hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Blanc, Isabelle" <Isabelle.Bl...@mairie-paris.fr>
Subject authentication ...
Date Wed, 31 Dec 2003 15:42:33 GMT
Hi everybody :)

and first of all, I wish you all an happy new year :)) 

and now is my question/remark (i don't know if it's better to post it here, or in the user
mailing list, or as a comment in bugzilla, but I don't want to cross post, so for now I post
it only here - let me know if I should cross post or add a comment in bugzilla) : 

- the proxy I had to go though was using NTLM, and I checkouted the HTTPCLIENT_2_0_BRANCH
tag sources from cvs.
- then the sysadmin decided to open a door for me in the proxy that would use only basic authentication.
So i though that replacing the NTCredentials with UsernamePasswordCredentials would be enough
- and it wasn't. The code was still returning a 407 - which is weird with basic auth.
- I finally found out where the "error" was (and now it works fine - only for me tho), but
I can't decide if it's because of the proxy (that returns a "wrong" answer) or because of
commons/httpclient code :
	* the proxy returns these challenges, in this order : ntlm - basic - kerberos - negotiate
	* in HttpAuthenticator.selectAuthScheme, after having built the challengemap, you go like
:
...
		challenge = (String) challengemap.get("ntlm");
		if (challenge != null) {
			return new NTLMScheme(challenge);
		}
		challenge = (String) challengemap.get("digest");
		if (challenge != null) {
			return new DigestScheme(challenge);
		}
		challenge = (String) challengemap.get("basic");
		if (challenge != null) {
			return new BasicScheme(challenge);
		}
...

I only commented out the 4 lines about NTLM (i know it's quick & dirty but .. i had to
make it work before 2004 ;] !)
Anyway, does it mean that the proxy should NOT return any ntlm challenge if it expects a basic
auth, even if it's for one single realm (all other realms (domains for ntlm) use NTLM auth)
?
Or does it mean there's something here in the code that needs to be twisted (like, the only
challenge that actually has a "value" is the basic one : if i print the challenge map i get

ntlm--NTLM
basic--Basic realm="hidden-sorry"
kerberos--Kerberos
negotiate--Negotiate
) ??

that was my 2 cents ....
hope you'll all have a nice nice new year's eve tonight :o) ! 

Isa

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message