hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1272) HttpClient does not retry failed PROXY authentication when multiple challenges are present
Date Mon, 10 Dec 2012 21:35:22 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13528320#comment-13528320

Oleg Kalnichevski commented on HTTPCLIENT-1272:

Hi Daz
I am not entirely sure HttpClient's behaviour is that wrong. Out of 3 challenges provided
by the server it picks up 'Negotiate' first. Failing to generate a response using 'Negotiate'
it moves onto the next preferred scheme NTLM. (So, evidently, HTTPCLIENT-1107 fix works as
intended). It succeeds in generating a response to the challenge using NTLM, which is then
rejected by the server due to invalid credentials. I am not quite sure HttpClient should re-attempt
authentication using a weaker scheme at this point.
08:32:14.340 [DEBUG] [org.apache.http.client.protocol.RequestProxyAuthentication] Generating
response to an authentication challenge using Negotiate scheme
08:32:14.340 [DEBUG] [org.apache.http.impl.auth.SPNegoScheme] init MYPROXY:8080
08:32:14.372 [WARN] [org.apache.http.client.protocol.RequestProxyAuthentication] NEGOTIATE
authentication error: Invalid name provided (Mechanism level: Could not load configuration
file C:\WINDOWS\krb5.ini (The system cannot find the file specified))
08:32:14.372 [DEBUG] [org.apache.http.client.protocol.RequestProxyAuthentication] Generating
response to an authentication challenge using ntlm scheme

> HttpClient does not retry failed PROXY authentication when multiple challenges are present
> ------------------------------------------------------------------------------------------
>                 Key: HTTPCLIENT-1272
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1272
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.2
>            Reporter: Daz DeBoer
> Similar to HTTPCLIENT-1107, but for Proxy authentication. It appears that subsequent
authentication schemes are not attempted if an earlier scheme fails.
> In our case, a proxy supports Negotiate, NTLM and BASIC authentication. When NTML authentication
fails due to the wrong credentials being supplied, BASIC authentication is never attempted
against the proxy.
> I am a Gradle core developer, and we use HttpClient internally for dependency resolution.
This issue was reported by one of our users.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message