hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] Closed: (HTTPCLIENT-856) Proxy NTLM Authentication Redirecting to different address fails saying Proxy Auth Required.
Date Tue, 30 Jun 2009 08:48:48 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oleg Kalnichevski closed HTTPCLIENT-856.
----------------------------------------


Raj,

You are welcome to back-port the fix to the 3.x branch and I will happily commit it to the
official SVN repository. However, it is very unlikely there will ever be an official release
off the 3.x branch. HttpClient 3.x is pretty much end of life.

Oleg

> Proxy NTLM Authentication  Redirecting to different address fails saying Proxy Auth Required.
> ---------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-856
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-856
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 3.1 Final, 4.0 Beta 2
>         Environment: HttpClient , Proxy Authentication (Microsoft ISA server) 
>            Reporter: Raj
>             Fix For: 4.0 Final
>
>         Attachments: HTTPCLIENT-856.patch
>
>
> The issue has been discussed in,
> http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tt23867531.html
> This was found in http client 3.1 release,  where NTLM proxy authentication is must and
the server ask the redirect to a new url, in this case, when redirecting, the earlier proxy
auth status is not cleared, so, it does not do proxy authentication for the new URL and hence
fails.
> Target Host Authenticaiton NTLM authentication - redirect also had problem and fixed
as said,
> http://issues.apache.org/jira/browse/HTTPCLIENT-211
> Proxy Authentication - redirect has to be fixed, 
> The wire logs for the release https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/
> is given below,
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server
requires authorization to fulfill the request. Access to the Web Proxy filter is denied. 
)[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Negotiate[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Kerberos[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Basic realm="lab1."[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 4107  [EOL]"
> [DEBUG] wire - << "[EOL]"
> [DEBUG] wire - << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">[\r][\n]"
> [DEBUG] wire - << "<HTML><HEAD><TITLE>Error Message</TITLE>[\r][\n]"
> [DEBUG] wire - << "<META http-equiv=Content-Type content="text/html; charset=UTF-8">[\r][\n]"
> [DEBUG] wire - << "<STYLE id=L_default_1>A {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #005a80; FONT-FAMILY:
tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "A:hover {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #0d3372; FONT-FAMILY:
tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-SIZE: 8pt; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD.titleBorder {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 1px solid; BORDER-TOP: #955319 1px
solid; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 12pt; VERTICAL-ALIGN: middle; BORDER-LEFT:
#955319 0px solid; COLOR: #955319; BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: tahoma;
HEIGHT: 35px; BACKGROUND-COLOR: #d2b87a; TEXT-ALIGN: left[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD.titleBorder_x {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 0px solid; BORDER-TOP: #955319 1px
solid; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 12pt; VERTICAL-ALIGN: middle; BORDER-LEFT:
#955319 1px solid; COLOR: #978c79; BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: tahoma;
HEIGHT: 35px; BACKGROUND-COLOR: #d2b87a; TEXT-ALIGN: left[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".TitleDescription {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY:
tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "SPAN.explain {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: normal; FONT-SIZE: 10pt; COLOR: #934225[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "SPAN.TryThings {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: normal; FONT-SIZE: 10pt; COLOR: #934225[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".TryList {[\r][\n]"
> [DEBUG] wire - << "[0x9]MARGIN-TOP: 5px; FONT-WEIGHT: normal; FONT-SIZE: 8pt; COLOR:
black; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".X {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 1px solid; BORDER-TOP: #955319 1px
solid; FONT-WEIGHT: normal; FONT-SIZE: 12pt; BORDER-LEFT: #955319 1px solid; COLOR: #7b3807;
BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: verdana; BACKGROUND-COLOR: #d1c2b4[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".adminList {[\r][\n]"
> [DEBUG] wire - << "[0x9]MARGIN-TOP: 2px[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "</STYLE>[\r][\n]"
> [DEBUG] wire - << "<META content="MSHTML 6.00.2800.1170" name=GENERATOR></HEAD>[\r][\n]"
> [DEBUG] wire - << "<BODY bgColor=#f3f3ed>[\r][\n]"
> [DEBUG] wire - << "<TABLE cellSpacing=0 cellPadding=0 width="100%">[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD class=titleborder_x width=30>[\r][\n]"
> [DEBUG] wire - << "      <TABLE height=25 cellSpacing=2 cellPadding=0 width=25
bgColor=black>[\r][\n]"
> [DEBUG] wire - << "        <TBODY>[\r][\n]"
> [DEBUG] wire - << "        <TR>[\r][\n]"
> [DEBUG] wire - << "          <TD class=x vAlign=center alig"
> [DEBUG] wire - << "n=middle>X</TD>[\r][\n]"
> [DEBUG] wire - << "        </TR>[\r][\n]"
> [DEBUG] wire - << "        </TBODY>[\r][\n]"
> [DEBUG] wire - << "      </TABLE>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "    <TD class=titleBorder id=L_default_2>Network Access
Message:<SPAN class=TitleDescription> The page cannot be displayed</SPAN> </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE id=spacer>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD height=10></TD></TR></TBODY></TABLE>[\r][\n]"
> [DEBUG] wire - << "<TABLE width=400>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD noWrap width=25></TD>[\r][\n]"
> [DEBUG] wire - << "    <TD width=400><SPAN class=explain><ID id=L_default_3><B>Explanation:</B></ID></SPAN><ID
id=L_default_4> There is a problem with the page you are trying to reach and it cannot
be displayed. </ID><BR><BR>[\r][\n]"
> [DEBUG] wire - << "    <B><SPAN class=tryThings><ID id=L_default_5><B>Try
the following:</B></ID></SPAN></B> [\r][\n]"
> [DEBUG] wire - << "      <UL class=TryList>[\r][\n]"
> [DEBUG] wire - << "        <LI id=L_default_6><B>Refresh page:</B>
Search for the page again by clicking the Refresh button. The timeout may have occurred due
to Internet congestion.[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_7><B>Check spelling:</B>
Check that you typed the Web page address correctly. The address may have been mistyped.[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_8><B>Access from a link:</B>
If there is a link to the page you are looking for, try accessing the page from that link.[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "      </UL>[\r][\n]"
> [DEBUG] wire - << "<ID id=L_default_9>If you are still not able to view the
requested page, try contacting your administrator or Helpdesk.</ID> <BR><BR>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE id=spacer><TBODY><TR><TD height=15></TD></TR></TBODY></TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE width=400>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD noWrap width=25></TD>[\r][\n]"
> [DEBUG] wire - << "    <TD width=400 id=L_default_10><B>Technical Information
(for support personnel)</B> [\r][\n]"
> [DEBUG] wire - << "      <UL class=adminList>[\r][\n]"
> [DEBUG] wire - << "        <LI id=L_default_11>Error Code: 407 Proxy Authentication
Required. The ISA Server requires authorization to fulfill the request. Access to the Web
Proxy filter is denied. (12209)[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_12>IP Address: x.x.x.x[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_13>Date: 6/29/2009 11:15:15 AM [GMT][\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_14>Server: lab1[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_15>Source: proxy[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "      </UL>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "</BODY>[\r][\n]"
> [DEBUG] wire - << "</HTML>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "Proxy-Authorization: NTLM TlRMTVNTUAABAAAAATIAAAgACAAgAAAADgAOACgAAABNWURPTUFJTkpDSUZTMjMwXzg2Xzkx[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( Access is denied.
 )[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAADgAAAABAgACqbXrIWnZ3i4AAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 0     [EOL]"
> [DEBUG] wire - << "[EOL]"
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAwADAAWAAAABAAEACIAAAAGgAaAJgAAAAcABwAsgAAAAAAAAAAAAAAAQIAAAXLpW40q7jqh7E6FgFnJqy9529ANaSLqfTiwjyF2BrUP9F8ObYOyYsBAQAAAAAAACDgxRg9+skBRt4mUOFFCs0AAAAAAAAAAE0AWQBEAE8ATQBBAEkATgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEoAQwBJAEYAUwAyADMAMABfADgANgBfADkAMQA=[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 301 Unknown reason[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Content-length: 0[EOL]"
> [DEBUG] wire - << "Date: Mon, 29 Jun 2009 11:16:50 GMT[EOL]"
> [DEBUG] wire - << "Location: http://www.verisign.com/[EOL]"
> [DEBUG] wire - << "Content-type: text/html[EOL]"
> [DEBUG] wire - << "Server: Netscape-Enterprise/4.1[EOL]"
> [DEBUG] wire - << "[EOL]"
> [ERROR] RequestProxyAuthentication - Proxy authentication error: Unexpected state: MSG_TYPE3_GENERATED
> [DEBUG] wire - >> "GET http://www.verisign.com/ HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: www.verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server
requires authorization to fulfill the request. Access to the Web Proxy filter is denied. 
)[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Negotiate[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Kerberos[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Basic realm="lab1."[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 4107  [EOL]"
> [DEBUG] wire - << "[EOL]"
> ----------------------------------------
> HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to
fulfill the request. Access to the Web Proxy filter is denied.  )
> Thanks,
> Raj

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message