hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mat Gessel (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPCLIENT-1457) HttpClientBuilder.useSystemProperties() is incompatible with NTLM scheme
Date Thu, 06 Feb 2014 23:55:19 GMT
Mat Gessel created HTTPCLIENT-1457:

             Summary: HttpClientBuilder.useSystemProperties() is incompatible with NTLM scheme
                 Key: HTTPCLIENT-1457
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1457
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpAuth, HttpClient
    Affects Versions: 4.3.2
         Environment: Client: JRE 5 - JRE 7
Proxy: Squid with Winbind & NTLM authentication
Auth server: Windows server 2003 / 2008
            Reporter: Mat Gessel

I ran into this with NTLM proxy authentication. 

HttpClientBuilder.useSystemProperties() results in SystemDefaultCredentialsProvider being
specified. SystemDefaultCredentialsProvider delegates authentication to java.net.Authenticator
and always returns credentials as UsernamePasswordCredentials. NTLMScheme expects credentials
to be an instance of NTCredentials.

Note: This works in "plain old Java". That is: URL connections work through an NTLM authenticating
proxy if the default java.net.Authenticator is set. 

NTLMScheme casts provided credentials to NTCredentials, generating an exception. The end result
(for proxy auth) is a HTTP 407 status and the following log message: 

WARN org.apache.http.impl.auth.HttpAuthenticator - NTLM authentication error: Credentials
cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials

Nitpick: NTLMScheme.authenticate() should guard the argument with an  "instanceof" instead
of catching a ClassCastException. 

The code boils down to this: 
java.net.Authenticator.setDefault(new Authenticator()
    protected PasswordAuthentication getPasswordAuthentication()
        if (getRequestorType() == RequestorType.PROXY)
            String prot = getRequestingProtocol().toLowerCase();
            String host = System.getProperty(prot + ".proxyHost", "");
            String port = System.getProperty(prot + ".proxyPort", "80");
            String user = System.getProperty(prot + ".proxyUser", "");
            String password = System.getProperty(prot + ".proxyPassword", "");

            if (getRequestingHost().equalsIgnoreCase(host))
                if (port != null && port.equals(Integer.toString(getRequestingPort())))
                    return new PasswordAuthentication(user, password.toCharArray());
        return null;

HttpClients.custom().useSystemProperties().build().execute(new HttpGet("http://example.com"));

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message