hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: NTLM proxy auth
Date Tue, 14 Mar 2006 21:53:43 GMT
On Tue, 2006-03-14 at 14:37 -0500, Wagner, John (MED US) wrote:
> Hi,
> 
> I'm unanble to access internet urls from behind corporate proxy server.
> Here are the log results:
> 

John,

As far as I can tell HttpClient properly attempts to authenticate with
the proxy server using credentials you have provided, but the proxy
server rejects the request due to credentials being invalid.

There are two possibilities here:
(1) Credentials are indeed wrong. Make sure you got all four required
attributes right: username, password, domain and host

(2) The proxy server is configured to accept NTLMv2 requests only, which
HttpClient does not support. Presently only NTLMv1 is supported. This
you will have to take up with your infrastructure folks.

Hope this helps

Oleg


> 2006/03/14 14:24:40:270 EST [DEBUG] HttpClient - -Java version: 1.4.2_10
> 2006/03/14 14:24:40:270 EST [DEBUG] HttpClient - -Java vendor: Sun
> Microsystems Inc.
> 2006/03/14 14:24:40:270 EST [DEBUG] HttpClient - -Java class path:
> D:\Java\HttpClientNTLM;D:\Java\commons-httpclient-3.0-rc4\commons-httpcl
> ient-3.0-rc4.jar;D:\Java\rx_hub\log4j-1.2.7.jar;D:\Java\rx_hub\commons-l
> ogging.jar;D:\Java\rx_hub\commons-logging-api.jar;D:\Java\HttpClientNTLM
> \commons-codec-1.3.jar
> 2006/03/14 14:24:40:270 EST [DEBUG] HttpClient - -Operating system name:
> Windows XP
> 2006/03/14 14:24:40:270 EST [DEBUG] HttpClient - -Operating system
> architecture: x86
> 2006/03/14 14:24:40:270 EST [DEBUG] HttpClient - -Operating system
> version: 5.1
> 2006/03/14 14:24:40:488 EST [DEBUG] HttpClient - -SUN 1.42: SUN (DSA
> key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
> X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
> CertPathBuilder; LDAP, Collection CertStores)
> 2006/03/14 14:24:40:488 EST [DEBUG] HttpClient - -SunJSSE 1.42: Sun JSSE
> provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories,
> SSLv3, TLSv1)
> 2006/03/14 14:24:40:488 EST [DEBUG] HttpClient - -SunRsaSign 1.42: SUN's
> provider for RSA signatures
> 2006/03/14 14:24:40:488 EST [DEBUG] HttpClient - -SunJCE 1.42: SunJCE
> Provider (implements DES, Triple DES, AES, Blowfish, PBE,
> Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
> 2006/03/14 14:24:40:488 EST [DEBUG] HttpClient - -SunJGSS 1.0: Sun
> (Kerberos v5)
> 2006/03/14 14:24:40:504 EST [DEBUG] DefaultHttpParams - -Set parameter
> http.useragent = Jakarta Commons-HttpClient/3.0-rc4
> 2006/03/14 14:24:40:520 EST [DEBUG] DefaultHttpParams - -Set parameter
> http.protocol.version = HTTP/1.1
> 2006/03/14 14:24:40:520 EST [DEBUG] DefaultHttpParams - -Set parameter
> http.connection-manager.class = class
> org.apache.commons.httpclient.SimpleHttpConnectionManager
> 2006/03/14 14:24:40:520 EST [DEBUG] DefaultHttpParams - -Set parameter
> http.protocol.cookie-policy = rfc2109
> 2006/03/14 14:24:40:520 EST [DEBUG] DefaultHttpParams - -Set parameter
> http.protocol.element-charset = US-ASCII
> 2006/03/14 14:24:40:520 EST [DEBUG] DefaultHttpParams - -Set parameter
> http.protocol.content-charset = ISO-8859-1
> 2006/03/14 14:24:40:520 EST [DEBUG] DefaultHttpParams - -Set parameter
> http.method.retry-handler =
> org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@4413ee
> 2006/03/14 14:24:40:520 EST [DEBUG] DefaultHttpParams - -Set parameter
> http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE,
> dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy
> HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE
> dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy
> HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z,
> EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy
> HH:mm:ss z]
> 2006/03/14 14:24:40:613 EST [DEBUG] DefaultHttpParams - -Set parameter
> http.auth.scheme-priority = [NTLM]
> 2006/03/14 14:24:40:660 EST [DEBUG] DefaultHttpParams - -Set parameter
> http.method.retry-handler =
> org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@19a0c7c
> 2006/03/14 14:24:40:676 EST [DEBUG] HttpConnection - -Open connection to
> usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 14:24:40:707 EST [DEBUG] header - ->> "GET
> http://www.google.com/ HTTP/1.1[\r][\n]"
> 2006/03/14 14:24:40:707 EST [DEBUG] HttpMethodBase - -Adding Host
> request header
> 2006/03/14 14:24:40:723 EST [DEBUG] header - ->> "User-Agent: Jakarta
> Commons-HttpClient/3.0-rc4[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - ->> "Host:
> www.google.com[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - ->> "Proxy-Connection:
> Keep-Alive[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - ->> "[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - -<< "HTTP/1.1 407 Proxy
> Authentication Required ( The ISA Server requires authorization to
> fulfill the request. Access to the Web Proxy service is denied.
> )[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - -<< "Via: 1.1
> MLVV9W3A[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - -<< "Proxy-Authenticate:
> NTLM[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - -<< "Proxy-Authenticate:
> Kerberos[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - -<< "Proxy-Authenticate:
> Negotiate[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - -<< "Connection:
> close[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - -<< "Proxy-Connection:
> close[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - -<< "Pragma:
> no-cache[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - -<< "Cache-Control:
> no-cache[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - -<< "Content-Type:
> text/html[\r][\n]"
> 2006/03/14 14:24:40:723 EST [DEBUG] header - -<< "Content-Length:
> 2377[\r][\n]"
> 2006/03/14 14:24:40:738 EST [DEBUG] HttpMethodDirector - -Authorization
> required
> 2006/03/14 14:24:40:738 EST [DEBUG] AuthChallengeProcessor - -Supported
> authentication schemes in the order of preference: [NTLM]
> 2006/03/14 14:24:40:738 EST [INFO] AuthChallengeProcessor - -NTLM
> authentication scheme selected
> 2006/03/14 14:24:40:738 EST [DEBUG] AuthChallengeProcessor - -Using
> authentication scheme: ntlm
> 2006/03/14 14:24:40:738 EST [DEBUG] AuthChallengeProcessor -
> -Authorization challenge processed
> 2006/03/14 14:24:40:738 EST [DEBUG] HttpMethodDirector - -Proxy
> authentication scope: NTLM <any
> realm>@usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 14:24:40:738 EST [DEBUG] HttpMethodDirector - -Retry
> authentication
> 2006/03/14 14:24:40:738 EST [DEBUG] HttpMethodBase - -Should close
> connection in response to directive: close
> 2006/03/14 14:24:40:738 EST [DEBUG] HttpConnection - -Connection is
> locked.  Call to releaseConnection() ignored.
> 2006/03/14 14:24:40:738 EST [DEBUG] HttpMethodDirector - -Authenticating
> with NTLM <any realm>@usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 14:24:40:754 EST [DEBUG] HttpMethodParams - -Credential
> charset not configured, using HTTP element charset
> 2006/03/14 14:24:40:754 EST [DEBUG] HttpConnection - -Open connection to
> usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 14:24:40:754 EST [DEBUG] header - ->> "GET
> http://www.google.com/ HTTP/1.1[\r][\n]"
> 2006/03/14 14:24:40:754 EST [DEBUG] HttpMethodBase - -Adding Host
> request header
> 2006/03/14 14:24:40:754 EST [DEBUG] header - ->> "User-Agent: Jakarta
> Commons-HttpClient/3.0-rc4[\r][\n]"
> 2006/03/14 14:24:40:754 EST [DEBUG] header - ->> "Proxy-Connection:
> Keep-Alive[\r][\n]"
> 2006/03/14 14:24:40:754 EST [DEBUG] header - ->> "Proxy-Authorization:
> NTLM TlRMTVNTUAABAAAABlIAAAUABQAgAAAAAAAAACAAAABXVzAwNQ==[\r][\n]"
> 2006/03/14 14:24:40:754 EST [DEBUG] header - ->> "Host:
> www.google.com[\r][\n]"
> 2006/03/14 14:24:40:754 EST [DEBUG] header - ->> "[\r][\n]"
> 2006/03/14 14:24:40:754 EST [DEBUG] header - -<< "HTTP/1.1 407 Proxy
> Authentication Required ( Access is denied.  )[\r][\n]"
> 2006/03/14 14:24:40:754 EST [DEBUG] header - -<< "Via: 1.1
> MLVV9W3A[\r][\n]"
> 2006/03/14 14:24:40:754 EST [DEBUG] header - -<< "Proxy-Authenticate:
> NTLM
> TlRMTVNTUAACAAAABQAFADgAAAAGAoECmfaWYQKDFtIAAAAAAAAAAIQAhAA9AAAABQCTCAAA
> AA9XVzAwNQIACgBXAFcAMAAwADUAAQAQAE0ATABWAFYAOQBXADMAQQAEACIAdwB3ADAAMAA1
> AC4AcwBpAGUAbQBlAG4AcwAuAG4AZQB0AAMANABNAEwAVgBWADkAVwAzAEEALgB3AHcAMAAw
> ADUALgBzAGkAZQBtAGUAbgBzAC4AbgBlAHQAAAAAAA==[\r][\n]"
> 2006/03/14 14:24:40:754 EST [DEBUG] header - -<< "Pragma:
> no-cache[\r][\n]"
> 2006/03/14 14:24:40:754 EST [DEBUG] header - -<< "Cache-Control:
> no-cache[\r][\n]"
> 2006/03/14 14:24:40:754 EST [DEBUG] header - -<< "Content-Type:
> text/html[\r][\n]"
> 2006/03/14 14:24:40:754 EST [DEBUG] header - -<< "Content-Length:
> 0[\r][\n]"
> 2006/03/14 14:24:40:754 EST [DEBUG] HttpMethodDirector - -Authorization
> required
> 2006/03/14 14:24:40:754 EST [DEBUG] AuthChallengeProcessor - -Using
> authentication scheme: ntlm
> 2006/03/14 14:24:40:754 EST [DEBUG] AuthChallengeProcessor -
> -Authorization challenge processed
> 2006/03/14 14:24:40:754 EST [DEBUG] HttpMethodDirector - -Proxy
> authentication scope: NTLM <any
> realm>@usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 14:24:40:754 EST [DEBUG] HttpMethodDirector - -Retry
> authentication
> 2006/03/14 14:24:40:754 EST [DEBUG] HttpMethodBase - -Resorting to
> protocol version default close connection policy
> 2006/03/14 14:24:40:754 EST [DEBUG] HttpMethodBase - -Should NOT close
> connection, using HTTP/1.1
> 2006/03/14 14:24:40:754 EST [DEBUG] HttpConnection - -Connection is
> locked.  Call to releaseConnection() ignored.
> 2006/03/14 14:24:40:754 EST [DEBUG] HttpMethodDirector - -Authenticating
> with NTLM <any realm>@usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 14:24:40:754 EST [DEBUG] HttpMethodParams - -Credential
> charset not configured, using HTTP element charset
> 2006/03/14 14:24:41:082 EST [DEBUG] header - ->> "GET
> http://www.google.com/ HTTP/1.1[\r][\n]"
> 2006/03/14 14:24:41:082 EST [DEBUG] HttpMethodBase - -Adding Host
> request header
> 2006/03/14 14:24:41:082 EST [DEBUG] header - ->> "User-Agent: Jakarta
> Commons-HttpClient/3.0-rc4[\r][\n]"
> 2006/03/14 14:24:41:082 EST [DEBUG] header - ->> "Proxy-Connection:
> Keep-Alive[\r][\n]"
> 2006/03/14 14:24:41:082 EST [DEBUG] header - ->> "Proxy-Authorization:
> NTLM
> TlRMTVNTUAADAAAAGAAYAE0AAAAAAAAAZQAAAAUABQBAAAAACAAIAEUAAAAAAAAATQAAAAAA
> AABlAAAABlIAAFdXMDA1V0FHTkpPMDAQ4mAvKC3MMQyQtYi9kagvJq31bv+ufNg=[\r][\n]
> "
> 2006/03/14 14:24:41:082 EST [DEBUG] header - ->> "Host:
> www.google.com[\r][\n]"
> 2006/03/14 14:24:41:082 EST [DEBUG] header - ->> "[\r][\n]"
> 2006/03/14 14:24:41:238 EST [DEBUG] header - -<< "HTTP/1.1 407 Proxy
> Authentication Required ( The ISA Server requires authorization to
> fulfill the request. Access to the Web Proxy service is denied.
> )[\r][\n]"
> 2006/03/14 14:24:41:238 EST [DEBUG] header - -<< "Via: 1.1
> MLVV9W3A[\r][\n]"
> 2006/03/14 14:24:41:238 EST [DEBUG] header - -<< "Proxy-Authenticate:
> NTLM[\r][\n]"
> 2006/03/14 14:24:41:238 EST [DEBUG] header - -<< "Proxy-Authenticate:
> Kerberos[\r][\n]"
> 2006/03/14 14:24:41:238 EST [DEBUG] header - -<< "Proxy-Authenticate:
> Negotiate[\r][\n]"
> 2006/03/14 14:24:41:238 EST [DEBUG] header - -<< "Connection:
> close[\r][\n]"
> 2006/03/14 14:24:41:238 EST [DEBUG] header - -<< "Proxy-Connection:
> close[\r][\n]"
> 2006/03/14 14:24:41:238 EST [DEBUG] header - -<< "Pragma:
> no-cache[\r][\n]"
> 2006/03/14 14:24:41:238 EST [DEBUG] header - -<< "Cache-Control:
> no-cache[\r][\n]"
> 2006/03/14 14:24:41:238 EST [DEBUG] header - -<< "Content-Type:
> text/html[\r][\n]"
> 2006/03/14 14:24:41:238 EST [DEBUG] header - -<< "Content-Length:
> 2377[\r][\n]"
> 2006/03/14 14:24:41:238 EST [DEBUG] HttpMethodDirector - -Authorization
> required
> 2006/03/14 14:24:41:238 EST [DEBUG] AuthChallengeProcessor - -Using
> authentication scheme: ntlm
> 2006/03/14 14:24:41:238 EST [DEBUG] AuthChallengeProcessor -
> -Authorization challenge processed
> 2006/03/14 14:24:41:238 EST [DEBUG] HttpMethodDirector - -Proxy
> authentication scope: NTLM <any
> realm>@usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 14:24:41:238 EST [DEBUG] HttpMethodDirector - -Proxy
> credentials required
> 2006/03/14 14:24:41:254 EST [DEBUG] HttpMethodDirector - -Proxy
> credentials provider not available
> 2006/03/14 14:24:41:254 EST [INFO] HttpMethodDirector - -Failure
> authenticating with NTLM <any realm>@usi00-proxy.ww005.siemens.net:8080
> Method failed: HTTP/1.1 407 Proxy Authentication Required ( The ISA
> Server requires authorization to fulfill the request. Access to the Web
> Proxy service is denied.  )
> 2006/03/14 14:24:41:254 EST [DEBUG] HttpMethodBase - -Buffering response
> body
> 2006/03/14 14:24:41:254 EST [DEBUG] HttpMethodBase - -Should close
> connection in response to directive: close
> 2006/03/14 14:24:41:254 EST [DEBUG] HttpConnection - -Releasing
> connection back to connection manager.
> 
> 
> -------------------------------------------------------------------------------
> This message and any included attachments are from Siemens Medical Solutions
> USA, Inc. and are intended only for the addressee(s). 
> The information contained herein may include trade secrets or privileged or
> otherwise confidential information.  Unauthorized review, forwarding, printing,
> copying, distributing, or using such information is strictly prohibited and may
> be unlawful.  If you received this message in error, or have reason to believe
> you are not authorized to receive it, please promptly delete this message and
> notify the sender by e-mail with a copy to Central.SecurityOffice@shs.siemens.com
> 
> Thank you
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message