hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ortwin Gl├╝ck <...@odi.ch>
Subject Re: FW: HttpClient authentication problem.
Date Fri, 18 May 2007 08:14:18 GMT
Pankaj,

BASIC auth authenticates only a request.
NTLM auth however authenticates a whole connection!

So if the connection is reused no further authentication will be 
requested. That's what you are seeing. If you want to authenticate each 
request, you must make sure that the connection is closed after the 
request. You can achieve this by disabling connection pooling:

new HttpClient(new SimpleHttpConnectionManager(true));

Cheers

Ortwin

Pankaj Arora wrote:
>  
> 
> ________________________________
> 
> From: Pankaj Arora 
> Sent: Thursday, May 17, 2007 4:24 PM
> To: 'httpcomponents-dev-info@jakarta.apache.org';
> 'httpcomponents-dev-faq@jakarta.apache.org'
> Subject: HttpClient authentication problem.
> 
> 
> Hi,
> I am using Http Client to authenticate to IIS web Server for doing NTLM
> authentication. Here's the description of sample codes I am using:
>  
>  
> Program1 :: This code create 2 state,method,host configuration and use a
> single instance of httpClient to execute method. Please not that in
> first go I give the correct credentials for NTLM authentication and in
> the second go I give the wrong credentials. In the response I observe
> that I get http code 200 and in second go I don't even see
> authentication happening when data is captured over ethereal.
>  
> Program2:: This code also create 2 state,method,host configuration but
> use separate instance of httpClient to execute method. Please not that
> in first go I give the correct credentials for NTLM authentication and
> in the second go I give the wrong credentials. In the response I observe
> that I get http code 200 and in second go I get response code as 401. 
>  
> The problem is I want to use single instance of HttpClient and also want
> that session info is not maintained over the requests. Simply speaking I
> want behavior 2 to happen when their is single instance of HttpClient.
> Is there a way to do this?
>  
>  
>  
> Code and response received from server for reference.
>  
> Program1:
> ________________________________________________________________________
> ___________________________________________________________
>     // Create an instance of HttpClient.
>     HttpClient client1 = new HttpClient();
>     HttpMethod _method1 = new GetMethod(url);
>     HttpState _httpState1 = new HttpState();
>     HostConfiguration hostConfig1 = new HostConfiguration();
>     UsernamePasswordCredentials credentials1;
>     credentials1 = new
> NTCredentials("administrator","password","host","domain");
>  
>     AuthScope authScope1 = new AuthScope("host",port,domain,"NTLM");
>  
>     _httpState1.setCredentials(authScope1,credentials1);
>     hostConfig1.setHost("host"port);
>  
>     try {
>       // Execute the method.
>       int statusCode =
> client1.executeMethod(hostConfig1,_method1,_httpState1);
>  
>       System.out.println("Status code :" + statusCode);
>       if (statusCode != HttpStatus.SC_OK) {
>         System.err.println("Method failed: " + _method1.getStatusLine()
> + "StatusCode:" + statusCode);
>       }
>  
>       // Read the response body.
>       byte[] responseBody = _method1.getResponseBody();
>  
>  
>       Header[] responseHeaders = _method1.getResponseHeaders();
>       //      Header header;
>  
> System.out.println("----------------------------------------------------
> -----------------------------------");
>       for( Header header : responseHeaders){
>    System.out.println("Headers is " + header.getName() + "and the value
> is :" + header.getValue());
>       }
>  
>  
>     HttpMethod _method2 = new GetMethod(url);
>     HttpState _httpState2 = new HttpState();
>     HostConfiguration hostConfig2 = new HostConfiguration();
>     UsernamePasswordCredentials credentials2;
>     credentials2 = new NTCredentials("administrator","wrong
> password","host","domain");
>  
>     AuthScope authScope2 = new AuthScope("host",port,"host","domain");
>  
>     _httpState2.setCredentials(authScope2,credentials2);
>     hostConfig2.setHost("host",port);
>     _httpState2.setCredentials(authScope2,credentials2);
>       statusCode =
> client1.executeMethod(hostConfig2,_method2,_httpState2);
>  
>       System.out.println("Status code :" + statusCode);
>       if (statusCode != HttpStatus.SC_OK) {
>         System.err.println("Method failed: " + _method2.getStatusLine()
> + "StatusCode:" + statusCode);
>       }
>  
>       // Read the response body.
>        responseBody = _method2.getResponseBody();
>       responseHeaders = _method2.getResponseHeaders();
>       //      Header header;
>  
> System.out.println("----------------------------------------------------
> -----------------------------------");
>       for( Header header : responseHeaders){
>    System.out.println("Headers is " + header.getName() + "and the value
> is :" + header.getValue());
>       }
> ________________________________________________________________________
> __________________________________________________________________
>  
> Response 1:
> ________________________________________________________________________
> ___________________________________________________________________
> May 17, 2007 2:40:17 AM
> org.apache.commons.httpclient.auth.AuthChallengeProcessor
> selectAuthScheme
> INFO: ntlm authentication scheme selected
> Status code :200
> ------------------------------------------------------------------------
> ---------------
> Headers is Content-Lengthand the value is :51
> Headers is Content-Typeand the value is :text/html
> Headers is Last-Modifiedand the value is :Sat, 14 Apr 2007 08:44:30 GMT
> Headers is Accept-Rangesand the value is :bytes
> Headers is ETagand the value is :"5cc42b1e717ec71:11d9"
> Headers is Serverand the value is :Microsoft-IIS/6.0
> Headers is Dateand the value is :Thu, 17 May 2007 09:30:53 GMT
> Status code :200
> ------------------------------------------------------------------------
> ---------------
> Headers is Content-Lengthand the value is :51
> Headers is Content-Typeand the value is :text/html
> Headers is Last-Modifiedand the value is :Sat, 14 Apr 2007 08:44:30 GMT
> Headers is Accept-Rangesand the value is :bytes
> Headers is ETagand the value is :"5cc42b1e717ec71:11d9"
> Headers is Serverand the value is :Microsoft-IIS/6.0
> Headers is Dateand the value is :Thu, 17 May 2007 09:30:53 GMT
> ________________________________________________________________________
> ____________________________________________________________
>  
>  
> Program2:
> ________________________________________________________________________
> ______________________________________________________________
>  
>     // Create an instance of HttpClient.
>     HttpClient client1 = new HttpClient();
>     HttpMethod _method1 = new GetMethod(url);
>     HttpState _httpState1 = new HttpState();
>     HostConfiguration hostConfig1 = new HostConfiguration();
>     UsernamePasswordCredentials credentials1;
>     credentials1 = new
> NTCredentials("administrator","password","host","domain");
>  
>     AuthScope authScope1 = new AuthScope("host",port,domain,"NTLM");
>  
>     _httpState1.setCredentials(authScope1,credentials1);
>     hostConfig1.setHost("host"port);
>  
>     try {
>       // Execute the method.
>       int statusCode =
> client1.executeMethod(hostConfig1,_method1,_httpState1);
>  
>       System.out.println("Status code :" + statusCode);
>       if (statusCode != HttpStatus.SC_OK) {
>         System.err.println("Method failed: " + _method1.getStatusLine()
> + "StatusCode:" + statusCode);
>       }
>  
>       // Read the response body.
>       byte[] responseBody = _method1.getResponseBody();
>  
>  
>       Header[] responseHeaders = _method1.getResponseHeaders();
>       //      Header header;
>  
> System.out.println("----------------------------------------------------
> -----------------------------------");
>       for( Header header : responseHeaders){
>    System.out.println("Headers is " + header.getName() + "and the value
> is :" + header.getValue());
>       }
>  
>  HttpClient client2 = new HttpClient();
>     HttpMethod _method2 = new GetMethod(url);
>     HttpState _httpState2 = new HttpState();
>     HostConfiguration hostConfig2 = new HostConfiguration();
>     UsernamePasswordCredentials credentials2;
>     credentials2 = new NTCredentials("administrator","wrong
> password","host","domain");
>  
>     AuthScope authScope2 = new AuthScope("host",port,"host","domain");
>  
>     _httpState2.setCredentials(authScope2,credentials2);
>     hostConfig2.setHost("host",port);
>     _httpState2.setCredentials(authScope2,credentials2);
>       statusCode =
> client2.executeMethod(hostConfig2,_method2,_httpState2);
>  
>       System.out.println("Status code :" + statusCode);
>       if (statusCode != HttpStatus.SC_OK) {
>         System.err.println("Method failed: " + _method2.getStatusLine()
> + "StatusCode:" + statusCode);
>       }
>  
>       // Read the response body.
>        responseBody = _method2.getResponseBody();
>       responseHeaders = _method2.getResponseHeaders();
>       //      Header header;
>  
> System.out.println("----------------------------------------------------
> -----------------------------------");
>       for( Header header : responseHeaders){
>    System.out.println("Headers is " + header.getName() + "and the value
> is :" + header.getValue());
>       }
> ________________________________________________________________________
> __________________________________________________________________
>  
> Response 2:
> ________________________________________________________________________
> ___________________________________________________________________
> May 17, 2007 3:43:07 AM
> org.apache.commons.httpclient.auth.AuthChallengeProcessor
> selectAuthScheme
> INFO: ntlm authentication scheme selected
> Status code :200
> ------------------------------------------------------------------------
> ---------------
> Headers is Content-Lengthand the value is :51
> Headers is Content-Typeand the value is :text/html
> Headers is Last-Modifiedand the value is :Sat, 14 Apr 2007 08:44:30 GMT
> Headers is Accept-Rangesand the value is :bytes
> Headers is ETagand the value is :"5cc42b1e717ec71:11e1"
> Headers is Serverand the value is :Microsoft-IIS/6.0
> Headers is Dateand the value is :Thu, 17 May 2007 10:33:42 GMT
> May 17, 2007 3:43:08 AM
> org.apache.commons.httpclient.auth.AuthChallengeProcessor
> selectAuthScheme
> INFO: ntlm authentication scheme selected
> May 17, 2007 3:43:08 AM org.apache.commons.httpclient.HttpMethodDirector
> processWWWAuthChallenge
> INFO: Failure authenticating with NTLM <any realm>@vm3-ntlm-01:8589
> Status code :401
> Method failed: HTTP/1.1 401 UnauthorizedStatusCode:401
> ------------------------------------------------------------------------
> ---------------
> Headers is Content-Lengthand the value is :1539
> Headers is Content-Typeand the value is :text/html
> Headers is Serverand the value is :Microsoft-IIS/6.0
> Headers is WWW-Authenticateand the value is :Negotiate
> Headers is WWW-Authenticateand the value is :NTLM
> Headers is Dateand the value is :Thu, 17 May 2007 10:33:42 GMT
> ________________________________________________________________________
> _______________________________________________________________
> 

-- 
[web]  http://www.odi.ch/
[blog] http://www.odi.ch/weblog/
[pgp]  key 0x81CF3416
        finger print F2B1 B21F F056 D53E 5D79 A5AF 02BE 70F5 81CF 3416

---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org


Mime
View raw message