Return-Path: 
 <dev-return-20633-apmail-hc-dev-archive=hc.apache.org@hc.apache.org>
Delivered-To: apmail-hc-dev-archive@www.apache.org
Received: (qmail 73286 invoked from network); 29 Jun 2009 14:10:10 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 29 Jun 2009 14:10:10 -0000
Received: (qmail 92046 invoked by uid 500); 29 Jun 2009 14:10:21 -0000
Delivered-To: apmail-hc-dev-archive@hc.apache.org
Received: (qmail 92006 invoked by uid 500); 29 Jun 2009 14:10:21 -0000
Mailing-List: contact dev-help@hc.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@hc.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@hc.apache.org>
List-Post: <mailto:dev@hc.apache.org>
List-Id: <dev.hc.apache.org>
Reply-To: "HttpComponents Project" <dev@hc.apache.org>
Delivered-To: mailing list dev@hc.apache.org
Received: (qmail 91996 invoked by uid 99); 29 Jun 2009 14:10:20 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Jun 2009 14:10:20 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Jun 2009 14:10:09 +0000
Received: from brutus (localhost [127.0.0.1])
	by brutus.apache.org (Postfix) with ESMTP id 88D5B234C004
	for <dev@hc.apache.org>; Mon, 29 Jun 2009 07:09:47 -0700 (PDT)
Message-ID: <281271265.1246284587545.JavaMail.jira@brutus>
Date: Mon, 29 Jun 2009 07:09:47 -0700 (PDT)
From: "Raj (JIRA)" <jira@apache.org>
To: dev@hc.apache.org
Subject: [jira] Commented: (HTTPCLIENT-856) Proxy NTLM Authentication
  Redirecting to different address fails saying Proxy Auth Required.
In-Reply-To: <1697506908.1246276787386.JavaMail.jira@brutus>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
X-Virus-Checked: Checked by ClamAV on apache.org


    [ https://issues.apache.org/jira/browse/HTTPCLIENT-856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12725187#action_12725187 ] 

Raj commented on HTTPCLIENT-856:
--------------------------------

HI Oleg,
     it does not work 
            if (!route.getTargetHost().equals(newTarget)) {
                           targetAuthState.invalidate();
                           if (route.isTunnelled()) { 
                               AuthScheme authScheme = proxyAuthState.getAuthScheme();
                               if (authScheme != null && authScheme.isConnectionBased()) {
                                   proxyAuthState.invalidate();
                               }
                           }
            }

However,  I tried to debug, it seems that route.isTunnelled() returnes false, so, it does not invalidate the 
proxy auth state. When I removed that check, it worked as it is able to invalidate.

isTunnelled flag needs to be verified.

Thanks and Regards,
Raj

> Proxy NTLM Authentication  Redirecting to different address fails saying Proxy Auth Required.
> ---------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-856
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-856
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 3.1 Final, 4.0 Beta 2
>         Environment: HttpClient , Proxy Authentication (Microsoft ISA server) 
>            Reporter: Raj
>         Attachments: HTTPCLIENT-856.patch
>
>
> The issue has been discussed in,
> http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tt23867531.html
> This was found in http client 3.1 release,  where NTLM proxy authentication is must and the server ask the redirect to a new url, in this case, when redirecting, the earlier proxy auth status is not cleared, so, it does not do proxy authentication for the new URL and hence fails.
> Target Host Authenticaiton NTLM authentication - redirect also had problem and fixed as said,
> http://issues.apache.org/jira/browse/HTTPCLIENT-211
> Proxy Authentication - redirect has to be fixed, 
> The wire logs for the release https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/
> is given below,
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Negotiate[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Kerberos[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Basic realm="lab1."[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 4107  [EOL]"
> [DEBUG] wire - << "[EOL]"
> [DEBUG] wire - << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">[\r][\n]"
> [DEBUG] wire - << "<HTML><HEAD><TITLE>Error Message</TITLE>[\r][\n]"
> [DEBUG] wire - << "<META http-equiv=Content-Type content="text/html; charset=UTF-8">[\r][\n]"
> [DEBUG] wire - << "<STYLE id=L_default_1>A {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #005a80; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "A:hover {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #0d3372; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-SIZE: 8pt; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD.titleBorder {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 1px solid; BORDER-TOP: #955319 1px solid; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 12pt; VERTICAL-ALIGN: middle; BORDER-LEFT: #955319 0px solid; COLOR: #955319; BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: tahoma; HEIGHT: 35px; BACKGROUND-COLOR: #d2b87a; TEXT-ALIGN: left[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD.titleBorder_x {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 0px solid; BORDER-TOP: #955319 1px solid; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 12pt; VERTICAL-ALIGN: middle; BORDER-LEFT: #955319 1px solid; COLOR: #978c79; BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: tahoma; HEIGHT: 35px; BACKGROUND-COLOR: #d2b87a; TEXT-ALIGN: left[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".TitleDescription {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "SPAN.explain {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: normal; FONT-SIZE: 10pt; COLOR: #934225[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "SPAN.TryThings {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: normal; FONT-SIZE: 10pt; COLOR: #934225[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".TryList {[\r][\n]"
> [DEBUG] wire - << "[0x9]MARGIN-TOP: 5px; FONT-WEIGHT: normal; FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".X {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 1px solid; BORDER-TOP: #955319 1px solid; FONT-WEIGHT: normal; FONT-SIZE: 12pt; BORDER-LEFT: #955319 1px solid; COLOR: #7b3807; BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: verdana; BACKGROUND-COLOR: #d1c2b4[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".adminList {[\r][\n]"
> [DEBUG] wire - << "[0x9]MARGIN-TOP: 2px[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "</STYLE>[\r][\n]"
> [DEBUG] wire - << "<META content="MSHTML 6.00.2800.1170" name=GENERATOR></HEAD>[\r][\n]"
> [DEBUG] wire - << "<BODY bgColor=#f3f3ed>[\r][\n]"
> [DEBUG] wire - << "<TABLE cellSpacing=0 cellPadding=0 width="100%">[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD class=titleborder_x width=30>[\r][\n]"
> [DEBUG] wire - << "      <TABLE height=25 cellSpacing=2 cellPadding=0 width=25 bgColor=black>[\r][\n]"
> [DEBUG] wire - << "        <TBODY>[\r][\n]"
> [DEBUG] wire - << "        <TR>[\r][\n]"
> [DEBUG] wire - << "          <TD class=x vAlign=center alig"
> [DEBUG] wire - << "n=middle>X</TD>[\r][\n]"
> [DEBUG] wire - << "        </TR>[\r][\n]"
> [DEBUG] wire - << "        </TBODY>[\r][\n]"
> [DEBUG] wire - << "      </TABLE>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "    <TD class=titleBorder id=L_default_2>Network Access Message:<SPAN class=TitleDescription> The page cannot be displayed</SPAN> </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE id=spacer>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD height=10></TD></TR></TBODY></TABLE>[\r][\n]"
> [DEBUG] wire - << "<TABLE width=400>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD noWrap width=25></TD>[\r][\n]"
> [DEBUG] wire - << "    <TD width=400><SPAN class=explain><ID id=L_default_3><B>Explanation:</B></ID></SPAN><ID id=L_default_4> There is a problem with the page you are trying to reach and it cannot be displayed. </ID><BR><BR>[\r][\n]"
> [DEBUG] wire - << "    <B><SPAN class=tryThings><ID id=L_default_5><B>Try the following:</B></ID></SPAN></B> [\r][\n]"
> [DEBUG] wire - << "      <UL class=TryList>[\r][\n]"
> [DEBUG] wire - << "        <LI id=L_default_6><B>Refresh page:</B> Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_7><B>Check spelling:</B> Check that you typed the Web page address correctly. The address may have been mistyped.[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_8><B>Access from a link:</B> If there is a link to the page you are looking for, try accessing the page from that link.[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "      </UL>[\r][\n]"
> [DEBUG] wire - << "<ID id=L_default_9>If you are still not able to view the requested page, try contacting your administrator or Helpdesk.</ID> <BR><BR>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE id=spacer><TBODY><TR><TD height=15></TD></TR></TBODY></TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE width=400>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD noWrap width=25></TD>[\r][\n]"
> [DEBUG] wire - << "    <TD width=400 id=L_default_10><B>Technical Information (for support personnel)</B> [\r][\n]"
> [DEBUG] wire - << "      <UL class=adminList>[\r][\n]"
> [DEBUG] wire - << "        <LI id=L_default_11>Error Code: 407 Proxy Authentication Required. The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. (12209)[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_12>IP Address: x.x.x.x[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_13>Date: 6/29/2009 11:15:15 AM [GMT][\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_14>Server: lab1[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_15>Source: proxy[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "      </UL>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "</BODY>[\r][\n]"
> [DEBUG] wire - << "</HTML>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "Proxy-Authorization: NTLM TlRMTVNTUAABAAAAATIAAAgACAAgAAAADgAOACgAAABNWURPTUFJTkpDSUZTMjMwXzg2Xzkx[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAADgAAAABAgACqbXrIWnZ3i4AAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 0     [EOL]"
> [DEBUG] wire - << "[EOL]"
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAwADAAWAAAABAAEACIAAAAGgAaAJgAAAAcABwAsgAAAAAAAAAAAAAAAQIAAAXLpW40q7jqh7E6FgFnJqy9529ANaSLqfTiwjyF2BrUP9F8ObYOyYsBAQAAAAAAACDgxRg9+skBRt4mUOFFCs0AAAAAAAAAAE0AWQBEAE8ATQBBAEkATgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEoAQwBJAEYAUwAyADMAMABfADgANgBfADkAMQA=[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 301 Unknown reason[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Content-length: 0[EOL]"
> [DEBUG] wire - << "Date: Mon, 29 Jun 2009 11:16:50 GMT[EOL]"
> [DEBUG] wire - << "Location: http://www.verisign.com/[EOL]"
> [DEBUG] wire - << "Content-type: text/html[EOL]"
> [DEBUG] wire - << "Server: Netscape-Enterprise/4.1[EOL]"
> [DEBUG] wire - << "[EOL]"
> [ERROR] RequestProxyAuthentication - Proxy authentication error: Unexpected state: MSG_TYPE3_GENERATED
> [DEBUG] wire - >> "GET http://www.verisign.com/ HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: www.verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Negotiate[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Kerberos[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Basic realm="lab1."[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 4107  [EOL]"
> [DEBUG] wire - << "[EOL]"
> ----------------------------------------
> HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
> Thanks,
> Raj

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org