hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Milind Kadam <kadam.mil...@gmail.com>
Subject Re: Issues accessing NTLM server using HTTPClient 4.1
Date Wed, 16 Nov 2011 18:35:30 GMT
Hi Srivatsan,
Don't whether this is helpful or not. The Web server has been setup on
Windows 2003 SP 2.
I was reading at http://oaklandsoftware.com/papers/ntlm.html and came
across following quote; is this true?
"As mentioned in the above KB article, the default configuration for
Windows Server 2003 is to require the use of NTLM V2 only.

If you are getting a HTTP 500 Response code, accompanied by the message: "-
2146893054 (0x80090302)" (which may manifest in a browser as "The function
requested is not supported" if 'friendly errors' is turned on at the
browser). this means that IIS is expecting an NTLM V2 authentication and
not getting it. Normally when NTLM authentication fails, you will get a 401
response, however this case appears to be handled differently by IIS. If
you are getting this response with a Java HTTP implementation, make sure
the implementation correctly supports NTLM V2."

Also I have attached my code; you need to modify for your URL, host and
domain.
Any help from you is appreciated as I am stuck on this problem for almost
two weeks now.
Thanks a lot.
Milind


On Wed, Nov 16, 2011 at 11:01 AM, Srivatsan <sathishsrivatsan@gmail.com>wrote:

>
> Milind - I am yet to try the option suggested by Oleg. However, got it
> working with the code given in the link -
> http://www.muneebahmad.com/index.php/archives/127
>
> Regards,
> Srivatsan
>
>
> mkjee wrote:
> >
> >
> > Hi Srivatsan,
> >
> > I have a similar issue where URL works fine via browser but fails from
> > JAVA client when web server is IIS with NTLM authentication. Did you find
> > any solution for this problem?
> >
> > Thanks in advance,
> > Milind
> >
> >
> >
> >
> > Srivatsan wrote:
> >>
> >> Have a similar issue. With the code below - authentication is
> >> unsuccessful when using the credentials of a local user. By local user,
> >> the domain name / realm is the host itself. However, authentication is
> >> successful with the same credentials when accessed from browser.
> >>
> >>                 DefaultHttpClient httpclient = new DefaultHttpClient();
> >>              List<String> authpref = new ArrayList<String>();
> >>              authpref.add(AuthPolicy.NTLM);
> >>
>  httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,
> >> authpref);
> >>              NTCredentials creds = new NTCredentials("uid", "pwd",
> "ip", "domain");
> >>
>  httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY,
> >> creds);
> >>              HttpHost target = new HttpHost(<IP>, 80, "http");
> >>              // Make sure the same context is used to execute logically
> related
> >> requests
> >>              HttpContext localContext = new BasicHttpContext();
> >>              // Execute a cheap method first. This will trigger NTLM
> authentication
> >>              HttpGet httpget = new HttpGet(<URL>);
> >>              HttpResponse response;
> >>              try {
> >>                      response = httpclient.execute(target, httpget,
> localContext);
> >>                      System.out.println("Status Code:" +
> >> response1.getStatusLine().getStatusCode());
> >>                      BufferedReader isr = new BufferedReader (new
> >> InputStreamReader(response.getEntity().getContent()));
> >>                      while (isr.readLine() != null) {
> >>                              System.out.println("Content is: ********"
> + isr.readLine());
> >>                      }
> >>                      HttpEntity entity = response1.getEntity();
> >>                      EntityUtils.consume(entity);
> >>              } catch (ClientProtocolException e) {
> >>                      // TODO Auto-generated catch block
> >>                      e.printStackTrace();
> >>              } catch (IOException e) {
> >>                      // TODO Auto-generated catch block
> >>                      e.printStackTrace();
> >>              }
> >>
> >> Added the HTTP wire log.
> >> http://old.nabble.com/file/p32819071/localuser-nabble.txt
> >> localuser-nabble.txt
> >>
> >> Any pointers, please?
> >>
> >> Thanks,
> >> Srivatsan
> >>
> >>
> >> olegk wrote:
> >>>
> >>> On Sun, 2011-04-17 at 20:03 +0530, Dilshan Edirisuriya wrote:
> >>>> Hi ,
> >>>>
> >>>> I have a web page that need to access with NTLM authentication on my
> >>>> local
> >>>> machine and i can see the expected behavior with Web browsers. But
> when
> >>>> I
> >>>> try to access same page using HTTPClient 4.1 I'm getting following
> >>>> exception.
> >>>>
> >>>>
> >>>> Apr 17, 2011 7:18:23 PM
> >>>> org.apache.http.client.protocol.RequestTargetAuthentication process
> >>>> SEVERE: Authentication error: Invalid name provided (Mechanism level:
> >>>> Could
> >>>> not load configuration file C:\Windows\krb5.ini (The system cannot
> find
> >>>> the
> >>>> file specified))
> >>>> Status :: HTTP/1.1 401 Unauthorized
> >>>>
> >>>>
> >>>
> >>> Dilshan
> >>>
> >>> HttpClient chooses SPNEGO/kerberos auth scheme over NTLM per default in
> >>> case the server supports both, as SPNEGO/kerberos is considered
> somewhat
> >>> more secure than NTLM.
> >>>
> >>> You can alter the order of preferred auth schemes by using
> >>> 'http.auth.target-scheme-pref' or 'http.auth.proxy-scheme-pref'
> >>> parameters:
> >>>
> >>>
> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#d4e869
> >>>
> >>> Just a general remark: when troubleshooting problems with HttpClient a
> >>> wire / context log of the HTTP session exhibiting the problem helps a
> >>> great deal.
> >>>
> >>> Oleg
> >>>
> >>>
> >>>> This is my sample code and it exactly same as example given in here
> >>>>
> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#ntlm
> >>>>
> >>>>   DefaultHttpClient httpclient = new DefaultHttpClient();
> >>>>
> >>>>   NTCredentials creds = new NTCredentials("user", "pwd",
> "machin-name",
> >>>> "machin-name");
> >>>>   httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY,
> >>>> creds);
> >>>>
> >>>>   Host target = new HttpHost("localhost", 9090, "http");
> >>>>   HttpContext localContext = new BasicHttpContext();
> >>>>
> >>>> // Execute a cheap method first. This will trigger NTLM authentication
> >>>>    HttpGet httpget = new HttpGet("/hello1");
> >>>>    HttpResponse response = httpclient.execute(target, httpget,
> >>>> localContext);
> >>>>    HttpEntity entity = response.getEntity();
> >>>>    System.out.println(" Status :: "+ response.getStatusLine());
> >>>>
> >>>>
> >>>> Further analyzing  i found   there is no 'Authorization:" header in
> >>>> outgoing
> >>>> messages where this header is available with browser access. Please
> >>>> note
> >>>> that I used same name/password/Domain for browser access too.
> >>>>
> >>>> Appreciate for any help to resolve this ?
> >>>>
> >>>> Thank you ,
> >>>>
> >>>> Dilshan
> >>>
> >>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>>
> >>>
> >>>
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://old.nabble.com/Issues-accessing-NTLM-server-using-HTTPClient-4.1-tp31417743p32855631.html
> Sent from the HttpClient-User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

Mime
View raw message