Return-Path: Delivered-To: apmail-jakarta-commons-httpclient-dev-archive@www.apache.org Received: (qmail 40244 invoked from network); 27 May 2004 11:57:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 27 May 2004 11:57:19 -0000 Received: (qmail 56310 invoked by uid 500); 27 May 2004 11:57:11 -0000 Delivered-To: apmail-jakarta-commons-httpclient-dev-archive@jakarta.apache.org Received: (qmail 56174 invoked by uid 500); 27 May 2004 11:57:10 -0000 Mailing-List: contact commons-httpclient-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Commons HttpClient Project" Reply-To: "Commons HttpClient Project" Delivered-To: mailing list commons-httpclient-dev@jakarta.apache.org Received: (qmail 56083 invoked by uid 98); 27 May 2004 11:57:10 -0000 Received: from x.frisaye@t4hr.com by hermes.apache.org by uid 82 with qmail-scanner-1.20 (clamuko: 0.70. Clear:RC:0(212.166.42.105):. Processed in 0.034746 secs); 27 May 2004 11:57:10 -0000 X-Qmail-Scanner-Mail-From: x.frisaye@t4hr.com via hermes.apache.org X-Qmail-Scanner: 1.20 (Clear:RC:0(212.166.42.105):. Processed in 0.034746 secs) Received: from unknown (HELO coko.t4hr.com) (212.166.42.105) by hermes.apache.org with SMTP; 27 May 2004 11:57:09 -0000 content-class: urn:content-classes:message Subject: RE: NTLM authentication problem Date: Thu, 27 May 2004 14:00:27 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: NTLM authentication problem Thread-Index: AcRD4jNX/339n9/6RFqUE+znPzrWRA== X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 From: "Xavier Frisaye" To: "Commons HttpClient Project" X-Spam-Rating: hermes.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Hi,=20 You could try this when setting the credentials, specify the hostname = parameter : client.getState().setCredentials( null, hostname, credentials ); client.getState().setAuthenticationPreemptive( true ); I use HttpClient with Slide project to connect to Exchange server in = webdav and this code seems to work perfectly. Regards Xavier Frisaye -----Original Message----- From: Fuhrmann, Hauke [mailto:Hauke.Fuhrmann@airbus.com] Sent: mercredi 26 mai 2004 11:44 To: 'Commons HttpClient Project' Subject: AW: NTLM authentication problem Hi there, I'm kinda frustrated here. Not your fault at all, frustrated about MS support, cause there isn't any. I'm trying it here again, maybe here are any IIS pros who can give me a little hint: Can I tell the IIS to give me more info in the logfile anyhow? Need info about why the authentification process failed. Greetings, Hauke Fuhrmann Airbus Deutschland GmbH ECYA3 - Cabin Communication Systems & Application Kreetslag 10 21129 Hamburg, Germany Phone: +49 (0) 40 743 - 88260 Mail: hauke.fuhrmann@airbus.com > -----Urspr=FCngliche Nachricht----- > Von: Kalnichevski, Oleg [mailto:oleg.kalnichevski@bearingpoint.com] > Gesendet: Montag, 3. Mai 2004 16:32 > An: Commons HttpClient Project > Betreff: RE: NTLM authentication problem >=20 >=20 >=20 > Hauke, > NTLM problems are notoriously difficult to troubleshoot.=20 > Usually it all boils down to extensive guesswork. > (1) is user name in the fully-qualified format:=20 > /? If yes, use the account name only > (2) do you have any 'funny' characters in the password (like=20 > German umlauts, for instance)? If yes, try using an account=20 > with plain US-ASCII password >=20 > Oleg >=20 > -----Original Message----- > From: Fuhrmann, Hauke [mailto:Hauke.Fuhrmann@airbus.com] > Sent: Monday, May 03, 2004 16:11 > To: 'commons-httpclient-dev@jakarta.apache.org' > Subject: NTLM authentication problem >=20 >=20 > Hi there, >=20 > I hope you can help me with a little problem I got: >=20 > I have to download a file from a MS IIS webserver which uses NTLM > authentification. The only client I performed a successful=20 > download with is > MS IE. But I have to use a Java client, so I tried the jakarta commons > httpclient. I implemented a test class which sets the correct=20 > NTCredentials > and performs the request. The source looks somehow like this: >=20 > String url =3D "http://host/index.html"; > NTCredentials creds =3D > new NTCredentials( > "username", > "password", > "hostname", > "domain"); > HttpClient client =3D new HttpClient(); > HttpMethod method =3D new GetMethod(url); > client.getState().setCredentials(null, null, creds); >=20 > where 'username', 'password', 'hostname' and 'domain' are=20 > changed with the > correct values for the server. > After running > int statusCode =3D client.executeMethod(method); > I get the following logfile output: >=20 > --------------------------------------- >=20 > [DEBUG] HttpClient - -Java version: 1.4.2 > [DEBUG] HttpClient - -Java vendor: Sun Microsystems Inc. > [DEBUG] HttpClient - -Operating system name: Windows 2000 > [DEBUG] HttpClient - -Operating system architecture: x86 > [DEBUG] HttpClient - -Operating system version: 5.0 > [DEBUG] HttpClient - -SUN 1.42: SUN (DSA key/parameter generation; DSA > signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS > keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP,=20 > Collection > CertStores) > [DEBUG] HttpClient - -SunJSSE 1.42: Sun JSSE provider(implements RSA > Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1) > [DEBUG] HttpClient - -SunRsaSign 1.42: SUN's provider for RSA=20 > signatures > [DEBUG] HttpClient - -SunJCE 1.42: SunJCE Provider=20 > (implements DES, Triple > DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1) > [DEBUG] HttpClient - -SunJGSS 1.0: Sun (Kerberos v5) > [DEBUG] HttpConnection - -HttpConnection.setSoTimeout(0) > [DEBUG] HttpMethodBase - -Execute loop try 1 > [DEBUG] wire - ->> "GET /index.html HTTP/1.1[\r][\n]" > [DEBUG] HttpMethodBase - -Adding Host request header > [DEBUG] wire - ->> "User-Agent: Jakarta > Commons-HttpClient/2.0final[\r][\n]" > [DEBUG] wire - ->> "Host: host[\r][\n]" > [DEBUG] wire - ->> "[\r][\n]" > [DEBUG] wire - -<< "HTTP/1.1 401 Access Denied[\r][\n]" > [DEBUG] wire - -<< "Server: Microsoft-IIS/5.0[\r][\n]" > [DEBUG] wire - -<< "Date: Mon, 03 May 2004 12:47:03 GMT[\r][\n]" > [DEBUG] wire - -<< "WWW-Authenticate: Negotiate[\r][\n]" > [DEBUG] wire - -<< "WWW-Authenticate: NTLM[\r][\n]" > [DEBUG] wire - -<< "Connection: close[\r][\n]" > [DEBUG] wire - -<< "Content-Length: 24[\r][\n]" > [DEBUG] wire - -<< "Content-Type: text/html[\r][\n]" > [DEBUG] HttpMethodBase - -Authorization required > [DEBUG] HttpAuthenticator - -Authenticating with the default=20 > authentication > realm at host > [DEBUG] HttpMethodBase - -HttpMethodBase.execute(): Server demanded > authentication credentials, will try again. > [DEBUG] wire - -<< "Error: Access is Denied." > [DEBUG] HttpMethodBase - -Should close connection in response to > Connection: close >=20 > [DEBUG] HttpMethodBase - -Execute loop try 2 > [DEBUG] HttpMethodBase - -Opening the connection. > [DEBUG] wire - ->> "GET /index.html HTTP/1.1[\r][\n]" > [DEBUG] HttpMethodBase - -Request to add Host header ignored: header > already added > [DEBUG] wire - ->> "User-Agent: Jakarta > Commons-HttpClient/2.0final[\r][\n]" > [DEBUG] wire - ->> "Host: host[\r][\n]" > [DEBUG] wire - ->> "Authorization: NTLM > TlRMTVNTUAABAAAABlIAABgAGAAoAAAACAAIACAAAABEMDE1Nzc4MkFGSVMuUk > 9DS1dFTExDT0x > MSU5TLkNPTQ=3D=3D[\r][\n]" > [DEBUG] wire - ->> "[\r][\n]" > [DEBUG] wire - -<< "HTTP/1.1 401 Access Denied[\r][\n]" > [DEBUG] wire - -<< "Server: Microsoft-IIS/5.0[\r][\n]" > [DEBUG] wire - -<< "Date: Mon, 03 May 2004 12:47:03 GMT[\r][\n]" > [DEBUG] wire - -<< "WWW-Authenticate: NTLM > TlRMTVNTUAACAAAABAAEADAAAAAGAoEAfy2cSecyuJ8AAAAAAAAAAI4AjgA0AA > AAQUZJUwIACAB > BAEYASQBTAAEACABBAE4AUwBVAAQAMABhAGYAaQBzAC4AcgBvAGMAawB3AGUAb > ABsAGMAbwBsAG > wAaQBuAHMALgBjAG8AbQADADoAYQBuAHMAdQAuAGEAZgBpAHMALgByAG8AYwBr > AHcAZQBsAGwAY > wBvAGwAbABpAG4AcwAuAGMAbwBtAAAAAAA=3D[\r][\n]" > [DEBUG] wire - -<< "Content-Length: 24[\r][\n]" > [DEBUG] wire - -<< "Content-Type: text/html[\r][\n]" > [DEBUG] HttpMethodBase - -Authorization required > [DEBUG] HttpAuthenticator - -Authenticating with the default=20 > authentication > realm at host > [DEBUG] HttpMethodBase - -HttpMethodBase.execute(): Server demanded > authentication credentials, will try again. > [DEBUG] wire - -<< "Error: Access is Denied." > [DEBUG] HttpMethodBase - -Resorting to protocol version default close > connection policy > [DEBUG] HttpMethodBase - -Should NOT close connection, using HTTP/1.1. > [DEBUG] HttpMethodBase - -Execute loop try 3 > [DEBUG] wire - ->> "GET /index.html HTTP/1.1[\r][\n]" > [DEBUG] HttpMethodBase - -Request to add Host header ignored: header > already added > [DEBUG] wire - ->> "User-Agent: Jakarta > Commons-HttpClient/2.0final[\r][\n]" > [DEBUG] wire - ->> "Host: host[\r][\n]" > [DEBUG] wire - ->> "Authorization: NTLM > TlRMTVNTUAADAAAAGAAYAGkAAAAAAAAAgQAAABgAGABAAAAACQAJAFgAAAAIAA > gAYQAAAAAAAAC > BAAAABlIAAEFGSVMuUk9DS1dFTExDT0xMSU5TLkNPTVJPT1RBRE1JTkQwMTU3N > zgyJGvqRAbUDM > au2Xvs7/czsCLtV0s5fmPn[\r][\n]" > [DEBUG] wire - ->> "[\r][\n]" > [DEBUG] wire - -<< "HTTP/1.1 401 Access Denied[\r][\n]" > [DEBUG] wire - -<< "Server: Microsoft-IIS/5.0[\r][\n]" > [DEBUG] wire - -<< "Date: Mon, 03 May 2004 12:47:05 GMT[\r][\n]" > [DEBUG] wire - -<< "WWW-Authenticate: Negotiate[\r][\n]" > [DEBUG] wire - -<< "WWW-Authenticate: NTLM[\r][\n]" > [DEBUG] wire - -<< "Connection: close[\r][\n]" > [DEBUG] wire - -<< "Content-Length: 24[\r][\n]" > [DEBUG] wire - -<< "Content-Type: text/html[\r][\n]" > [DEBUG] HttpMethodBase - -Authorization required > [INFO] HttpMethodBase - -Already tried to authenticate with 'null' > authentication realm at ansu, but still receiving: HTTP/1.1 401 Access > Denied > [DEBUG] HttpMethodBase - -Buffering response body > [DEBUG] wire - -<< "Error: Access is Denied." > [DEBUG] HttpMethodBase - -Should close connection in response to > Connection: close >=20 > Error: Access is Denied. >=20 > -------------------------------------------------------------- > ------------- > ---------------- >=20 > So after the handshake the authentification was not=20 > successful. What went > wrong? I cannot see too much in that NTLM message, but in=20 > comparison to the > messages the MS IE sends they look a bit different. I logged=20 > the traffic > the MS IE does and it looks like this: >=20 > -------------------------------------------------------------- > ------------- > ----------------- >=20 > GET /index.html HTTP/1.1 > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, > application/vnd.ms-powerpoint, application/vnd.ms-excel, > application/msword, application/x-shockwave-flash, */* > Accept-Language: de > Accept-Encoding: gzip, deflate > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT=20 > 5.0; H010818) > Host: host > Connection: Keep-Alive > Authorization: NTLM TlRMTVNTUAABAAAAB4IIoAAAAAAAAAAAAAAAAAAAAAA=3D >=20 > HTTP/1.1 401 Access Denied > Server: Microsoft-IIS/5.0 > Date: Mon, 03 May 2004 12:43:27 GMT > WWW-Authenticate: NTLM > TlRMTVNTUAACAAAACAAIADAAAAAFgomgUZrE0tSyEkwAAAAAAAAAAI4AjgA4AA > AAQQBGAEkAUwA > CAAgAQQBGAEkAUwABAAgAQQBOAFMAVQAEADAAYQBmAGkAcwAuAHIAbwBjAGsAd > wBlAGwAbABjAG > 8AbABsAGkAbgBzAC4AYwBvAG0AAwA6AGEAbgBzAHUALgBhAGYAaQBzAC4AcgBv > AGMAawB3AGUAb > ABsAGMAbwBsAGwAaQBuAHMALgBjAG8AbQAAAAAA > Content-Length: 24 > Content-Type: text/html >=20 > Error: Access is Denied. >=20 > GET /index.html HTTP/1.1 > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, > application/vnd.ms-powerpoint, application/vnd.ms-excel, > application/msword, application/x-shockwave-flash, */* > Accept-Language: de > Accept-Encoding: gzip, deflate > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT=20 > 5.0; H010818) > Host: host > Connection: Keep-Alive > Authorization: NTLM > TlRMTVNTUAADAAAAGAAYAJIAAAC+AL4AqgAAADAAMABAAAAAEgASAHAAAAAQAB > AAggAAAAAAAAB > oAQAABYKIoGEAZgBpAHMALgByAG8AYwBrAHcAZQBsAGwAYwBvAGwAbABpAG4Ac > wAuAGMAbwBtAH > IAbwBvAHQAYQBkAG0AaQBuAEQAMAAxADUANwA3ADgAMgAFd79T6lFtE0X9Kr8E > zRokwS2McGRle > u2ElDAdnU93j14Z3czOQSPUAQEAAAAAAAAwrDw7DDHEAcEtjHBkZXrtAAAAAAI > ACABBAEYASQBT > AAEACABBAE4AUwBVAAQAMABhAGYAaQBzAC4AcgBvAGMAawB3AGUAbABsAGMAbw > BsAGwAaQBuAHM > ALgBjAG8AbQADADoAYQBuAHMAdQAuAGEAZgBpAHMALgByAG8AYwBrAHcAZQBsA > GwAYwBvAGwAbA > BpAG4AcwAuAGMAbwBtAAAAAAAAAAAA >=20 > HTTP/1.1 200 OK > Server: Microsoft-IIS/5.0 > Cache-Control: no-cache > Expires: Mon, 03 May 2004 12:43:27 GMT > Date: Mon, 03 May 2004 12:43:27 GMT > Content-Type: text/xml > Accept-Ranges: bytes > Last-Modified: Mon, 03 May 2004 12:43:22 GMT > ETag: "90c5c38c31c41:8b0" > Content-Length: 62746 >=20 > [...] >=20 > -------------------------------------------------------------- > ------------- > ---------- >=20 > As you see the second message from the MS IE client is much=20 > longer than the > second message of the jakarta httpclient. Does it submit any extra > information needed by the NTLM algorithm? Is this a bug or any other > setting I forgot to set? Can anybody help? Any help would be=20 > appreciated. > Thanks a lot. >=20 >=20 >=20 > Hauke Fuhrmann >=20 > Airbus Deutschland GmbH > ECYA3 - Cabin Communication Systems & Application > Kreetslag 10 > 21129 Hamburg, Germany >=20 > Phone: +49 (0) 40 743 - 88260 > Mail: hauke.fuhrmann@airbus.com >=20 >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail:=20 > commons-httpclient-dev-unsubscribe@jakarta.apache.org > For additional commands, e-mail:=20 > commons-httpclient-dev-help@jakarta.apache.org >=20 >=20 > ************************************************************** > ************************************* > The information in this email is confidential and may be=20 > legally privileged. Access to this email by anyone other=20 > than the intended addressee is unauthorized. If you are not=20 > the intended recipient of this message, any review,=20 > disclosure, copying, distribution, retention, or any action=20 > taken or omitted to be taken in reliance on it is prohibited=20 > and may be unlawful. If you are not the intended recipient,=20 > please reply to or forward a copy of this message to the=20 > sender and delete the message, any attachments, and any=20 > copies thereof from your system. > ************************************************************** > ************************************* >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail:=20 > commons-httpclient-dev-unsubscribe@jakarta.apache.org > For additional commands, e-mail:=20 > commons-httpclient-dev-help@jakarta.apache.org >=20 >=20 > This mail has originated outside your organization, > either from an external partner or the Global Internet.=20 > Keep this in mind if you answer this message. >=20 --------------------------------------------------------------------- To unsubscribe, e-mail: = commons-httpclient-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: = commons-httpclient-dev-help@jakarta.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org