hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: FW: HttpClient authentication problem.
Date Fri, 18 May 2007 20:15:59 GMT
On Fri, 2007-05-18 at 11:27 +0200, Ortwin Glück wrote:
> Pankaj,
> 
> With the multithreaded conn manager you can try and set the
> "Connection: close" header with each request. This should effectively 
> disable keep-alive connections. If that doesn't work well with your 
> server, it's probably best to implement your own connection manager that 
> is thread-safe but still closes connections when they are returned to 
> the "pool".
> 
> Oleg, Roland, do you see other possibilities?
> 

I am afraid not. HttpClient 3.x treats all connections as stateless and
does not take into account stateful authentication schemes such as NTLM
or certificate based user SSL authentication. Dropping connections upon
release is the only way to ensure they do not get re-used by some other
user.

Oleg


> Ortwin
> 
> Pankaj Arora wrote:
> > Hi Ortwin,
> > There is a problem:
> > 
> > In real scenario- I am using a design which looks something like this 
> > 
> > Single instance of HttpClient->Single Instance of MultithreadedConnectionManger.
> > 
> > Now these are used by multiple threads to acquire instance of client(which is created
using a single instance of Multithreaded connection manager) and calls something like 
> > 
> > getSingletonInstance().executeMethod(hostconfig,method,state);
> > 
> > Where
> > 
> > HttpClient getSingletonInstance(){
> > //This is implmented as singleton and returns
> > new HttpClient(new MultithreadedConnectionManager());
> > }
> > 
> > Then each request is executed. Now until I undeploy(clean up) the whole application
the second thread using the same instance of HttpClient do not authenticate for the second
request.
> > 
> > I understand that if I were using the SimpleHttpConnectionMAnger I could have used
the new HttpClient(new SimpleHttpConnectionManager(true)); as suggested by you  to close the
connection and would have worked for me. I have tried and it do work for me.
> > 
> > 
> > But in this case while using multithreaded connection  manager I don't know what
to do. 
> > 
> > Also please note that I am using the stable version 3.0.1 which doesn't have API
call like you have just suggested.
> > Though I have tried your suggestion on 3.1rc1 and it worked well.
> > 
> > Will appreciate your thoughts on this.
> > 
> > Thanks,
> > Pankaj Arora
> > 
> > 
> > 
> > 
> > 
> > -----Original Message-----
> > From: Ortwin Glück [mailto:odi@odi.ch] 
> > Sent: Friday, May 18, 2007 1:44 PM
> > To: HttpComponents Project
> > Subject: Re: FW: HttpClient authentication problem.
> > 
> > Pankaj,
> > 
> > BASIC auth authenticates only a request.
> > NTLM auth however authenticates a whole connection!
> > 
> > So if the connection is reused no further authentication will be requested. That's
what you are seeing. If you want to authenticate each request, you must make sure that the
connection is closed after the request. You can achieve this by disabling connection pooling:
> > 
> > new HttpClient(new SimpleHttpConnectionManager(true));
> > 
> > Cheers
> > 
> > Ortwin
> > 
> > Pankaj Arora wrote:
> >>  
> >>
> >> ________________________________
> >>
> >> From: Pankaj Arora
> >> Sent: Thursday, May 17, 2007 4:24 PM
> >> To: 'httpcomponents-dev-info@jakarta.apache.org';
> >> 'httpcomponents-dev-faq@jakarta.apache.org'
> >> Subject: HttpClient authentication problem.
> >>
> >>
> >> Hi,
> >> I am using Http Client to authenticate to IIS web Server for doing 
> >> NTLM authentication. Here's the description of sample codes I am using:
> >>  
> >>  
> >> Program1 :: This code create 2 state,method,host configuration and use 
> >> a single instance of httpClient to execute method. Please not that in 
> >> first go I give the correct credentials for NTLM authentication and in 
> >> the second go I give the wrong credentials. In the response I observe 
> >> that I get http code 200 and in second go I don't even see 
> >> authentication happening when data is captured over ethereal.
> >>  
> >> Program2:: This code also create 2 state,method,host configuration but 
> >> use separate instance of httpClient to execute method. Please not that 
> >> in first go I give the correct credentials for NTLM authentication and 
> >> in the second go I give the wrong credentials. In the response I 
> >> observe that I get http code 200 and in second go I get response code as 401.
> >>  
> >> The problem is I want to use single instance of HttpClient and also 
> >> want that session info is not maintained over the requests. Simply 
> >> speaking I want behavior 2 to happen when their is single instance of HttpClient.
> >> Is there a way to do this?
> >>  
> >>  
> >>  
> >> Code and response received from server for reference.
> >>  
> >> Program1:
> >> ______________________________________________________________________
> >> __ ___________________________________________________________
> >>     // Create an instance of HttpClient.
> >>     HttpClient client1 = new HttpClient();
> >>     HttpMethod _method1 = new GetMethod(url);
> >>     HttpState _httpState1 = new HttpState();
> >>     HostConfiguration hostConfig1 = new HostConfiguration();
> >>     UsernamePasswordCredentials credentials1;
> >>     credentials1 = new
> >> NTCredentials("administrator","password","host","domain");
> >>  
> >>     AuthScope authScope1 = new AuthScope("host",port,domain,"NTLM");
> >>  
> >>     _httpState1.setCredentials(authScope1,credentials1);
> >>     hostConfig1.setHost("host"port);
> >>  
> >>     try {
> >>       // Execute the method.
> >>       int statusCode =
> >> client1.executeMethod(hostConfig1,_method1,_httpState1);
> >>  
> >>       System.out.println("Status code :" + statusCode);
> >>       if (statusCode != HttpStatus.SC_OK) {
> >>         System.err.println("Method failed: " + 
> >> _method1.getStatusLine()
> >> + "StatusCode:" + statusCode);
> >>       }
> >>  
> >>       // Read the response body.
> >>       byte[] responseBody = _method1.getResponseBody();
> >>  
> >>  
> >>       Header[] responseHeaders = _method1.getResponseHeaders();
> >>       //      Header header;
> >>  
> >> System.out.println("--------------------------------------------------
> >> -- -----------------------------------");
> >>       for( Header header : responseHeaders){
> >>    System.out.println("Headers is " + header.getName() + "and the 
> >> value is :" + header.getValue());
> >>       }
> >>  
> >>  
> >>     HttpMethod _method2 = new GetMethod(url);
> >>     HttpState _httpState2 = new HttpState();
> >>     HostConfiguration hostConfig2 = new HostConfiguration();
> >>     UsernamePasswordCredentials credentials2;
> >>     credentials2 = new NTCredentials("administrator","wrong
> >> password","host","domain");
> >>  
> >>     AuthScope authScope2 = new AuthScope("host",port,"host","domain");
> >>  
> >>     _httpState2.setCredentials(authScope2,credentials2);
> >>     hostConfig2.setHost("host",port);
> >>     _httpState2.setCredentials(authScope2,credentials2);
> >>       statusCode =
> >> client1.executeMethod(hostConfig2,_method2,_httpState2);
> >>  
> >>       System.out.println("Status code :" + statusCode);
> >>       if (statusCode != HttpStatus.SC_OK) {
> >>         System.err.println("Method failed: " + 
> >> _method2.getStatusLine()
> >> + "StatusCode:" + statusCode);
> >>       }
> >>  
> >>       // Read the response body.
> >>        responseBody = _method2.getResponseBody();
> >>       responseHeaders = _method2.getResponseHeaders();
> >>       //      Header header;
> >>  
> >> System.out.println("--------------------------------------------------
> >> -- -----------------------------------");
> >>       for( Header header : responseHeaders){
> >>    System.out.println("Headers is " + header.getName() + "and the 
> >> value is :" + header.getValue());
> >>       }
> >> ______________________________________________________________________
> >> __ __________________________________________________________________
> >>  
> >> Response 1:
> >> ______________________________________________________________________
> >> __ ___________________________________________________________________
> >> May 17, 2007 2:40:17 AM
> >> org.apache.commons.httpclient.auth.AuthChallengeProcessor
> >> selectAuthScheme
> >> INFO: ntlm authentication scheme selected Status code :200
> >> ----------------------------------------------------------------------
> >> --
> >> ---------------
> >> Headers is Content-Lengthand the value is :51 Headers is 
> >> Content-Typeand the value is :text/html Headers is Last-Modifiedand 
> >> the value is :Sat, 14 Apr 2007 08:44:30 GMT Headers is 
> >> Accept-Rangesand the value is :bytes Headers is ETagand the value is 
> >> :"5cc42b1e717ec71:11d9"
> >> Headers is Serverand the value is :Microsoft-IIS/6.0 Headers is 
> >> Dateand the value is :Thu, 17 May 2007 09:30:53 GMT Status code :200
> >> ----------------------------------------------------------------------
> >> --
> >> ---------------
> >> Headers is Content-Lengthand the value is :51 Headers is 
> >> Content-Typeand the value is :text/html Headers is Last-Modifiedand 
> >> the value is :Sat, 14 Apr 2007 08:44:30 GMT Headers is 
> >> Accept-Rangesand the value is :bytes Headers is ETagand the value is 
> >> :"5cc42b1e717ec71:11d9"
> >> Headers is Serverand the value is :Microsoft-IIS/6.0 Headers is 
> >> Dateand the value is :Thu, 17 May 2007 09:30:53 GMT 
> >> ______________________________________________________________________
> >> __ ____________________________________________________________
> >>  
> >>  
> >> Program2:
> >> ______________________________________________________________________
> >> __ ______________________________________________________________
> >>  
> >>     // Create an instance of HttpClient.
> >>     HttpClient client1 = new HttpClient();
> >>     HttpMethod _method1 = new GetMethod(url);
> >>     HttpState _httpState1 = new HttpState();
> >>     HostConfiguration hostConfig1 = new HostConfiguration();
> >>     UsernamePasswordCredentials credentials1;
> >>     credentials1 = new
> >> NTCredentials("administrator","password","host","domain");
> >>  
> >>     AuthScope authScope1 = new AuthScope("host",port,domain,"NTLM");
> >>  
> >>     _httpState1.setCredentials(authScope1,credentials1);
> >>     hostConfig1.setHost("host"port);
> >>  
> >>     try {
> >>       // Execute the method.
> >>       int statusCode =
> >> client1.executeMethod(hostConfig1,_method1,_httpState1);
> >>  
> >>       System.out.println("Status code :" + statusCode);
> >>       if (statusCode != HttpStatus.SC_OK) {
> >>         System.err.println("Method failed: " + 
> >> _method1.getStatusLine()
> >> + "StatusCode:" + statusCode);
> >>       }
> >>  
> >>       // Read the response body.
> >>       byte[] responseBody = _method1.getResponseBody();
> >>  
> >>  
> >>       Header[] responseHeaders = _method1.getResponseHeaders();
> >>       //      Header header;
> >>  
> >> System.out.println("--------------------------------------------------
> >> -- -----------------------------------");
> >>       for( Header header : responseHeaders){
> >>    System.out.println("Headers is " + header.getName() + "and the 
> >> value is :" + header.getValue());
> >>       }
> >>  
> >>  HttpClient client2 = new HttpClient();
> >>     HttpMethod _method2 = new GetMethod(url);
> >>     HttpState _httpState2 = new HttpState();
> >>     HostConfiguration hostConfig2 = new HostConfiguration();
> >>     UsernamePasswordCredentials credentials2;
> >>     credentials2 = new NTCredentials("administrator","wrong
> >> password","host","domain");
> >>  
> >>     AuthScope authScope2 = new AuthScope("host",port,"host","domain");
> >>  
> >>     _httpState2.setCredentials(authScope2,credentials2);
> >>     hostConfig2.setHost("host",port);
> >>     _httpState2.setCredentials(authScope2,credentials2);
> >>       statusCode =
> >> client2.executeMethod(hostConfig2,_method2,_httpState2);
> >>  
> >>       System.out.println("Status code :" + statusCode);
> >>       if (statusCode != HttpStatus.SC_OK) {
> >>         System.err.println("Method failed: " + 
> >> _method2.getStatusLine()
> >> + "StatusCode:" + statusCode);
> >>       }
> >>  
> >>       // Read the response body.
> >>        responseBody = _method2.getResponseBody();
> >>       responseHeaders = _method2.getResponseHeaders();
> >>       //      Header header;
> >>  
> >> System.out.println("--------------------------------------------------
> >> -- -----------------------------------");
> >>       for( Header header : responseHeaders){
> >>    System.out.println("Headers is " + header.getName() + "and the 
> >> value is :" + header.getValue());
> >>       }
> >> ______________________________________________________________________
> >> __ __________________________________________________________________
> >>  
> >> Response 2:
> >> ______________________________________________________________________
> >> __ ___________________________________________________________________
> >> May 17, 2007 3:43:07 AM
> >> org.apache.commons.httpclient.auth.AuthChallengeProcessor
> >> selectAuthScheme
> >> INFO: ntlm authentication scheme selected Status code :200
> >> ----------------------------------------------------------------------
> >> --
> >> ---------------
> >> Headers is Content-Lengthand the value is :51 Headers is 
> >> Content-Typeand the value is :text/html Headers is Last-Modifiedand 
> >> the value is :Sat, 14 Apr 2007 08:44:30 GMT Headers is 
> >> Accept-Rangesand the value is :bytes Headers is ETagand the value is 
> >> :"5cc42b1e717ec71:11e1"
> >> Headers is Serverand the value is :Microsoft-IIS/6.0 Headers is 
> >> Dateand the value is :Thu, 17 May 2007 10:33:42 GMT May 17, 2007 
> >> 3:43:08 AM org.apache.commons.httpclient.auth.AuthChallengeProcessor
> >> selectAuthScheme
> >> INFO: ntlm authentication scheme selected May 17, 2007 3:43:08 AM 
> >> org.apache.commons.httpclient.HttpMethodDirector
> >> processWWWAuthChallenge
> >> INFO: Failure authenticating with NTLM <any realm>@vm3-ntlm-01:8589 
> >> Status code :401 Method failed: HTTP/1.1 401 
> >> UnauthorizedStatusCode:401
> >> ----------------------------------------------------------------------
> >> --
> >> ---------------
> >> Headers is Content-Lengthand the value is :1539 Headers is 
> >> Content-Typeand the value is :text/html Headers is Serverand the value 
> >> is :Microsoft-IIS/6.0 Headers is WWW-Authenticateand the value is 
> >> :Negotiate Headers is WWW-Authenticateand the value is :NTLM Headers 
> >> is Dateand the value is :Thu, 17 May 2007 10:33:42 GMT 
> >> ______________________________________________________________________
> >> __ _______________________________________________________________
> >>
> > 
> > --
> > [web]  http://www.odi.ch/
> > [blog] http://www.odi.ch/weblog/
> > [pgp]  key 0x81CF3416
> >         finger print F2B1 B21F F056 D53E 5D79 A5AF 02BE 70F5 81CF 3416
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org
> > 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org


Mime
View raw message