577 EDT [DEBUG] wire - ->> "GET /script/action=GetValue&NAME&
HTTP/1.1[\r][\n]"

18:38:12:639 EDT [DEBUG] wire - ->> "Authorization: NTLM ******[\r][\n]"

18:38:19:795 EDT [DEBUG] wire - -<< "HTTP/1.1 302 Object Moved[\r][\n]"
18:38:19:889 EDT [DEBUG] wire - -<< "Location:

http://somar:80/script/func=login&NextURL=http://somar:80/script/action=GetValue&NAME&
[\r][\n]"

18:38:19:952 EDT [DEBUG] wire - ->> "GET

/Livelink/livelink.exe?func=LL.getlogin&NextURL=%2FLivelink%2Flivelink%2Eexe%3Ffunc%3Dll%26objId%3D15491%26vernum%3D1%26objAction%3DcsiGetProperties%26%26CSI_DocName%26
HTTP/1.1[\r][\n]"

18:38:20:030 EDT [DEBUG] wire - ->> "Authorization: NTLM ******[\r][\n]"

18:38:26:405 EDT [DEBUG] wire - -<< "HTTP/1.1 401 Access Denied[\r][\n]"

18:38:26:452 EDT [DEBUG] wire - -<< "WWW-Authenticate: NTLM[\r][\n]"



This is kind of weird. Cookies also looks quite fishy to me. I can't tell more
without having some additional input from you regarding the use of cookies in
your application.

Adrian,

What we have to look into is why HttpClient can't re-authenticate correctly
after having received a redirect to another URL along with 'connection: close'
header. Does HttpClient handle things right? If you remember I was concerned
about using the complete NTLM challenge as an authentication realm key. Can it
be the reason?

Cheers

Oleg

Mime
View raw message