hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HTTPCLIENT-1881) NTLM authentication against ntlm.herokuapp.com
Date Thu, 16 Nov 2017 22:52:01 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16256091#comment-16256091
] 

Karl Wright edited comment on HTTPCLIENT-1881 at 11/16/17 10:51 PM:
--------------------------------------------------------------------

The exception is being thrown while unpacking one of the NTLM response messages from the server.
 Here's the code:

{code}
    private static int readULong(final byte[] src, final int index) throws NTLMEngineException
{
        if (src.length < index + 4) {
            throw new NTLMEngineException("NTLM authentication - buffer too small for DWORD");
        }
        return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8)
                | ((src[index + 2] & 0xff) << 16) | ((src[index + 3] & 0xff)
<< 24);
    }

    private static int readUShort(final byte[] src, final int index) throws NTLMEngineException
{
        if (src.length < index + 2) {
            throw new NTLMEngineException("NTLM authentication - buffer too small for WORD");
        }
        return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8);
    }

    private static byte[] readSecurityBuffer(final byte[] src, final int index) throws NTLMEngineException
{
        final int length = readUShort(src, index);
        final int offset = readULong(src, index + 4);
        if (src.length < offset + length) {
            throw new NTLMEngineException(
                    "NTLM authentication - buffer too small for data item");
        }
        final byte[] buffer = new byte[length];
        System.arraycopy(src, offset, buffer, 0, length);
        return buffer;
    }
{code}

Basically, there's a required message field in the server response for which there's no data
in the buffer from the server.

It's possible that Microsoft clients silently eat this error and just treat such fields as
having a "0" value.  That's something that's pretty easy to explore by modifying the above
code in NTLMEngineImpl.java to look something like this:

{code}
    private static int readULong(final byte[] src, final int index) throws NTLMEngineException
{
        if (src.length < index + 4) {
            return 0;
        }
        return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8)
                | ((src[index + 2] & 0xff) << 16) | ((src[index + 3] & 0xff)
<< 24);
    }

    private static int readUShort(final byte[] src, final int index) throws NTLMEngineException
{
        if (src.length < index + 2) {
            return 0;
        }
        return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8);
    }

    private static byte[] readSecurityBuffer(final byte[] src, final int index) throws NTLMEngineException
{
        final int length = readUShort(src, index);
        final int offset = readULong(src, index + 4);
        if (src.length < offset + length) {
            throw new NTLMEngineException(
                    "NTLM authentication - buffer too small for data item");
        }
        final byte[] buffer = new byte[length];
        System.arraycopy(src, offset, buffer, 0, length);
        return buffer;
    }
{code}

If you would be so kind as to check out the appropriate sources and make this change to see
whether it works, that would be very helpful, and I'd be glad to commit it if it works.  If
you don't have time, I may be able to get to it myself this weekend but not before.

Thanks!




was (Author: kwright@metacarta.com):
The exception is being thrown while unpacking one of the NTLM response messages from the server.
 Here's the code:

{code}
    private static int readULong(final byte[] src, final int index) throws NTLMEngineException
{
        if (src.length < index + 4) {
            throw new NTLMEngineException("NTLM authentication - buffer too small for DWORD");
        }
        return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8)
                | ((src[index + 2] & 0xff) << 16) | ((src[index + 3] & 0xff)
<< 24);
    }

    private static int readUShort(final byte[] src, final int index) throws NTLMEngineException
{
        if (src.length < index + 2) {
            throw new NTLMEngineException("NTLM authentication - buffer too small for WORD");
        }
        return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8);
    }

    private static byte[] readSecurityBuffer(final byte[] src, final int index) throws NTLMEngineException
{
        final int length = readUShort(src, index);
        final int offset = readULong(src, index + 4);
        if (src.length < offset + length) {
            throw new NTLMEngineException(
                    "NTLM authentication - buffer too small for data item");
        }
        final byte[] buffer = new byte[length];
        System.arraycopy(src, offset, buffer, 0, length);
        return buffer;
    }
{code}

Basically, there's a required message field in the server response for which there's no data
in the buffer from the client.

It's possible that Microsoft clients silently eat this error and just treat such fields as
having a "0" value.  That's something that's pretty easy to explore by modifying the above
code in NTLMEngineImpl.java to look something like this:

{code}
    private static int readULong(final byte[] src, final int index) throws NTLMEngineException
{
        if (src.length < index + 4) {
            return 0;
        }
        return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8)
                | ((src[index + 2] & 0xff) << 16) | ((src[index + 3] & 0xff)
<< 24);
    }

    private static int readUShort(final byte[] src, final int index) throws NTLMEngineException
{
        if (src.length < index + 2) {
            return 0;
        }
        return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8);
    }

    private static byte[] readSecurityBuffer(final byte[] src, final int index) throws NTLMEngineException
{
        final int length = readUShort(src, index);
        final int offset = readULong(src, index + 4);
        if (src.length < offset + length) {
            throw new NTLMEngineException(
                    "NTLM authentication - buffer too small for data item");
        }
        final byte[] buffer = new byte[length];
        System.arraycopy(src, offset, buffer, 0, length);
        return buffer;
    }
{code}

If you would be so kind as to check out the appropriate sources and make this change to see
whether it works, that would be very helpful, and I'd be glad to commit it if it works.  If
you don't have time, I may be able to get to it myself this weekend but not before.

Thanks!



> NTLM authentication against ntlm.herokuapp.com
> ----------------------------------------------
>
>                 Key: HTTPCLIENT-1881
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1881
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (classic)
>    Affects Versions: 4.5.3
>            Reporter: Marcel Stör
>            Assignee: Karl Wright
>              Labels: authentication, ntlm
>         Attachments: msr-ntlm-prototype.zip
>
>
> I'm prototyping NTLM authentication with your 4.5 HTTP client and Spring RestTemplate.
This currently fails with a {{org.apache.http.impl.auth.NTLMEngineException}} "NTLM authentication
error: NTLM authentication - buffer too small for data item". 
> The code, wire log (below) and a simple standalone test application (attached) are included.
> h2. Code
> {code:java}
> RestTemplate restTemplate = new RestTemplate();
> restTemplate.setRequestFactory(buildHttpComponentsClientHttpRequestFactory(args));
> private static HttpComponentsClientHttpRequestFactory
> buildHttpComponentsClientHttpRequestFactory(String[] args) {
>   PoolingHttpClientConnectionManager cm = new
> PoolingHttpClientConnectionManager();
>   cm.setMaxTotal(128);
>   cm.setDefaultMaxPerRoute(24);
>   RequestConfig.Builder requestBuilder =
> RequestConfig.custom().setConnectTimeout(5000).setSocketTimeout(10000);
>   Registry<AuthSchemeProvider> authSchemeRegistry =
> RegistryBuilder.<AuthSchemeProvider>create()
>     .register(AuthSchemes.NTLM, new NTLMSchemeFactory())
>     .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory()).build();
>   CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
>   credentialsProvider.setCredentials(AuthScope.ANY, new
> NTCredentials(args[1], args[2], null, args[3]));
>   HttpClientBuilder builder = HttpClientBuilder.create()
>     .setConnectionManager(cm)
>     .setDefaultRequestConfig(requestBuilder.build())
>     .setDefaultAuthSchemeRegistry(authSchemeRegistry)
>     .setDefaultCredentialsProvider(credentialsProvider);
>   return new HttpComponentsClientHttpRequestFactory(builder.build());
> }
> {code}
> h2. Wire log
> {noformat}
> 23:21:22,983 | RestTemplate                        | Created GET request for "https://ntlm.herokuapp.com"
> 23:21:22,987 | RestTemplate                        | Setting request Accept header to
[text/plain, */*]
> 23:21:22,997 | RequestAddCookies                   | CookieSpec selected: default
> 23:21:23,006 | RequestAuthCache                    | Auth cache not set in the context
> 23:21:23,007 | PoolingHttpClientConnectionManager  | Connection request: [route: {s}->https://ntlm.herokuapp.com:443][total
kept alive: 0; route allocated: 0 of 24; total allocated: 0 of 128]
> 23:21:23,029 | PoolingHttpClientConnectionManager  | Connection leased: [id: 0][route:
{s}->https://ntlm.herokuapp.com:443][total kept alive: 0; route allocated: 1 of 24; total
allocated: 1 of 128]
> 23:21:23,031 | MainClientExec                      | Opening connection {s}->https://ntlm.herokuapp.com:443
> 23:21:23,299 | DefaultHttpClientConnectionOperator | Connecting to ntlm.herokuapp.com/54.235.146.123:443
> 23:21:23,299 | SSLConnectionSocketFactory          | Connecting socket to ntlm.herokuapp.com/54.235.146.123:443
with timeout 5000
> 23:21:23,581 | SSLConnectionSocketFactory          | Enabled protocols: [TLSv1, TLSv1.1,
TLSv1.2]
> 23:21:23,582 | SSLConnectionSocketFactory          | Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> 23:21:23,582 | SSLConnectionSocketFactory          | Starting handshake
> 23:21:23,989 | SSLConnectionSocketFactory          | Secure session established
> 23:21:23,989 | SSLConnectionSocketFactory          |  negotiated protocol: TLSv1.2
> 23:21:23,989 | SSLConnectionSocketFactory          |  negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> 23:21:23,990 | SSLConnectionSocketFactory          |  peer principal: CN=*.herokuapp.com,
O="Heroku, Inc.", L=San Francisco, ST=California, C=US
> 23:21:23,990 | SSLConnectionSocketFactory          |  peer alternative names: [*.herokuapp.com,
herokuapp.com]
> 23:21:23,990 | SSLConnectionSocketFactory          |  issuer principal: CN=DigiCert SHA2
High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
> 23:21:23,994 | DefaultHttpClientConnectionOperator | Connection established 172.19.1.229:63526<->54.235.146.123:443
> 23:21:23,994 | DefaultManagedHttpClientConnection  | http-outgoing-0: set socket timeout
to 10000
> 23:21:23,994 | MainClientExec                      | Executing request GET / HTTP/1.1
> 23:21:23,995 | MainClientExec                      | Target auth state: UNCHALLENGED
> 23:21:23,995 | MainClientExec                      | Proxy auth state: UNCHALLENGED
> 23:21:23,996 | headers                             | http-outgoing-0 >> GET / HTTP/1.1
> 23:21:23,996 | headers                             | http-outgoing-0 >> Accept:
text/plain, */*
> 23:21:23,996 | headers                             | http-outgoing-0 >> Host: ntlm.herokuapp.com
> 23:21:23,996 | headers                             | http-outgoing-0 >> Connection:
Keep-Alive
> 23:21:23,996 | headers                             | http-outgoing-0 >> User-Agent:
Apache-HttpClient/4.5.3 (Java/1.8.0_66)
> 23:21:23,996 | headers                             | http-outgoing-0 >> Accept-Encoding:
gzip,deflate
> 23:21:23,996 | wire                                | http-outgoing-0 >> "GET /
HTTP/1.1[\r][\n]"
> 23:21:23,996 | wire                                | http-outgoing-0 >> "Accept:
text/plain, */*[\r][\n]"
> 23:21:23,997 | wire                                | http-outgoing-0 >> "Host:
ntlm.herokuapp.com[\r][\n]"
> 23:21:23,997 | wire                                | http-outgoing-0 >> "Connection:
Keep-Alive[\r][\n]"
> 23:21:23,997 | wire                                | http-outgoing-0 >> "User-Agent:
Apache-HttpClient/4.5.3 (Java/1.8.0_66)[\r][\n]"
> 23:21:23,997 | wire                                | http-outgoing-0 >> "Accept-Encoding:
gzip,deflate[\r][\n]"
> 23:21:23,997 | wire                                | http-outgoing-0 >> "[\r][\n]"
> 23:21:24,174 | wire                                | http-outgoing-0 << "HTTP/1.1
401 Unauthorized [\r][\n]"
> 23:21:24,174 | wire                                | http-outgoing-0 << "Connection:
keep-alive[\r][\n]"
> 23:21:24,174 | wire                                | http-outgoing-0 << "Www-Authenticate:
NTLM[\r][\n]"
> 23:21:24,174 | wire                                | http-outgoing-0 << "Server:
WEBrick/1.3.1 (Ruby/2.0.0/2014-09-19)[\r][\n]"
> 23:21:24,174 | wire                                | http-outgoing-0 << "Date:
Thu, 16 Nov 2017 22:20:57 GMT[\r][\n]"
> 23:21:24,174 | wire                                | http-outgoing-0 << "Content-Length:
0[\r][\n]"
> 23:21:24,174 | wire                                | http-outgoing-0 << "Via: 1.1
vegur[\r][\n]"
> 23:21:24,174 | wire                                | http-outgoing-0 << "[\r][\n]"
> 23:21:24,177 | headers                             | http-outgoing-0 << HTTP/1.1
401 Unauthorized
> 23:21:24,177 | headers                             | http-outgoing-0 << Connection:
keep-alive
> 23:21:24,178 | headers                             | http-outgoing-0 << Www-Authenticate:
NTLM
> 23:21:24,178 | headers                             | http-outgoing-0 << Server:
WEBrick/1.3.1 (Ruby/2.0.0/2014-09-19)
> 23:21:24,178 | headers                             | http-outgoing-0 << Date: Thu,
16 Nov 2017 22:20:57 GMT
> 23:21:24,178 | headers                             | http-outgoing-0 << Content-Length:
0
> 23:21:24,178 | headers                             | http-outgoing-0 << Via: 1.1
vegur
> 23:21:24,181 | MainClientExec                      | Connection can be kept alive indefinitely
> 23:21:24,181 | HttpAuthenticator                   | Authentication required
> 23:21:24,183 | HttpAuthenticator                   | ntlm.herokuapp.com:443 requested
authentication
> 23:21:24,184 | TargetAuthenticationStrategy        | Authentication schemes in the order
of preference: [Negotiate, Kerberos, NTLM, Digest, Basic]
> 23:21:24,184 | TargetAuthenticationStrategy        | Challenge for Negotiate authentication
scheme not available
> 23:21:24,184 | TargetAuthenticationStrategy        | Challenge for Kerberos authentication
scheme not available
> 23:21:24,191 | TargetAuthenticationStrategy        | Challenge for Digest authentication
scheme not available
> 23:21:24,191 | TargetAuthenticationStrategy        | Challenge for Basic authentication
scheme not available
> 23:21:24,191 | HttpAuthenticator                   | Selected authentication options:
[NTLM]
> 23:21:24,192 | DefaultManagedHttpClientConnection  | http-outgoing-0: set socket timeout
to 10000
> 23:21:24,192 | MainClientExec                      | Executing request GET / HTTP/1.1
> 23:21:24,192 | MainClientExec                      | Target auth state: CHALLENGED
> 23:21:24,192 | HttpAuthenticator                   | Generating response to an authentication
challenge using ntlm scheme
> 23:21:24,192 | MainClientExec                      | Proxy auth state: UNCHALLENGED
> 23:21:24,192 | headers                             | http-outgoing-0 >> GET / HTTP/1.1
> 23:21:24,192 | headers                             | http-outgoing-0 >> Accept:
text/plain, */*
> 23:21:24,192 | headers                             | http-outgoing-0 >> Host: ntlm.herokuapp.com
> 23:21:24,192 | headers                             | http-outgoing-0 >> Connection:
Keep-Alive
> 23:21:24,192 | headers                             | http-outgoing-0 >> User-Agent:
Apache-HttpClient/4.5.3 (Java/1.8.0_66)
> 23:21:24,192 | headers                             | http-outgoing-0 >> Accept-Encoding:
gzip,deflate
> 23:21:24,192 | headers                             | http-outgoing-0 >> Authorization:
NTLM TlRMTVNTUAABAAAAAYIIogAAAAAoAAAAAAAAACgAAAAFASgKAAAADw==
> 23:21:24,193 | wire                                | http-outgoing-0 >> "GET /
HTTP/1.1[\r][\n]"
> 23:21:24,193 | wire                                | http-outgoing-0 >> "Accept:
text/plain, */*[\r][\n]"
> 23:21:24,193 | wire                                | http-outgoing-0 >> "Host:
ntlm.herokuapp.com[\r][\n]"
> 23:21:24,193 | wire                                | http-outgoing-0 >> "Connection:
Keep-Alive[\r][\n]"
> 23:21:24,193 | wire                                | http-outgoing-0 >> "User-Agent:
Apache-HttpClient/4.5.3 (Java/1.8.0_66)[\r][\n]"
> 23:21:24,193 | wire                                | http-outgoing-0 >> "Accept-Encoding:
gzip,deflate[\r][\n]"
> 23:21:24,193 | wire                                | http-outgoing-0 >> "Authorization:
NTLM TlRMTVNTUAABAAAAAYIIogAAAAAoAAAAAAAAACgAAAAFASgKAAAADw==[\r][\n]"
> 23:21:24,193 | wire                                | http-outgoing-0 >> "[\r][\n]"
> 23:21:24,367 | wire                                | http-outgoing-0 << "HTTP/1.1
401 Unauthorized [\r][\n]"
> 23:21:24,367 | wire                                | http-outgoing-0 << "Connection:
keep-alive[\r][\n]"
> 23:21:24,368 | wire                                | http-outgoing-0 << "Www-Authenticate:
NTLM TlRMTVNTUAACAAAAAAAAACgAAAABAAAAAAAAAAAAAAA=[\r][\n]"
> 23:21:24,368 | wire                                | http-outgoing-0 << "Server:
WEBrick/1.3.1 (Ruby/2.0.0/2014-09-19)[\r][\n]"
> 23:21:24,368 | wire                                | http-outgoing-0 << "Date:
Thu, 16 Nov 2017 22:20:58 GMT[\r][\n]"
> 23:21:24,368 | wire                                | http-outgoing-0 << "Content-Length:
0[\r][\n]"
> 23:21:24,368 | wire                                | http-outgoing-0 << "Via: 1.1
vegur[\r][\n]"
> 23:21:24,368 | wire                                | http-outgoing-0 << "[\r][\n]"
> 23:21:24,368 | headers                             | http-outgoing-0 << HTTP/1.1
401 Unauthorized
> 23:21:24,368 | headers                             | http-outgoing-0 << Connection:
keep-alive
> 23:21:24,368 | headers                             | http-outgoing-0 << Www-Authenticate:
NTLM TlRMTVNTUAACAAAAAAAAACgAAAABAAAAAAAAAAAAAAA=
> 23:21:24,368 | headers                             | http-outgoing-0 << Server:
WEBrick/1.3.1 (Ruby/2.0.0/2014-09-19)
> 23:21:24,368 | headers                             | http-outgoing-0 << Date: Thu,
16 Nov 2017 22:20:58 GMT
> 23:21:24,368 | headers                             | http-outgoing-0 << Content-Length:
0
> 23:21:24,369 | headers                             | http-outgoing-0 << Via: 1.1
vegur
> 23:21:24,369 | MainClientExec                      | Connection can be kept alive indefinitely
> 23:21:24,369 | HttpAuthenticator                   | Authentication required
> 23:21:24,369 | HttpAuthenticator                   | ntlm.herokuapp.com:443 requested
authentication
> 23:21:24,369 | HttpAuthenticator                   | Authorization challenge processed
> 23:21:24,369 | DefaultManagedHttpClientConnection  | http-outgoing-0: set socket timeout
to 10000
> 23:21:24,369 | MainClientExec                      | Executing request GET / HTTP/1.1
> 23:21:24,369 | MainClientExec                      | Target auth state: HANDSHAKE
> 23:21:24,370 | HttpAuthenticator                   | NTLM authentication error: NTLM
authentication - buffer too small for data item
> 23:21:24,370 | MainClientExec                      | Proxy auth state: UNCHALLENGED
> 23:21:24,371 | headers                             | http-outgoing-0 >> GET / HTTP/1.1
> 23:21:24,371 | headers                             | http-outgoing-0 >> Accept:
text/plain, */*
> 23:21:24,371 | headers                             | http-outgoing-0 >> Host: ntlm.herokuapp.com
> 23:21:24,371 | headers                             | http-outgoing-0 >> Connection:
Keep-Alive
> 23:21:24,371 | headers                             | http-outgoing-0 >> User-Agent:
Apache-HttpClient/4.5.3 (Java/1.8.0_66)
> 23:21:24,371 | headers                             | http-outgoing-0 >> Accept-Encoding:
gzip,deflate
> 23:21:24,371 | wire                                | http-outgoing-0 >> "GET /
HTTP/1.1[\r][\n]"
> 23:21:24,371 | wire                                | http-outgoing-0 >> "Accept:
text/plain, */*[\r][\n]"
> 23:21:24,371 | wire                                | http-outgoing-0 >> "Host:
ntlm.herokuapp.com[\r][\n]"
> 23:21:24,371 | wire                                | http-outgoing-0 >> "Connection:
Keep-Alive[\r][\n]"
> 23:21:24,371 | wire                                | http-outgoing-0 >> "User-Agent:
Apache-HttpClient/4.5.3 (Java/1.8.0_66)[\r][\n]"
> 23:21:24,371 | wire                                | http-outgoing-0 >> "Accept-Encoding:
gzip,deflate[\r][\n]"
> 23:21:24,371 | wire                                | http-outgoing-0 >> "[\r][\n]"
> 23:21:24,562 | wire                                | http-outgoing-0 << "HTTP/1.1
401 Unauthorized [\r][\n]"
> 23:21:24,562 | wire                                | http-outgoing-0 << "Connection:
keep-alive[\r][\n]"
> 23:21:24,562 | wire                                | http-outgoing-0 << "Www-Authenticate:
NTLM[\r][\n]"
> 23:21:24,562 | wire                                | http-outgoing-0 << "Server:
WEBrick/1.3.1 (Ruby/2.0.0/2014-09-19)[\r][\n]"
> 23:21:24,562 | wire                                | http-outgoing-0 << "Date:
Thu, 16 Nov 2017 22:20:58 GMT[\r][\n]"
> 23:21:24,562 | wire                                | http-outgoing-0 << "Content-Length:
0[\r][\n]"
> 23:21:24,562 | wire                                | http-outgoing-0 << "Via: 1.1
vegur[\r][\n]"
> 23:21:24,562 | wire                                | http-outgoing-0 << "[\r][\n]"
> 23:21:24,562 | headers                             | http-outgoing-0 << HTTP/1.1
401 Unauthorized
> 23:21:24,562 | headers                             | http-outgoing-0 << Connection:
keep-alive
> 23:21:24,563 | headers                             | http-outgoing-0 << Www-Authenticate:
NTLM
> 23:21:24,563 | headers                             | http-outgoing-0 << Server:
WEBrick/1.3.1 (Ruby/2.0.0/2014-09-19)
> 23:21:24,563 | headers                             | http-outgoing-0 << Date: Thu,
16 Nov 2017 22:20:58 GMT
> 23:21:24,563 | headers                             | http-outgoing-0 << Content-Length:
0
> 23:21:24,563 | headers                             | http-outgoing-0 << Via: 1.1
vegur
> 23:21:24,563 | MainClientExec                      | Connection can be kept alive indefinitely
> 23:21:24,563 | HttpAuthenticator                   | Authentication required
> 23:21:24,563 | HttpAuthenticator                   | ntlm.herokuapp.com:443 requested
authentication
> 23:21:24,563 | HttpAuthenticator                   | Authorization challenge processed
> 23:21:24,563 | HttpAuthenticator                   | Authentication failed
> 23:21:24,563 | PoolingHttpClientConnectionManager  | Connection [id: 0][route: {s}->https://ntlm.herokuapp.com:443]
can be kept alive indefinitely
> 23:21:24,563 | PoolingHttpClientConnectionManager  | Connection released: [id: 0][route:
{s}->https://ntlm.herokuapp.com:443][total kept alive: 1; route allocated: 1 of 24; total
allocated: 1 of 128]
> 23:21:24,568 | RestTemplate                        | GET request for "https://ntlm.herokuapp.com"
resulted in 401 (Unauthorized); invoking error handler
> 23:21:24,571 | NtlmPrototype                       | Request failed
> org.springframework.web.client.HttpClientErrorException: 401 Unauthorized
> 	at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:63)
~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
> 	at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700)
~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
> 	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
> 	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:613) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
> 	at org.springframework.web.client.RestTemplate.getForEntity(RestTemplate.java:312) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
> 	at NtlmPrototype.issueGetRequest(NtlmPrototype.java:50) [classes/:?]
> 	at NtlmPrototype.main(NtlmPrototype.java:32) [classes/:?]
> {noformat}
> h3. Test application
> - use attached ZIP or download from https://frightanic.com/misc/msr-ntlm-prototype.zip
(26.7KB)
> - unzip
> - $ mvn package
> - $ java -jar target/ntlm-prototype-1.0-SNAPSHOT.jar https://ntlm.herokuapp.com user
pass domain



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message