hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saminda Abeyruwan <sami...@opensource.lk>
Subject Re: Automatic switch between Basic Auth and NTLM Auth
Date Thu, 14 Sep 2006 06:19:00 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oleg Kalnichevski wrote:
> On Wed, 2006-09-13 at 22:38 +0530, Saminda Abeyruwan wrote:
> Oleg Kalnichevski wrote:
>>>> On Wed, 2006-09-13 at 21:08 +0530, Saminda Abeyruwan wrote:
>>>> Oleg Kalnichevski wrote:
>>>>>>> On Wed, 2006-09-13 at 19:23 +0530, Saminda Abeyruwan wrote:
>>>>> ...
>>>>>>>> Saminda,
>>>>>>>> This credentials provider will cause HttpClient to enter
an infinite
>>>>>>>> loop if the given credentials are not valid for some reason
(due to a
>>>>>>>> type, for instance).
>>>>>>>> Essentially all you have to do to get the same net effect
is this:
>>>>>>>> String username = "username";
>>>>>>>> String password = "password";
>>>>>>>> String host = "somehost";
>>>>>>>> String realm = "realm";
>>>>>>>> NTCredentials creds = new NTCredentials(
>>>>>>>>   username, password, host, realm);
>>>>>>>> httpclient.getState().setCredentials(
>>>>>>>>  new AuthScope(host, AuthScope.ANY_PORT), 
>>>>>>>>  creds);
>>>>>>>> NTCredentials is a super class of UsernamePasswordCredentials,
so the
>>>>>>>> same set of credentials will work with Basic and Digest schemes.
>>>>>>>> Give it a shot.
>>>>>>>> Hope this helps
>>>>>>>> Oleg 
>>>> Hi Oleg,
>>>>
>>>> Thank you very much Oleg for such a quick response. Axis2 team really
>>>> appreciate this aid you have provided.
>>>>
>>>>
>>>>> Any time.
>>>> Since we are using NTCredentials, if the host required would be any host
>>>> and if the realm(domain) would be any, could we just pass null to host
>>>> and domain in NTCredentials object, and in scope it would be AuthScop.ANY.
>>>>
>>>> Please do assist us on this.
>>>>
>>>>
>>>>> No, you can't. The host and the domain attributes are required by the
>>>>> NTLM auth scheme, as they signify which NT domain the user is
>>>>> authenticating against. The AuthScope is used to signify what target
>>>>> hosts a given set of credentials applies to. If you want credentials
to
>>>>> apply to any host and any realm, you can set either host or realm (or
>>>>> both) to null.
>>>>> Oleg
> Hi Oleg,
> 
> A quick question, if i use the following
> Credentials creds = new NTCredentials(username, password, host, realm);
>                     httpclien.getState().setCredentials(new
> AuthScope(host, port, realm), creds);
> 
> The *host* and *realm*  in NTC and setCredentials should be same right?
> 
>> Not really. "Realm" in the context of NTCredentials is the NT domain. It
>> is actually unfortunate that Axis2 uses this term referring to NT
>> domains, whereas the NTLM authentication scheme does not support the
>> notion of a realm in terms of RFC 2617. The realm attribute of the
>> NTLMAuthScheme is _always_ null. 
> 
>> So, if you want an AuthScope to apply to NTLM authentication schemes
>> make sure its realm is always set to ANY.
> 
>> Credentials creds = new NTCredentials(username, password, host, realm);
>> httpclien.getState().setCredentials(
>>  new AuthScope(host, port, AuthScope.ANY_REALM), creds);
> 
>> Oleg

Hi Oleg,

Thank you for the response. You are absolutely right. Axis2 should
change the "realm" in NTC to "domain" and should keep the "realm" in
Authscope.

As a separate question, if Axis2 client uses NTC as credentials, and if
the server it connects give a challenge as Digest, it will still work
right.

Saminda




> 
> Saminda
> 
>>>> Saminda
>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
>>>>>>> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
>>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 
> 
>>
- ---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
>>
>>

> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFCPRUYmklbLuW6wYRAnrsAKC18oRonfaPadJa6/4NZhP36D0huQCfTFGo
J0ol4OZFI1hOBq5xcRvwzsw=
=xGjc
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message