hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Vestergaard <CGET...@telenor.dk>
Subject NTLM proxy authentication
Date Tue, 20 Mar 2012 12:35:01 GMT
Hello,

I am having a problem with getting HttpClient to send requests through a proxy demanding NTLM
authentication, which I understand should be possible.

My code for trying to accomplish this:
Credentials credentials;
try {
           credentials = new NTCredentials(proxyUsername, proxyPassword, InetAddress.getLocalHost().getHostName(),
proxyDomain);
} catch (Exception e) {
           throw new SessionException("Unable to create NTLM credentials for proxy authentication",
e);
}
client.getCredentialsProvider().setCredentials(new AuthScope(proxyHostname, proxyPort), credentials);

HttpHost proxyHost = new HttpHost(proxyHostname, proxyPort);
client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxyHost);

AuthScheme proxyAuthScheme = new NTLMSchemeFactory().newInstance(client.getParams());
authCache.put(proxyHost, proxyAuthScheme);

But I am apparently missing something, since it does not work.

The authCache is later added to the context used in the execute call. Without this, I get
an error about missing an ini-file - looks like an attempt to use Kerberos.
The full log of the interaction is pasted below. As can also be seen in the log, I am using
HttpClient v. 4.1.3.

 Best regards,
Telenor

Thomas Vestergaard
Ekstern konsulent
Technology
Frederikskaj, DK-1780. KĂžbenhavn V
Tel: +45 52 18 92 18  // e-mail: cgethve@telenor.dk<mailto:cgethve@telenor.dk>
Web: http://www.telenor.dk<http://www.telenor.dk/>

DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Get connection for route HttpRoute[{}->http://tmgproxy.telenor.dk:8080->http://hc.apache.org:80]
DEBUG [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.client.protocol.RequestAuthCache] Re-using cached 'ntlm' auth scheme
for http://tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 1 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html
HTTP/1.1
DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html
HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407
Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request.
Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront
TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.
 )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
DEBUG [org.apache.http.headers] << Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 3670
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 2 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html
HTTP/1.1
DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html
HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM TlRMTVNTUAABAAAANQIIIAwADAA8AAAAHAAcACAAAABYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQAUwBPAE4ARgBPAE4A
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407
Proxy Authentication Required ( Access is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Access
is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAFgAWADgAAAA1Aoki1+rF8hsocI8AAAAAAAAAALQAtABOAAAABgGxHQAAAA9TAE8ATgBPAEYATwBOAC4ARABPAE0AAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAA
DEBUG [org.apache.http.headers] << Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 0
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 3 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html
HTTP/1.1
DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html
HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAADgAOAAWAAAAAwADAA4AQAADgAOAEQBAAAcABwAUgEAAAAAAABuAQAANQIIILz16v88ObGIAyJRwplRA1RHf5V7zloNVnfwJnYZbsCj/uvqTyxBJbgBAQAAAAAAADDtlQ+VBs0BR3+Ve85aDVYAAAAAAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAAUwBPAE4ARgBPAE4AYwBnAGUAdABoAHYAZQBYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQA
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407
Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request.
Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront
TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.
 )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
DEBUG [org.apache.http.headers] << Connection: close
DEBUG [org.apache.http.headers] << Proxy-Connection: close
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 3670
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication failed
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Releasing connection org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@a9ae05
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Released connection open but not
reusable.
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection shut down

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message