hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From RajK <raj.for.le...@gmail.com>
Subject Re: redirect fails when NTLM authentication is used for proxy
Date Fri, 26 Jun 2009 11:36:14 GMT

Hi Oleg,
I have downloaded the source file and try to compile it, 
it gave errors as it was not able to locate the files such as
files in org.apache.http.params.
https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/

Neither jar files also has these references.

Am I missing anything, is that the right link?
Thanks,
Raj


olegk wrote:
> 
> On Mon, Jun 22, 2009 at 09:35:58PM -0700, RajK wrote:
>> 
>> HI Oleg,
>>    Thanks for the reply, here is the wire logs, 
>> 
>> [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]"
>> [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
>> [DEBUG] header - >> "Host: verisign.com[\r][\n]"
>> [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
>> [DEBUG] header - >> "[\r][\n]"
>> [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA
>> Server requires authorization to fulfill the request. Access to the Web
>> Proxy filter is denied.  )[\r][\n]"
>> [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA
>> Server requires authorization to fulfill the request. Access to the Web
>> Proxy filter is denied.  )[\r][\n]"
>> [DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
>> [DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]"
>> [DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]"
>> [DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]"
>> [DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]"
>> [DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
>> [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
>> [DEBUG] header - << "Pragma: no-cache[\r][\n]"
>> [DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
>> [DEBUG] header - << "Content-Type: text/html[\r][\n]"
>> [DEBUG] header - << "Content-Length: 4106  [\r][\n]"
>> [DEBUG] header - << "[\r][\n]"
>> [INFO] AuthChallengeProcessor - ntlm authentication scheme selected
>> [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]"
>> [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
>> [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
>> [DEBUG] header - >> "Proxy-Authorization: NTLM
>> TlRMTVNTUAABAAAABlIAAA0ADQAiAAAAAgACACAAAABOVDE3Mi4yNi4yMzAuODY=[\r][\n]"
>> [DEBUG] header - >> "Host: verisign.com[\r][\n]"
>> [DEBUG] header - >> "[\r][\n]"
>> [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access
>> is
>> denied.  )[\r][\n]"
>> [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access
>> is
>> denied.  )[\r][\n]"
>> [DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
>> [DEBUG] header - << "Proxy-Authenticate: NTLM
>> TlRMTVNTUAACAAAACQAJADgAAAAGAoECE6EfrShmucQAAAAAAAAAAJ4AngBBAAAABQLODgAAAA9DSElMRElCQUMCABIAQwBIAEkATABEAEkAQgBBAEMAAQAYAFMAVQBOAEkATABOAEsALQBMAEEAQgAxAAQAKABjAGgAaQBsAGQALgBpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAwAYAHMAdQBuAGkAbABuAGsALQBsAGEAYgAxAAUAHABpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAAAAAA==[\r][\n]"
>> [DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
>> [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
>> [DEBUG] header - << "Pragma: no-cache[\r][\n]"
>> [DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
>> [DEBUG] header - << "Content-Type: text/html[\r][\n]"
>> [DEBUG] header - << "Content-Length: 0     [\r][\n]"
>> [DEBUG] header - << "[\r][\n]"
>> [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]"
>> [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
>> [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
>> [DEBUG] header - >> "Proxy-Authorization: NTLM
>> TlRMTVNTUAADAAAAGAAYAFwAAAAAAAAAdAAAAA0ADQBAAAAADQANAE0AAAACAAIAWgAAAAAAAAB0AAAABlIAADE3Mi4yNi4yMzAuODZBRE1JTklTVFJBVE9STlTpGOVYkkr+LQRybRsJCgxl2lYVu2N/vb8=[\r][\n]"
>> [DEBUG] header - >> "Host: verisign.com[\r][\n]"
>> [DEBUG] header - >> "[\r][\n]"
>> [DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]"
>> [DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]"
>> [DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
>> [DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
>> [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
>> [DEBUG] header - << "Content-length: 0[\r][\n]"
>> [DEBUG] header - << "Date: Tue, 23 Jun 2009 04:19:48 GMT[\r][\n]"
>> [DEBUG] header - << "Location: http://www.verisign.com/[\r][\n]"
>> [DEBUG] header - << "Content-type: text/html[\r][\n]"
>> [DEBUG] header - << "Server: Netscape-Enterprise/4.1[\r][\n]"
>> [DEBUG] header - << "[\r][\n]"
>> [DEBUG] header - >> "GET http://www.verisign.com/ HTTP/1.1[\r][\n]"
>> [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
>> [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
>> [DEBUG] header - >> "Host: www.verisign.com[\r][\n]"
>> [DEBUG] header - >> "[\r][\n]"
>> [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA
>> Server requires authorization to fulfill the request. Access to the Web
>> Proxy filter is denied.  )[\r][\n]"
>> [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA
>> Server requires authorization to fulfill the request. Access to the Web
>> Proxy filter is denied.  )[\r][\n]"
>> [DEBUG] header - << "Via: 1.1 lab1[\r][\n]"
>> [DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]"
>> [DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]"
>> [DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]"
>> [DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]"
>> [DEBUG] header - << "Connection: Keep-Alive[\r][\n]"
>> [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]"
>> [DEBUG] header - << "Pragma: no-cache[\r][\n]"
>> [DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
>> [DEBUG] header - << "Content-Type: text/html[\r][\n]"
>> [DEBUG] header - << "Content-Length: 4106  [\r][\n]"
>> [DEBUG] header - << "[\r][\n]"
>> [INFO] HttpMethodDirector - Failure authenticating with NTLM <any
>> realm>@172.16.100.16:8080
>> 
>> When I tried the with the code changes as
>> In processRedirectResponse {
>>         method.getHostAuthState().invalidate();
>>         I added the below line, 
>>         method.getProxyAuthState().invalidate();
>>        }
>>        This works
>> Thanks,
>> RajK
>> 
> 
> This appears to be a bug in HttpClient 3.1. Would it be a big deal for you
> to test the same request with the latest HttpClient 4.0 snapshot?
> 
> https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/
> 
> Also, feel free to open an issue in JIRA for this bug
> 
> https://issues.apache.org/jira/browse/HTTPCLIENT
> 
> Oleg
> 
> 
> 
>> 
>> olegk wrote:
>> > 
>> > On Thu, Jun 04, 2009 at 03:41:53AM -0700, RajK wrote:
>> >> 
>> >> HI all,
>> >>     During redirect time, the auth has to be cleared as the below
>> issues
>> >> says, 
>> >> http://issues.apache.org/jira/browse/HTTPCLIENT-211
>> >> but, it does it only for the hosts NTLM authentication,
>> >> But, when we have NTLM at proxy, redirect fails.
>> >> 
>> >> Should we have it cleared for proxy also, right? please let me know
>> >> otherwise, please let me know.
>> >> 
>> >> Thanks,
>> >> Raj
>> >> 
>> >> 
>> > 
>> > Post wire / context log
>> > 
>> > Oleg
>> > 
>> > 
>> >> 
>> >> -- 
>> >> View this message in context:
>> >>
>> http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p23867531.html
>> >> Sent from the HttpClient-User mailing list archive at Nabble.com.
>> >> 
>> >> 
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> >> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>> >> 
>> > 
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
>> > 
>> > 
>> > 
>> 
>> -- 
>> View this message in context:
>> http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p24158833.html
>> Sent from the HttpClient-User mailing list archive at Nabble.com.
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p24218716.html
Sent from the HttpClient-User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message