hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henrich Kraemer <henrich.krae...@us.ibm.com>
Subject Preemptive authentication throws IllegalStateException using ISA proxy server
Date Tue, 07 Oct 2008 18:00:06 GMT

We have been using HttpClient 3.0 release for a few years now. We recently
switched on preemptive authentication:
   fHttpClient.getParams().setAuthenticationPreemptive(true);

My best guess is that this causes an issue when attempting to connect via a
proxy requiring authentication. The proxy is an ISA proxy server requiring
NTLM authentication.
Connecting using the same proxy has worked previously (as I confirmed
looking into logs).

I cannot reproduce this with a non NTLM proxy.  The application works with
other proxies requiring authentication.

Below is a  log, but I changed the proxy server name to hostname.domain.com
(it had same structure).
An IllegalStateException: Authentication state already initialized is
thrown from AuthState.setPreemptive after the user provides the proxy
credentials (see entry 97)

Is this a known issue?

Thanks,

Henrich

...
18    DEBUG 00:10.40    Set parameter http.useragent = Jakarta
Commons-HttpClient/3.0
19    DEBUG 00:10.40    Set parameter http.protocol.version = HTTP/1.1
20    DEBUG 00:10.40    Set parameter http.connection-manager.class = class
org.apache.commons.httpclient.SimpleHttpConnectionManager
21    DEBUG 00:10.40    Set parameter http.protocol.cookie-policy = rfc2109
22    DEBUG 00:10.40    Set parameter http.protocol.element-charset =
US-ASCII
23    DEBUG 00:10.40    Set parameter http.protocol.content-charset =
ISO-8859-1
24    DEBUG 00:10.41    Set parameter http.method.retry-handler =
org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@69386938
25    DEBUG 00:10.41    Set parameter http.dateparser.patterns = [EEE, dd
MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss
yyyy,

EEE, dd-MMM-yyyy HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy
HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE

dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z,
EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy

HH:mm:ss z]
26    DEBUG 00:10.41    Java version: 1.5.0
27    DEBUG 00:10.41    Java vendor: IBM Corporation
28    DEBUG 00:10.41    Java class path: C:\RATIONAL\InstallMgr\eclipse
\plugins\org.eclipse.equinox.launcher_1.0.100.v20080303.jar
29    DEBUG 00:10.41    Operating system name: Windows XP
30    DEBUG 00:10.41    Operating system architecture: x86
31    DEBUG 00:10.41    Operating system version: 5.1 build 2600 Service
Pack 2
32    DEBUG 00:10.49    IBMJSSE2 1.5: IBM JSSE provider2 (implements
IbmX509 key/trust factories, SSLv3, TLSv1)
33    DEBUG 00:10.49    IBMJCE 1.2: IBMJCE Provider implements the
following: HMAC-SHA1, MD2, MD5, MARS, SHA, MD2withRSA, MD5withRSA,
SHA1withRSA, RSA,

SHA1withDSA, RC2, RC4, Seal)implements the following:
Signature algorithms               : SHA1withDSA, SHA1withRSA, MD5withRSA,
MD2withRSA,
                                       SHA2withRSA, SHA3withRSA,
SHA5withRSA
Cipher algorithms                  : Blowfish, AES, DES, TripleDES,
PBEWithMD2AndDES,
                                       PBEWithMD2AndTripleDES,
PBEWithMD2AndRC2,
                                       PBEWithMD5AndDES,
PBEWithMD5AndTripleDES,
                                       PBEWithMD5AndRC2, PBEWithSHA1AndDES
                                       PBEWithSHA1AndTripleDES,
PBEWithSHA1AndRC2
                                       PBEWithSHAAnd40BitRC2,
PBEWithSHAAnd128BitRC2
                                       PBEWithSHAAnd40BitRC4,
PBEWithSHAAnd128BitRC4
                                       PBEWithSHAAnd2KeyTripleDES,
PBEWithSHAAnd3KeyTripleDES
                                       Mars, RC2, RC4, ARCFOUR
                                       RSA, Seal
Message authentication code (MAC)  : HmacSHA1, HmacSHA256, HmacSHA384,
HmacSHA512, HmacMD2, HmacMD5
Key agreement algorithm            : DiffieHellman
Key (pair) generator               : Blowfish, DiffieHellman, DSA, AES,
DES, TripleDES, HmacMD5,
                                       HmacSHA1, Mars, RC2, RC4, RSA, Seal,
ARCFOUR
Message digest                     : MD2, MD5, SHA-1, SHA-256, SHA-384,
SHA-512
Algorithm parameter generator      : DiffieHellman, DSA
Algorithm parameter                : Blowfish, DiffieHellman, AES, DES,
TripleDES, DSA, Mars,
                                       PBEwithMD5AndDES, RC2
Key factory                        : DiffieHellman, DSA, RSA
Secret key factory                 : Blowfish, AES, DES, TripleDES, Mars,
RC2, RC4, Seal, ARCFOUR
                                       PKCS5Key, PBKDF1 and PBKDF2
(PKCS5Derived Key).
Certificate                        : X.509
Secure random                      : IBMSecureRandom
Key store                          : JCEKS, PKCS12KS (PKCS12), JKS
34    DEBUG 00:10.49    IBMJGSSProvider 1.5: IBMJGSSProvider supports
Kerberos V5 Mechanism
35    DEBUG 00:10.49    IBMCertPath 1.1: IBMCertPath Provider implements
the following:
CertificateFactory                : X.509
CertPathValidator              : PKIX
CertStore                      : Collection, LDAP
CertPathBuilder                : PKIX
36    DEBUG 00:10.49    IBMSASL 1.5: IBM SASL provider(implements client
mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5; server
mechanisms

for: DIGEST-MD5, GSSAPI, CRAM-MD5)
37    DEBUG 00:10.49    Set parameter
http.authentication.credential-provider =
com.ibm.cic.common.transports.httpclient.HttpCredentialsProvider@71267126
38    DEBUG 00:10.49    Set parameter http.connection-manager.timeout =
30000
39    DEBUG 00:10.49    Set parameter http.socket.timeout = 30000
40    DEBUG 00:10.51    Set parameter http.authentication.preemptive = true
41    DEBUG 00:10.51    Set parameter http.tcp.nodelay = true
42    DEBUG 00:10.51    Set parameter http.connection-manager.max-per-host
= {HostConfiguration[]=4}
43    DEBUG 00:10.51    Set parameter http.connection-manager.max-total =
20
...
45    DEBUG 00:10.51    enter download
(download:https://www.ibm.com/software/rational/repositorymanager/site/repository.xml
 to 'C:\DOCUME~1\spnbs\LOCALS~1

\Temp\cicdip_spnbs\1223322774142\nf\cicURLLrepository.xml26203xml'
expectedSize='UNKNOWN'
...
48    DEBUG 00:10.54    Set parameter http.method.retry-handler =
com.ibm.cic.common.transports.httpclient.HttpClientDownloadHandler
$MethodRetryHandler@75687568
49    DEBUG 00:10.54    HttpConnectionManager.getConnection:  config =
HostConfiguration[host=https://www.ibm.com,
proxyHost=http://hostname.domain.com:8080],

timeout = 30000
50    DEBUG 00:10.54    Allocating new connection,
hostConfig=HostConfiguration[host=https://www.ibm.com,
proxyHost=http://hostname.domain.com:8080]
51    DEBUG 00:10.54    Preemptively sending default basic credentials
52    DEBUG 00:10.55    Authenticating with BASIC <any
realm>@www.ibm.com:443
53    WARNING     00:10.55    Required credentials not available for BASIC
<any realm>@www.ibm.com:443
54    WARNING     00:10.55    Preemptive authentication requested but no
default credentials available
55    DEBUG 00:10.55    Open connection to hostname.domain.com:8080
56    DEBUG 00:10.57    Preemptively sending default basic credentials
57    DEBUG 00:10.57    Authenticating with BASIC <any
realm>@hostname.domain.com:8080
58    WARNING     00:10.57    Required proxy credentials not available for
BASIC <any realm>@hostname.domain.com:8080
59    WARNING     00:10.57    Preemptive authentication requested but no
default proxy credentials available
60    DEBUG 00:10.57    >> "CONNECT www.ibm.com:443 HTTP/1.1"
61    DEBUG 00:10.57    Adding Host request header
62    DEBUG 00:10.57    >> "User-Agent: Jakarta Commons-HttpClient/3.0
[\r][\n]"
63    DEBUG 00:10.59    >> "Host: www.ibm.com[\r][\n]"
64    DEBUG 00:10.59    >> "Proxy-Connection: Keep-Alive[\r][\n]"
65    DEBUG 00:10.59    >> "[\r][\n]"
66    DEBUG 00:10.59    << "HTTP/1.1 407 Proxy Authentication Required
( The ISA Server requires authorization to fulfill the request. Access to
the Web Proxy service is

denied.  )[\r][\n]"
67    DEBUG 00:10.59    << "Via: 1.1 HOSTNAME [\r][\n]"
68    DEBUG 00:10.59    << "Proxy-Authenticate: NTLM[\r][\n]"
69    DEBUG 00:10.59    << "Proxy-Authenticate: Basic
realm="hostname.domain.com"[\r][\n]"
70    DEBUG 00:10.59    << "Proxy-Authenticate: Kerberos[\r][\n]"
71    DEBUG 00:10.59    << "Proxy-Authenticate: Negotiate[\r][\n]"
72    DEBUG 00:10.59    << "Connection: close[\r][\n]"
73    DEBUG 00:10.59    << "Proxy-Connection: close[\r][\n]"
74    DEBUG 00:10.59    << "Pragma: no-cache[\r][\n]"
75    DEBUG 00:10.59    << "Cache-Control: no-cache[\r][\n]"
76    DEBUG 00:10.59    << "Content-Type: text/html[\r][\n]"
77    DEBUG 00:10.59    << "Content-Length: 2367[\r][\n]"
78    DEBUG 00:10.60    CONNECT status code 407
79    DEBUG 00:10.60    Supported authentication schemes in the order of
preference: [ntlm, digest, basic]
80    INFO  00:10.60    ntlm authentication scheme selected
81    DEBUG 00:10.60    Using authentication scheme: ntlm
82    DEBUG 00:10.60    Authorization challenge processed
83    DEBUG 00:10.60    Proxy authentication scope: NTLM <any
realm>@hostname.domain.com:8080
84    DEBUG 00:10.60    Proxy credentials required
85    DEBUG 00:10.62    HttpClientNonProxyAuthenticator: no persisted
credentials stored for scheme=NTLM realm= host=hostname.domain.com
port=8080 proxy=true
86    DEBUG 00:22.30    NTLM <any realm>@hostname.domain.com:8080 new
credentials given
87    DEBUG 00:22.30    Should close connection in response to directive:
close
88    DEBUG 00:22.32    Open connection to hostname.domain.com:8080
89    DEBUG 00:22.32    Preemptively sending default basic credentials
90    DEBUG 00:22.32    Releasing connection back to connection manager.
91    DEBUG 00:22.32    Freeing connection, hostConfig=HostConfiguration
[host=https://www.ibm.com, proxyHost=http://hostname.domain.com:8080]
92    DEBUG 00:22.32    Adding connection at: 1223322786123
93    DEBUG 00:22.32    Notifying no-one, there are no waiting threads
...
97    ERROR 00:22.32    Unexpected exception

<exception>  java.lang.IllegalStateException: Authentication state already
initialized
<stack>org.apache.commons.httpclient.auth.AuthState.setPreemptive
(AuthState.java:119)</stack>
<stack>org.apache.commons.httpclient.HttpMethodDirector.executeConnect
(HttpMethodDirector.java:486)</stack>
<stack>org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry
(HttpMethodDirector.java:390)</stack>
<stack>org.apache.commons.httpclient.HttpMethodDirector.executeMethod
(HttpMethodDirector.java:170)</stack>
<stack>org.apache.commons.httpclient.HttpClient.executeMethod
(HttpClient.java:396)</stack>
<stack>org.apache.commons.httpclient.HttpClient.executeMethod
(HttpClient.java:324)</stack>
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message