hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1272) HttpClient does not retry failed PROXY authentication when multiple challenges are present
Date Mon, 10 Dec 2012 21:35:22 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13528320#comment-13528320
] 

Oleg Kalnichevski commented on HTTPCLIENT-1272:
-----------------------------------------------

Hi Daz
I am not entirely sure HttpClient's behaviour is that wrong. Out of 3 challenges provided
by the server it picks up 'Negotiate' first. Failing to generate a response using 'Negotiate'
it moves onto the next preferred scheme NTLM. (So, evidently, HTTPCLIENT-1107 fix works as
intended). It succeeds in generating a response to the challenge using NTLM, which is then
rejected by the server due to invalid credentials. I am not quite sure HttpClient should re-attempt
authentication using a weaker scheme at this point.
---
08:32:14.340 [DEBUG] [org.apache.http.client.protocol.RequestProxyAuthentication] Generating
response to an authentication challenge using Negotiate scheme
08:32:14.340 [DEBUG] [org.apache.http.impl.auth.SPNegoScheme] init MYPROXY:8080
08:32:14.372 [WARN] [org.apache.http.client.protocol.RequestProxyAuthentication] NEGOTIATE
authentication error: Invalid name provided (Mechanism level: Could not load configuration
file C:\WINDOWS\krb5.ini (The system cannot find the file specified))
08:32:14.372 [DEBUG] [org.apache.http.client.protocol.RequestProxyAuthentication] Generating
response to an authentication challenge using ntlm scheme
---

Oleg
                
> HttpClient does not retry failed PROXY authentication when multiple challenges are present
> ------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1272
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1272
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.2
>            Reporter: Daz DeBoer
>
> Similar to HTTPCLIENT-1107, but for Proxy authentication. It appears that subsequent
authentication schemes are not attempted if an earlier scheme fails.
> In our case, a proxy supports Negotiate, NTLM and BASIC authentication. When NTML authentication
fails due to the wrong credentials being supplied, BASIC authentication is never attempted
against the proxy.
> I am a Gradle core developer, and we use HttpClient internally for dependency resolution.
This issue was reported by one of our users.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message