hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HTTPCLIENT-1224) (regression) NTLM auth not retried after a redirect over a non-persistent connection
Date Fri, 31 Aug 2012 18:15:08 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13446191#comment-13446191
] 

Oleg Kalnichevski edited comment on HTTPCLIENT-1224 at 9/1/12 5:13 AM:
-----------------------------------------------------------------------

Dave,

I am fairly confident the problem should have been fixed. I suspect you are not using the
latest code. I added a number of additional log statements [1] that I cannot see in the log
even though they should be there. Could you please let me know what revision are you using
and check the classdpath of your application for older versions of HttpClient.

Oleg

[1] http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/client/HttpAuthenticator.java?r1=1376672&r2=1376671&pathrev=1376672
                
      was (Author: olegk):
    Dave,

I fairly confident the problem should have been fixed. I suspect you are not using the latest
code. I added a number of additional log statements [1] that I cannot see in the log even
though they should be there. Could you please let me know what revision are you using and
check the classdpath of your application for older versions of HttpClient.

Oleg

[1] http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/client/HttpAuthenticator.java?r1=1376672&r2=1376671&pathrev=1376672
                  
> (regression) NTLM auth not retried after a redirect over a non-persistent connection
> ------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1224
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1224
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.1
>         Environment: Fedora 15
>            Reporter: Dave Godbey
>              Labels: NTLM, authentication, redirect
>             Fix For: 4.2.2
>
>
> When you communicate with a Microsoft Exchange server (eg. EWS), you point to /ews/Exchange.asmx.
Exchange replies with a redirect order to ews/Services.wsdl. Client is failing to complete
this with following wire log:
> executing request: GET /ews/Exchange.asmx HTTP/1.1
> to target: https://mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:41:570 CDT [DEBUG] BasicClientConnectionManager - Get connection for
route {s}->https://mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:41:785 CDT [DEBUG] DefaultClientConnectionOperator - Connecting to mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:324 CDT [DEBUG] RequestAddCookies - CookieSpec selected: best-match
> 2012/08/22 15:05:42:337 CDT [DEBUG] RequestAuthCache - Auth cache not set in the context
> 2012/08/22 15:05:42:337 CDT [DEBUG] RequestTargetAuthentication - Target auth state:
UNCHALLENGED
> 2012/08/22 15:05:42:338 CDT [DEBUG] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
> 2012/08/22 15:05:42:338 CDT [DEBUG] DefaultHttpClient - Attempt 1 to execute request
> 2012/08/22 15:05:42:338 CDT [DEBUG] DefaultClientConnection - Sending request: GET /ews/Exchange.asmx
HTTP/1.1
> 2012/08/22 15:05:42:339 CDT [DEBUG] headers - >> GET /ews/Exchange.asmx HTTP/1.1
> 2012/08/22 15:05:42:339 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:340 CDT [DEBUG] headers - >> Connection: Keep-Alive
> 2012/08/22 15:05:42:340 CDT [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.2.1
(java 1.5)
> 2012/08/22 15:05:42:395 CDT [DEBUG] DefaultClientConnection - Receiving response: HTTP/1.1
401 Unauthorized
> 2012/08/22 15:05:42:395 CDT [DEBUG] headers - << HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Content-Length: 1656
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Content-Type: text/html
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << WWW-Authenticate: Negotiate
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << WWW-Authenticate: NTLM
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 20:05:41
GMT
> 2012/08/22 15:05:42:400 CDT [DEBUG] DefaultHttpClient - Connection can be kept alive
indefinitely
> 2012/08/22 15:05:42:401 CDT [DEBUG] DefaultHttpClient - mail02.ndc.nasa.gov:443 requested
authentication
> 2012/08/22 15:05:42:401 CDT [DEBUG] TargetAuthenticationStrategy - Authentication schemes
in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
> 2012/08/22 15:05:42:409 CDT [DEBUG] SPNegoScheme - Received challenge '' from the auth
server
> 2012/08/22 15:05:42:410 CDT [DEBUG] TargetAuthenticationStrategy - Challenge for Kerberos
authentication scheme not available
> 2012/08/22 15:05:42:410 CDT [DEBUG] TargetAuthenticationStrategy - Challenge for Digest
authentication scheme not available
> 2012/08/22 15:05:42:410 CDT [DEBUG] TargetAuthenticationStrategy - Challenge for Basic
authentication scheme not available
> 2012/08/22 15:05:42:410 CDT [DEBUG] DefaultHttpClient - Selected authentication options:
[NEGOTIATE, NTLM]
> 2012/08/22 15:05:42:411 CDT [DEBUG] RequestAddCookies - CookieSpec selected: best-match
> 2012/08/22 15:05:42:411 CDT [DEBUG] RequestAuthCache - Auth cache not set in the context
> 2012/08/22 15:05:42:411 CDT [DEBUG] RequestTargetAuthentication - Target auth state:
CHALLENGED
> 2012/08/22 15:05:42:411 CDT [DEBUG] RequestTargetAuthentication - Generating response
to an authentication challenge using Negotiate scheme
> 2012/08/22 15:05:42:412 CDT [DEBUG] SPNegoScheme - init mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:428 CDT [WARN] RequestTargetAuthentication - NEGOTIATE authentication
error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism
level: Failed to find any Kerberos tgt))
> 2012/08/22 15:05:42:428 CDT [DEBUG] RequestTargetAuthentication - Generating response
to an authentication challenge using ntlm scheme
> 2012/08/22 15:05:42:430 CDT [DEBUG] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
> 2012/08/22 15:05:42:431 CDT [DEBUG] DefaultHttpClient - Attempt 2 to execute request
> 2012/08/22 15:05:42:431 CDT [DEBUG] DefaultClientConnection - Sending request: GET /ews/Exchange.asmx
HTTP/1.1
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> GET /ews/Exchange.asmx HTTP/1.1
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> Connection: Keep-Alive
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.2.1
(java 1.5)
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> Authorization: NTLM TlRMTVNTUAABAAAANQIIIAYABgAkAAAABAAEACAAAAA2ADgATgBEAEMA
> 2012/08/22 15:05:42:479 CDT [DEBUG] DefaultClientConnection - Receiving response: HTTP/1.1
401 Unauthorized
> 2012/08/22 15:05:42:479 CDT [DEBUG] headers - << HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:42:479 CDT [DEBUG] headers - << Content-Length: 1539
> 2012/08/22 15:05:42:479 CDT [DEBUG] headers - << Content-Type: text/html
> 2012/08/22 15:05:42:480 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
> 2012/08/22 15:05:42:480 CDT [DEBUG] headers - << WWW-Authenticate: NTLM TlRMTVNTUAACAAAABgAGADgAAAA1AokiF/jsXoLF09YAAAAAAAAAAIwAjAA+AAAABQLODgAAAA9OAEQAQwACAAYATgBEAEMAAQASAE4ARABNAFMAQwBBAFMAMAA3AAQAGABuAGQAYwAuAG4AYQBzAGEALgBnAG8AdgADACwAbgBkAG0AcwBjAGEAcwAwADcALgBuAGQAYwAuAG4AYQBzAGEALgBnAG8AdgAFABgAbgBkAGMALgBuAGEAcwBhAC4AZwBvAHYAAAAAAA==
> 2012/08/22 15:05:42:480 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
> 2012/08/22 15:05:42:480 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 20:05:42
GMT
> 2012/08/22 15:05:42:480 CDT [DEBUG] DefaultHttpClient - Connection can be kept alive
indefinitely
> 2012/08/22 15:05:42:481 CDT [DEBUG] DefaultHttpClient - mail02.ndc.nasa.gov:443 requested
authentication
> 2012/08/22 15:05:42:481 CDT [DEBUG] DefaultHttpClient - Authorization challenge processed
> 2012/08/22 15:05:42:481 CDT [DEBUG] RequestAddCookies - CookieSpec selected: best-match
> 2012/08/22 15:05:42:482 CDT [DEBUG] RequestAuthCache - Auth cache not set in the context
> 2012/08/22 15:05:42:482 CDT [DEBUG] RequestTargetAuthentication - Target auth state:
HANDSHAKE
> 2012/08/22 15:05:42:491 CDT [DEBUG] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
> 2012/08/22 15:05:42:491 CDT [DEBUG] DefaultHttpClient - Attempt 3 to execute request
> 2012/08/22 15:05:42:491 CDT [DEBUG] DefaultClientConnection - Sending request: GET /ews/Exchange.asmx
HTTP/1.1
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> GET /ews/Exchange.asmx HTTP/1.1
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> Connection: Keep-Alive
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.2.1
(java 1.5)
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAC4ALgAWAAAAAYABgAQAQAADgAOABYBAAAEAAQAJAEAAAAAAAAoAQAANQIIIBHmQ40nLaSFn1s5yZuMSjVu5GMt03gALm3CwkwfZcuQnNpCRGUtYgwBAQAAAAAAAKDzIIKhgM0BbuRjLdN4AC4AAAAAAgAGAE4ARABDAAEAEgBOAEQATQBTAEMAQQBTADAANwAEABgAbgBkAGMALgBuAGEAcwBhAC4AZwBvAHYAAwAsAG4AZABtAHMAYwBhAHMAMAA3AC4AbgBkAGMALgBuAGEAcwBhAC4AZwBvAHYABQAYAG4AZABjAC4AbgBhAHMAYQAuAGcAbwB2AAAAAABOAEQAQwBkAGcAbwBkAGIAZQB5ADYAOAA=
> 2012/08/22 15:05:42:548 CDT [DEBUG] DefaultClientConnection - Receiving response: HTTP/1.1
302 Found
> 2012/08/22 15:05:42:548 CDT [DEBUG] headers - << HTTP/1.1 302 Found
> 2012/08/22 15:05:42:548 CDT [DEBUG] headers - << Connection: close
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 20:05:42
GMT
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << X-AspNet-Version: 2.0.50727
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Location: /ews/Services.wsdl
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Cache-Control: private
> 2012/08/22 15:05:42:550 CDT [DEBUG] headers - << Content-Type: text/html
> 2012/08/22 15:05:42:551 CDT [DEBUG] DefaultRedirectStrategy - Redirect requested to location
'/ews/Services.wsdl'
> 2012/08/22 15:05:42:558 CDT [DEBUG] DefaultHttpClient - Redirecting to 'https://mail02.ndc.nasa.gov:443/ews/Services.wsdl'
via {s}->https://mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:559 CDT [DEBUG] DefaultClientConnection - Connection 0.0.0.0:56462<->198.117.0.46:443
closed
> 2012/08/22 15:05:42:560 CDT [DEBUG] DefaultClientConnectionOperator - Connecting to mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:703 CDT [DEBUG] RequestAddCookies - CookieSpec selected: best-match
> 2012/08/22 15:05:42:704 CDT [DEBUG] RequestAuthCache - Auth cache not set in the context
> 2012/08/22 15:05:42:704 CDT [DEBUG] RequestTargetAuthentication - Target auth state:
HANDSHAKE
> 2012/08/22 15:05:42:704 CDT [ERROR] RequestTargetAuthentication - NTLM authentication
error: Unexpected state: MSG_TYPE3_GENERATED
> 2012/08/22 15:05:42:704 CDT [DEBUG] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
> 2012/08/22 15:05:42:705 CDT [DEBUG] DefaultHttpClient - Attempt 4 to execute request
> 2012/08/22 15:05:42:705 CDT [DEBUG] DefaultClientConnection - Sending request: GET /ews/Services.wsdl
HTTP/1.1
> 2012/08/22 15:05:42:705 CDT [DEBUG] headers - >> GET /ews/Services.wsdl HTTP/1.1
> 2012/08/22 15:05:42:705 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:705 CDT [DEBUG] headers - >> Connection: Keep-Alive
> 2012/08/22 15:05:42:706 CDT [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.2.1
(java 1.5)
> 2012/08/22 15:05:43:091 CDT [DEBUG] DefaultClientConnection - Receiving response: HTTP/1.1
401 Unauthorized
> 2012/08/22 15:05:43:092 CDT [DEBUG] headers - << HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:43:092 CDT [DEBUG] headers - << Content-Length: 1656
> 2012/08/22 15:05:43:092 CDT [DEBUG] headers - << Content-Type: text/html
> 2012/08/22 15:05:43:092 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
> 2012/08/22 15:05:43:093 CDT [DEBUG] headers - << WWW-Authenticate: Negotiate
> 2012/08/22 15:05:43:093 CDT [DEBUG] headers - << WWW-Authenticate: NTLM
> 2012/08/22 15:05:43:093 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
> 2012/08/22 15:05:43:093 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 20:05:42
GMT
> 2012/08/22 15:05:43:093 CDT [DEBUG] DefaultHttpClient - Connection can be kept alive
indefinitely
> 2012/08/22 15:05:43:094 CDT [DEBUG] DefaultHttpClient - mail02.ndc.nasa.gov:443 requested
authentication
> 2012/08/22 15:05:43:094 CDT [DEBUG] DefaultHttpClient - Authorization challenge processed
> 2012/08/22 15:05:43:094 CDT [DEBUG] DefaultHttpClient - Authentication failed
> Source breakpoint: NtlmTest1.java:229
> ----------------------------------------
> HTTP/1.1 401 Unauthorized
> Response content length: 1656
> 2012/08/22 15:05:48:626 CDT [DEBUG] BasicClientConnectionManager - Releasing connection
org.apache.http.impl.conn.ManagedClientConnectionImpl@18b1f8f
> 2012/08/22 15:05:48:626 CDT [DEBUG] BasicClientConnectionManager - Connection can be
kept alive indefinitely
> 2012/08/22 15:05:48:626 CDT [DEBUG] DefaultClientConnection - Connection 0.0.0.0:56463<->198.117.0.46:443
closed

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message