hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kalnichevski, Oleg" <oleg.kalnichev...@bearingpoint.com>
Subject RE: Make HttpClient pick Basic Auth over NTLM?
Date Thu, 04 Dec 2003 17:17:47 GMT
Eric,
Actually we already have a feature request open for this one

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15297

With new preference architecture in place it should not take much to provide an option to
override the RFC mandated authentication scheme selection. I agree it is not right, but such
ability appears desirable in some cases. 

Oleg

-----Original Message-----
From: Eric Johnson [mailto:eric@tibco.com]
Sent: Thursday, December 04, 2003 15:31
To: Commons HttpClient Project
Subject: Re: Make HttpClient pick Basic Auth over NTLM?


I'm not sure that HttpClient should do anything different.

According to section 4.6 of RFC 2617, "A user agent MUST choose to use 
the strongest auth- scheme it understands and request credentials from 
the user based upon that challenge."

Since Basic is pretty darn weak, I'd say NTLM wins out every time.  Is 
this a point on which HttpClient should have an option to override the 
RFC mandated behavior?  As somewhat of a fanatic about security, my take 
is that you should be forced to do the right thing, and if you really 
want to, the source is there for you to modify.

-Eric.

anon permutation wrote:

>
> Hi,
>
> I am using a proxy server that supports both NTLM and Basic 
> Authentications.  How do I make HttpClient use Basic Auth. instead of 
> NTLM?  I am using 2.0-rc2.  Following is my code:
>
> --------------------------------------------------------------------------------------------------------------------

>
> HttpClient client = new HttpClient();
> HttpMethod method = null;
>
> client.getState().setProxyCredentials(null, new 
> UsernamePasswordCredentials("user","passwd"));
>
> HostConfiguration hc = client.getHostConfiguration();
> hc.setProxy("10.0.0.2", 80);
>
> method = new GetMethod(url);
> client.executeMethod(method);
> byte[] responseBody = method.getResponseBody();
> -----------------------------------------------------------------------------------------------------------------

>
>
> I am getting this error:
> Credentials cannot be used for NTLM authentication
>
>
> Thanks.
>
> _________________________________________________________________
> Browse styles for all ages, from the latest looks to cozy weekend wear 
> at MSN Shopping.  And check out the beauty products! 
> http://shopping.msn.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: 
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: 
> commons-httpclient-dev-help@jakarta.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message