hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Sewe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1488) Built-in NTLM engine fails to authenticate against Squids ntlm_fake_auth, JCIFS doesn't
Date Fri, 21 Mar 2014 11:34:42 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13942987#comment-13942987
] 

Andreas Sewe commented on HTTPCLIENT-1488:
------------------------------------------

Hi Karl.

The odd thing is that {{ClientProxyAuthentication}} succeeds; no exception is thrown. Here's
the output from {{System.out}}:

{noformat}
executing request: GET / HTTP/1.1
via proxy: http://127.0.0.1:3128
to target: http://www.example.org:80
----------------------------------------
HTTP/1.1 407 Proxy Authentication Required
Response content length: 3215
{noformat}

Apparently, it considers the final 407 the response send from the target. (If you look at
the attached {{builtin.pcap.gz}}, you'll also see that the third GET doesn't include a {{Proxy-Authorization}}
header; apparently, HttpClient in convinced that no authentication is necessary.

> Built-in NTLM engine fails to authenticate against Squids ntlm_fake_auth, JCIFS doesn't
> ---------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1488
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1488
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.3.3
>         Environment: Squid 4.3.3
> JCIFS 1.3.17
>            Reporter: Andreas Sewe
>         Attachments: builtin.pcap.gz, jcfis.pcap.gz
>
>
> I used the provided ClientProxyAuthentication example <https://hc.apache.org/httpcomponents-client-4.2.x/httpclient/examples/org/apache/http/examples/client/ClientProxyAuthentication.java>
to authenticate with NTML against a local Squid instance, using its ntlm_fake_auth helper
(only does the handshake, all credentials are considered valid).
> Unfortunately, this fails with the NTLM engine built into version 4.3.3 (also tested
with 4.2.1: same result). Following the guidance of <http://hc.apache.org/httpcomponents-client-ga/ntlm.html>,
I got it working with JCIFS. Is Squid not implementing NTLM as expected by HttpComponents?
> I added two Wireshark captures to show the differences in handshake behaviour between
the built-in and JCIFS engines. Hope that helps.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message