hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Parks <davidpark...@yahoo.com>
Subject Re: Proxy Authentication in 3.0 rc2
Date Wed, 29 Jun 2005 17:34:38 GMT
Thanks for the reply Oleg. This is what I figured, but I cannot see how to use different authentication
schemes for the Proxy vs. the Site authentication challenge.

I tried adding the code suggested in the Authentication tutorial:

	List authPrefs = new ArrayList(2);
	authPrefs.add(AuthPolicy.DIGEST);
	authPrefs.add(AuthPolicy.BASIC);
	authPrefs.add(AuthPolicy.NTLM);
	 This will exclude the NTLM authentication scheme
	httpclient.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs);

I got a message stating that it was attempting BASIC authentication for the Proxy and that
it failed (probably because the domain doesn't get passed I guess). So my thought is that
I need NTLM for the proxy authentication and Basic will work for the site authentication.

The question I am then working on is how to direct the HttpClient to select that order of
authentication methods. If I let it take NTLM as the preffered authentication method then
it will try to authenticate both challenges with NTLM.

I sure there is just some little detail I'm missing here somewhere, it's just hard to find
it.

Thanks a lot!
David


On Wed, 29 Jun 2005 19:17:24 +0200, Oleg Kalnichevski wrote:
> On Wed, Jun 29, 2005 at 09:53:07AM -0700, David Parks wrote:
>
>> Hi all,
>> I am trying to authenticate to a server via a proxy which also
>> requires authentication. It seems that I can get either the proxy
>> authentication to work OR the site authentication to work, but
>> not both.
>>
>> Both seem to work independently when I set the credentials (or
>> proxy credentials) using NTCredentials (e.g. if I connect to the
>> site from a network not using a proxy I can get it to work, and I
>> can authenticate to the proxy only to get a 401 authentication
>> failed from the server when using the proxy).
>>
>> I read in the Authentication tutorial that you can't authenticate
>> using NTLM to both the proxy and site, so I'm trying various
>> combinations of authentication, but I can't find any
>> documentation that specifically covers this case and I feel like
>> I'm just taking stabs in the dark right now.
>>
> David,
>
> You _really_ can't use NTLM to authenticate with the proxy and the
> target host at the same, due to the nature of this authentication
> scheme. Really. That was not a joke.
>
> Please consider using one of the following combinations instead:
>
> (1) BASIC proxy + NTLM host if both the clent and the proxy are
> within a trusted network segment
>
> (2) NTLM proxy + SSL + BASIC host
>
> Both combinations should provide an adequate (or better in the
> latter case) security
>
> Hope this helps
>
> Oleg
>
>>
>> If anyone can point me in the direction of the light at the end
>> of the tunnel I'd really appreciate it.
>>
>> Thanks,
>> David
>>
>>
>> ------------------------------------------------------------------
>> --- To unsubscribe, e-mail: httpclient-user-
>> unsubscribe@jakarta.apache.org For additional commands, e-mail:
>> httpclient-user-help@jakarta.apache.org
>>
>
> --------------------------------------------------------------------
> - To unsubscribe, e-mail: httpclient-user-
> unsubscribe@jakarta.apache.org For additional commands, e-mail:
> httpclient-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message