hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Jamison" <jljami...@gmail.com>
Subject ntlm proxy authentication question
Date Wed, 05 Mar 2008 22:03:48 GMT
I was ohh so close - I am attempting to code a simple app that
performs NTLM proxy authentication against a proxy server that
supports NTLM and basic authentication.

It took me some time to determine the correct value for the Domain
field in the NTCredentials instance, but decoding the NTLM message 2
structure gave it to me (its the NT domain name).

Now though it seems I still always get 407 responses.

Here's the code:

         System.setProperty("org.apache.commons.logging.Log",
                  "org.apache.commons.logging.impl.SimpleLog");
         System.setProperty
                  ("org.apache.commons.logging.simplelog.showdatetime",
                   "true");
         System.setProperty

("org.apache.commons.logging.simplelog.log.httpclient.wire.header",
                    "debug");
           System.setProperty
       ("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
                    "debug");

        HttpClient httpclient = new HttpClient();

        // set the proxy host and port
        httpclient.getHostConfiguration().setProxy("XXXPROXYHOSTXXX", 80);

//        tried this, triggers BASIC authentication automatically
 //       httpclient.getParams().setAuthenticationPreemptive(true);

        // not sure if the following applies to proxy authentication
        List authPrefs = new ArrayList(1);
        authPrefs.add(AuthPolicy.NTLM);
        httpclient.getParams().setParameter
               (AuthPolicy.AUTH_SCHEME_PRIORITY,
                authPrefs);

        //
        // set the proxy credentials
        //
        httpclient.getState().setProxyCredentials(
            new AuthScope(AuthScope.ANY_HOST, 80, AuthScope.ANY_REALM),
            new NTCredentials("XXXUSERNAMEXXX",
                  "XXXPASSSWORDXXX",
                  "","XXXDOMAINXXXcom")
         );

        GetMethod get = new GetMethod("http://www.google.com/");
        get.setFollowRedirects(true);

        int status = httpclient.executeMethod(get);

        System.out.println(status);
        ...

Here's the scrubbed debug trace -

Frankly I'm stumped as to why the credentials provided are not being accepted.

I would be very grateful for any assistance
-------------------------------------------------------------------------------------------

2008/03/05 13:53:35:576 PST [DEBUG] header - ->> "GET
http://www.google.com/ HTTP/1.1[\r][\n]"
2008/03/05 13:53:35:576 PST [DEBUG] HttpMethodBase - -Adding Host request header
2008/03/05 13:53:35:766 PST [DEBUG] header - ->> "User-Agent: Jakarta
Commons-HttpClient/3.1[\r][\n]"
2008/03/05 13:53:35:766 PST [DEBUG] header - ->> "Host: www.google.com[\r][\n]"
2008/03/05 13:53:35:766 PST [DEBUG] header - ->> "Proxy-Connection:
Keep-Alive[\r][\n]"
2008/03/05 13:53:35:766 PST [DEBUG] header - ->> "[\r][\n]"
2008/03/05 13:53:35:786 PST [DEBUG] header - -<< "HTTP/1.1 407 Proxy
Authentication Required[\r][\n]"
2008/03/05 13:53:35:786 PST [DEBUG] header - -<< "HTTP/1.1 407 Proxy
Authentication Required[\r][\n]"
2008/03/05 13:53:35:816 PST [DEBUG] header - -<< "Proxy-Authenticate:
NTLM[\r][\n]"
2008/03/05 13:53:35:816 PST [DEBUG] header - -<< "Proxy-Authenticate:
BASIC realm="internet"[\r][\n]"
2008/03/05 13:53:35:816 PST [DEBUG] header - -<< "Cache-Control:
no-cache[\r][\n]"
2008/03/05 13:53:35:816 PST [DEBUG] header - -<< "Pragma: no-cache[\r][\n]"
2008/03/05 13:53:35:816 PST [DEBUG] header - -<< "Content-Type:
text/html; charset=utf-8[\r][\n]"
2008/03/05 13:53:35:816 PST [DEBUG] header - -<< "Proxy-Connection:
close[\r][\n]"
2008/03/05 13:53:35:816 PST [DEBUG] header - -<< "Set-Cookie:
BCSI-CS-09B86D4CBE53A54D=2; Path=/[\r][\n]"
2008/03/05 13:53:35:816 PST [DEBUG] header - -<< "Connection: close[\r][\n]"
2008/03/05 13:53:35:816 PST [DEBUG] header - -<< "Content-Length: 813[\r][\n]"
2008/03/05 13:53:35:816 PST [DEBUG] header - -<< "[\r][\n]"
2008/03/05 13:53:35:856 PST [DEBUG] HttpMethodBase - -Cookie accepted:
"$Version=0; BCSI-CS-09B86D4CBE53A54D=2; $Path=/"
2008/03/05 13:53:35:896 PST [DEBUG] HttpMethodDirector - -Authorization required
2008/03/05 13:53:35:936 PST [DEBUG] AuthChallengeProcessor -
-Supported authentication schemes in the order of preference: [NTLM]
2008/03/05 13:53:35:936 PST [INFO] AuthChallengeProcessor - -NTLM
authentication scheme selected
2008/03/05 13:53:36:016 PST [DEBUG] AuthChallengeProcessor - -Using
authentication scheme: ntlm
2008/03/05 13:53:36:016 PST [DEBUG] AuthChallengeProcessor -
-Authorization challenge processed
2008/03/05 13:53:36:016 PST [DEBUG] HttpMethodDirector - -Proxy
authentication scope: NTLM <any realm>@XXXPROXYHOSTXXX:80
2008/03/05 13:53:36:016 PST [DEBUG] HttpMethodDirector - -Retry authentication
2008/03/05 13:53:36:016 PST [DEBUG] HttpMethodBase - -Should close
connection in response to directive: close
2008/03/05 13:53:36:016 PST [DEBUG] HttpConnection - -Connection is
locked.  Call to releaseConnection() ignored.
2008/03/05 13:53:36:016 PST [DEBUG] HttpMethodDirector -
-Authenticating with NTLM <any realm>@XXXPROXYHOSTXXX:80
2008/03/05 13:53:36:057 PST [DEBUG] HttpMethodParams - -Credential
charset not configured, using HTTP element charset
2008/03/05 13:53:36:067 PST [DEBUG] HttpConnection - -Open connection
to XXXPROXYHOSTXXX:80
2008/03/05 13:53:36:067 PST [DEBUG] header - ->> "GET
http://www.google.com/ HTTP/1.1[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] HttpMethodBase - -Adding Host request header
2008/03/05 13:53:36:077 PST [DEBUG] header - ->> "User-Agent: Jakarta
Commons-HttpClient/3.1[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - ->> "Proxy-Connection:
Keep-Alive[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - ->> "Proxy-Authorization:
NTLM TlRMTVNTUAABAAAABlIAAAQABAAgAAAAAAAAACAAAABWSVNB[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - ->> "Host: www.google.com[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - ->> "Cookie: $Version=0;
BCSI-CS-09B86D4CBE53A54D=2; $Path=/[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - ->> "[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - -<< "HTTP/1.1 407 Proxy
Authentication Required[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - -<< "HTTP/1.1 407 Proxy
Authentication Required[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - -<< "Proxy-Authenticate:
NTLM TlRMTVNTUAACAAAABAAEADgAAAAGAoECoZLHmGBVaxAAAAAAAAAAAG4AbgA8AAAABQCTCAAAAA9WSVNBAgAIAFYASQBTAEEAAQAYAFMAVwA3ADIAMABGAEwAVABSAFcAMAAxAAQAEAB2AGkAcwBhAC4AYwBvAG0AAwAqAHMAdwA3ADIAMABmAGwAdAByAHcAMAAxAC4AdgBpAHMAYQAuAGMAbwBtAAAAAAA=[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - -<< "Cache-Control:
no-cache[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - -<< "Pragma: no-cache[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - -<< "Content-Type:
text/html; charset=utf-8[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - -<< "Proxy-Connection:
Keep-Alive[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - -<< "Set-Cookie:
BCSI-CS-09B86D4CBE53A54D=2; Path=/[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - -<< "Connection:
Keep-Alive[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - -<< "Content-Length: 830[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] header - -<< "[\r][\n]"
2008/03/05 13:53:36:077 PST [DEBUG] HttpMethodBase - -Cookie accepted:
"$Version=0; BCSI-CS-09B86D4CBE53A54D=2; $Path=/"
2008/03/05 13:53:36:077 PST [DEBUG] HttpMethodDirector - -Authorization required
2008/03/05 13:53:36:077 PST [DEBUG] AuthChallengeProcessor - -Using
authentication scheme: ntlm
2008/03/05 13:53:36:077 PST [DEBUG] AuthChallengeProcessor -
-Authorization challenge processed
2008/03/05 13:53:36:077 PST [DEBUG] HttpMethodDirector - -Proxy
authentication scope: NTLM <any realm>@XXXPROXYHOSTXXX:80
2008/03/05 13:53:36:077 PST [DEBUG] HttpMethodDirector - -Retry authentication
2008/03/05 13:53:36:077 PST [DEBUG] HttpMethodBase - -Should NOT close
connection in response to directive: Keep-Alive
2008/03/05 13:53:36:077 PST [DEBUG] HttpConnection - -Connection is
locked.  Call to releaseConnection() ignored.
2008/03/05 13:53:36:077 PST [DEBUG] HttpMethodDirector -
-Authenticating with NTLM <any realm>@XXXPROXYHOSTXXX:80
2008/03/05 13:53:36:077 PST [DEBUG] HttpMethodParams - -Credential
charset not configured, using HTTP element charset
2008/03/05 13:53:36:768 PST [DEBUG] header - ->> "GET
http://www.google.com/ HTTP/1.1[\r][\n]"
2008/03/05 13:53:36:768 PST [DEBUG] HttpMethodBase - -Adding Host request header
2008/03/05 13:53:36:768 PST [DEBUG] header - ->> "User-Agent: Jakarta
Commons-HttpClient/3.1[\r][\n]"
2008/03/05 13:53:36:768 PST [DEBUG] header - ->> "Proxy-Connection:
Keep-Alive[\r][\n]"
2008/03/05 13:53:36:768 PST [DEBUG] header - ->> "Proxy-Authorization:
NTLM TlRMTVNTUAADAAAAGAAYAEwAAAAAAAAAZAAAAAQABABAAAAACAAIAEQAAAAAAAAATAAAAAAAAABkAAAABlIAAFZJU0FKSkFNSVNPTgFYy21YQMxayqbIo0s6cfIvS1XjxZwa9g==[\r][\n]"
2008/03/05 13:53:36:768 PST [DEBUG] header - ->> "Host: www.google.com[\r][\n]"
2008/03/05 13:53:36:768 PST [DEBUG] header - ->> "Cookie: $Version=0;
BCSI-CS-09B86D4CBE53A54D=2; $Path=/[\r][\n]"
2008/03/05 13:53:36:768 PST [DEBUG] header - ->> "[\r][\n]"
2008/03/05 13:53:36:818 PST [DEBUG] header - -<< "HTTP/1.1 407 Proxy
Authentication Required[\r][\n]"
2008/03/05 13:53:36:818 PST [DEBUG] header - -<< "HTTP/1.1 407 Proxy
Authentication Required[\r][\n]"
2008/03/05 13:53:36:818 PST [DEBUG] header - -<< "Proxy-Authenticate:
NTLM[\r][\n]"
2008/03/05 13:53:36:818 PST [DEBUG] header - -<< "Cache-Control:
no-cache[\r][\n]"
2008/03/05 13:53:36:818 PST [DEBUG] header - -<< "Pragma: no-cache[\r][\n]"
2008/03/05 13:53:36:818 PST [DEBUG] header - -<< "Content-Type:
text/html; charset=utf-8[\r][\n]"
2008/03/05 13:53:36:818 PST [DEBUG] header - -<< "Proxy-Connection:
close[\r][\n]"
2008/03/05 13:53:36:828 PST [DEBUG] header - -<< "Set-Cookie:
BCSI-CS-09B86D4CBE53A54D=2; Path=/[\r][\n]"
2008/03/05 13:53:36:828 PST [DEBUG] header - -<< "Connection: close[\r][\n]"
2008/03/05 13:53:36:828 PST [DEBUG] header - -<< "Content-Length: 825[\r][\n]"
2008/03/05 13:53:36:828 PST [DEBUG] header - -<< "[\r][\n]"
2008/03/05 13:53:36:828 PST [DEBUG] HttpMethodBase - -Cookie accepted:
"$Version=0; BCSI-CS-09B86D4CBE53A54D=2; $Path=/"
2008/03/05 13:53:36:828 PST [DEBUG] HttpMethodDirector - -Authorization required
2008/03/05 13:53:36:828 PST [DEBUG] AuthChallengeProcessor - -Using
authentication scheme: ntlm
2008/03/05 13:53:36:828 PST [DEBUG] AuthChallengeProcessor -
-Authorization challenge processed
2008/03/05 13:53:36:828 PST [DEBUG] HttpMethodDirector - -Proxy
authentication scope: NTLM <any realm>@XXXPROXYHOSTXXX:80
2008/03/05 13:53:36:828 PST [DEBUG] HttpMethodDirector - -Proxy
credentials required
2008/03/05 13:53:36:828 PST [DEBUG] HttpMethodDirector - -Proxy
credentials provider not available
2008/03/05 13:53:36:828 PST [INFO] HttpMethodDirector - -Failure
authenticating with NTLM <any realm>@XXXPROXYHOST:80


-- 
John Jamison
jljamison@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message