hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jignesh Malkan" <JMal...@axeda.com>
Subject Need help with ProxyClient tunneling through authenticating proxy
Date Fri, 08 Aug 2008 15:33:50 GMT
Hi,

 

I am new to HttpClient and I am trying to open a Socket connection from
Applet to the Server tunneling through the ISA proxy.

 

Proxy client works fine with Non-Authenticating Proxy but it fails when
I turn on "basic" or "Integrated" (NTLM) authentication. I have spent a
good amount of time and have not made much progress. So I decided to
call help from experts :-)

 

I am using httpclient-3.0.1 and client machine will have a JRE version
>=1.5

 

Here is my code flow:

1.	I detect proxy using ProxySelector.getDefault().select(new
URI(uri));
2.	I set the System properties for https.proxySet=true,
https.proxyHost=proxyHost, https.proxyPort=proxyPort
3.	Next set these properties into TunnelBean and pass this to the
following method:

 

  public static Socket getTunnelSocket(String host, int port, TunnelBean
tunnelBean)

  {

    Socket socket = null;

    

    if (tunnelBean != null)

    {

      Logger.info("Setting debug on for HttpClient");

      System.setProperty("org.apache.commons.logging.Log",
"org.apache.commons.logging.impl.SimpleLog");

 
System.setProperty("org.apache.commons.logging.simplelog.showdatetime",
"true");

 
System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.
wire.header", "debug");

 
System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.
wire", "debug");

 
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.
commons.httpclient", "debug");

      

      ProxyClient proxyclient = new ProxyClient();

      HttpClientParams httpClientParams = proxyclient.getParams();

      

      List<String> authPreferenceList = new ArrayList<String>(3);

      authPreferenceList.add(AuthPolicy.NTLM);

      authPreferenceList.add(AuthPolicy.DIGEST);

      authPreferenceList.add(AuthPolicy.BASIC);

      

      httpClientParams.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY,
authPreferenceList);

      //httpClientParams.setAuthenticationPreemptive(true);

      

      Logger.info("Setting the GAS Server host and port into
proxyclient");

      proxyclient.getHostConfiguration().setHost(host, port, "https");

 

      Logger.info("proxyclient=" + proxyclient);

      Logger.info("param host=" + host + "port=" + port);

      Logger.info("proxyclient host=" +
proxyclient.getHostConfiguration().getHost());

      Logger.info("proxyclient hos turl=" +
proxyclient.getHostConfiguration().getHostURL());

      

      Logger.info("Setting the proxy host and port into proxyclient");

      proxyclient.getHostConfiguration().setProxy(tunnelBean.getHost(),
tunnelBean.getPort());

      

      Logger.info("Setting the proxy credentials, only necessary for
authenticating proxies");

      AuthScope authScope = new AuthScope(tunnelBean.getHost(),
tunnelBean.getPort(), null);

      Credentials credentials  = new
NTCredentials(tunnelBean.getUserName(), tunnelBean.getPassword(),

 
tunnelBean.getUserIp(), tunnelBean.getDomain());

      //credentials = new
UsernamePasswordCredentials(tunnelBean.getUserName(),
tunnelBean.getPassword());

      

      Logger.info("authScope=" + authScope);

      Logger.info("Credentials=" + credentials);

      

      proxyclient.getState().setProxyCredentials(authScope,
credentials);

      

      try

      {

        Logger.info("About to call proxyclient.connect()");

        ProxyClient.ConnectResponse response = proxyclient.connect();

        Logger.info("The proxyclient.connect() response is " +
response);

        

        socket = response.getSocket();

        

        if (socket == null)

        {

          // the proxy connect was not successful, check connect method
for reasons why

 
Logger.error(response.getConnectMethod().getResponseBodyAsString());

          Logger.error("ProxyClient Connect failed: " +
response.getConnectMethod().getStatusLine());

        }

      }

      catch (Exception ex)

      {

        socket = null;

        Logger.error("ProxyClient Connect failed: ", ex);

      }

    }

    

    return socket;

  }

 

As you could see I have turned on Debug and here is the log. I seems to
me as if ProxyClient is not sending credential info to the Proxy Server.
I have replaced actual values with word which are marked in red

 

 

2008/08/07 09:52:58:140 EDT [DEBUG] HttpConnection - Open connection to
proxyHost: proxyPort

2008/08/07 09:52:58:156 EDT [DEBUG] header - >> "CONNECT
remoteHost:remotePort HTTP/1.1"

2008/08/07 09:52:58:156 EDT [DEBUG] HttpMethodBase - Adding Host request
header

2008/08/07 09:52:58:156 EDT [DEBUG] header - >> "User-Agent: Jakarta
Commons-HttpClient/3.0.1[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - >> "Host: remoteServerName
[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - >> "Proxy-Connection:
Keep-Alive[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - >> "[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - << "HTTP/1.1 407 Proxy
Authentication Required ( The ISA Server requires authorization to
fulfill the request. Access to the Web Proxy filter is denied.
)[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - << "Via: 1.1
proxyServerName[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - << "Proxy-Authenticate:
Negotiate[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - << "Proxy-Authenticate:
Kerberos[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - << "Proxy-Authenticate:
NTLM[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - << "Connection:
close[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - << "Proxy-Connection:
close[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - << "Pragma:
no-cache[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - << "Cache-Control:
no-cache[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - << "Content-Type:
text/html[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] header - << "Content-Length:
724[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] ConnectMethod - CONNECT status code
407

2008/08/07 09:52:58:156 EDT [DEBUG] HttpMethodDirector - Authorization
required

2008/08/07 09:52:58:156 EDT [DEBUG] AuthChallengeProcessor - Supported
authentication schemes in the order of preference: [NTLM, Digest, Basic]

2008/08/07 09:52:58:156 EDT [INFO] AuthChallengeProcessor - NTLM
authentication scheme selected

2008/08/07 09:52:58:156 EDT [DEBUG] AuthChallengeProcessor - Using
authentication scheme: ntlm

2008/08/07 09:52:58:156 EDT [DEBUG] AuthChallengeProcessor -
Authorization challenge processed

2008/08/07 09:52:58:156 EDT [DEBUG] HttpMethodDirector - Proxy
authentication scope: NTLM <any realm>@ proxyHost: proxyPort

2008/08/07 09:52:58:156 EDT [DEBUG] HttpMethodDirector - Retry
authentication

2008/08/07 09:52:58:156 EDT [DEBUG] content - <<
"<HTML><HEAD><TITLE>Error Message</TITLE>[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] content - << "<META
http-equiv=Content-Type content="text/html;
charset=windows-1252">[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] content - << "<BODY>[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] content - << "<TABLE><TR><TD
id=L_dt_1><B>Network Access Message: The page cannot be
displayed<B></TR></TABLE>[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] content - << "<TABLE><TR><TD
height=15></TD></TR></TABLE>[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] content - << "<TABLE>[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] content - << "<TR><TD
id=L_dt_2>Technical Information (for Support personnel)[\r][\n]"

2008/08/07 09:52:58:156 EDT [DEBUG] content - << "<UL>[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] content - << "<LI id=L_dt_3>Error
Code: 407 Proxy Authentication Required. The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy filter is
denied. (12209)[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] content - << "<LI id=L_dt_4>IP
Address: proxyHost[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] content - << "<LI id=L_dt_5>Date:
8/7/2008 1:52:58 PM [GMT][\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] content - << "<LI id=L_dt_6>Server:
proxyServerName [\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] content - << "<LI id=L_dt_7>Source:
proxy[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] content - <<
"</UL></TD></TR></TABLE></BODY></HTML>[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] HttpMethodBase - Should close
connection in response to directive: close

2008/08/07 09:52:58:171 EDT [DEBUG] HttpConnection - Connection is
locked.  Call to releaseConnection() ignored.

2008/08/07 09:52:58:171 EDT [DEBUG] HttpConnection - Open connection to
proxyHost: proxyPort

2008/08/07 09:52:58:171 EDT [DEBUG] header - >> "CONNECT
remoteHost:remotePort HTTP/1.1"

2008/08/07 09:52:58:171 EDT [DEBUG] HttpMethodBase - Adding Host request
header

2008/08/07 09:52:58:171 EDT [DEBUG] header - >> "User-Agent: Jakarta
Commons-HttpClient/3.0.1[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - >> "Proxy-Connection:
Keep-Alive[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - >> "Host:
remoteServerName[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - >> "[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - << "HTTP/1.1 407 Proxy
Authentication Required ( The ISA Server requires authorization to
fulfill the request. Access to the Web Proxy filter is denied.
)[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - << "Via: 1.1
ACTUATESERVER[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - << "Proxy-Authenticate:
Negotiate[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - << "Proxy-Authenticate:
Kerberos[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - << "Proxy-Authenticate:
NTLM[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - << "Connection:
close[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - << "Proxy-Connection:
close[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - << "Pragma:
no-cache[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - << "Cache-Control:
no-cache[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - << "Content-Type:
text/html[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] header - << "Content-Length:
724[\r][\n]"

2008/08/07 09:52:58:171 EDT [DEBUG] ConnectMethod - CONNECT status code
407

2008/08/07 09:52:58:171 EDT [DEBUG] HttpMethodDirector - Authorization
required

2008/08/07 09:52:58:171 EDT [DEBUG] AuthChallengeProcessor - Using
authentication scheme: ntlm

2008/08/07 09:52:58:171 EDT [DEBUG] AuthChallengeProcessor -
Authorization challenge processed

2008/08/07 09:52:58:171 EDT [DEBUG] HttpMethodDirector - Proxy
authentication scope: NTLM <any realm>@ proxyHost: proxyPort

2008/08/07 09:52:58:171 EDT [DEBUG] HttpMethodDirector - Proxy
credentials required

2008/08/07 09:52:58:171 EDT [DEBUG] HttpMethodDirector - Proxy
credentials provider not available

2008/08/07 09:52:58:171 EDT [INFO] HttpMethodDirector - Failure
authenticating with NTLM <any realm>@ proxyHost: proxyPort

INFO:  2008-08-07 09:52:58,171 : The proxyclient.connect() response is
org.apache.commons.httpclient.ProxyClient$ConnectResponse@1f03691

2008/08/07 09:52:58:171 EDT [DEBUG] HttpMethodBase - Buffering response
body

ERROR:  2008-08-07 09:52:58,171 : ProxyClient Connect failed: Stream
closed 

java.io.IOException: Stream closed

            at java.io.BufferedInputStream.getBufIfOpen(Unknown Source)

            at java.io.BufferedInputStream.read(Unknown Source)

            at
org.apache.commons.httpclient.WireLogInputStream.read(WireLogInputStream
.java:68)

            at
org.apache.commons.httpclient.ContentLengthInputStream.read(ContentLengt
hInputStream.java:169)

            at java.io.FilterInputStream.read(Unknown Source)

            at
org.apache.commons.httpclient.AutoCloseInputStream.read(AutoCloseInputSt
ream.java:107)

            at java.io.FilterInputStream.read(Unknown Source)

            at
org.apache.commons.httpclient.AutoCloseInputStream.read(AutoCloseInputSt
ream.java:126)

            at
org.apache.commons.httpclient.HttpMethodBase.getResponseBody(HttpMethodB
ase.java:684)

            at
org.apache.commons.httpclient.HttpMethodBase.getResponseBodyAsString(Htt
pMethodBase.java:735)

 

 

I thank you in advance for the help.

 

 

 

Jiggy.


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message