hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tobias Woerenkaemper <tobias.woerenkaem...@bayer.com>
Subject AW: Request loses authorization header when redirected by proxy
Date Tue, 03 Dec 2013 16:06:15 GMT
Oleg,

here you go:

#############
2013-12-03 14:15:18,937 DEBUG [.http.impl.conn.PoolingHttpClientConnectionManager] - Connection
request: [route: {}->proxyurl->targeturl][total kept alive: 0; route allocated: 0 of
2; total allocated: 0 of 20]
2013-12-03 14:15:18,949 DEBUG [.http.impl.conn.PoolingHttpClientConnectionManager] - Connection
leased: [id: 0][route: {}->proxyurl->targeturl][total kept alive: 0; route allocated:
1 of 2; total allocated: 1 of 20]
2013-12-03 14:15:18,953 DEBUG [org.apache.http.impl.execchain.MainClientExec     ] - Opening
connection {}->proxyurl->targeturl
2013-12-03 14:15:18,955 DEBUG [org.apache.http.conn.HttpClientConnectionManager  ] - Connecting
to proxyurl/ip:8080
2013-12-03 14:15:18,958 DEBUG [org.apache.http.impl.execchain.MainClientExec     ] - Executing
request GET targeturl HTTP/1.1
2013-12-03 14:15:18,958 DEBUG [org.apache.http.impl.execchain.MainClientExec     ] - Proxy
auth state: UNCHALLENGED
2013-12-03 14:15:18,960 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> GET targeturl HTTP/1.1
2013-12-03 14:15:18,960 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> Host: targethost
2013-12-03 14:15:18,960 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> Accept: application/json
2013-12-03 14:15:18,960 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> Authorization: <authorization>
2013-12-03 14:15:18,960 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> Proxy-Connection: Keep-Alive
2013-12-03 14:15:18,960 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> User-Agent: Apache-HttpClient/4.3.1 (java 1.5)
2013-12-03 14:15:18,960 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> Accept-Encoding: gzip,deflate
2013-12-03 14:15:18,960 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "GET targeturl HTTP/1.1[\r][\n]"
2013-12-03 14:15:18,960 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "Host: targethost[\r][\n]"
2013-12-03 14:15:18,960 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "Accept: application/json[\r][\n]"
2013-12-03 14:15:18,960 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "Authorization: <authorization>[\r][\n]"
2013-12-03 14:15:18,960 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "Proxy-Connection: Keep-Alive[\r][\n]"
2013-12-03 14:15:18,960 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "User-Agent: Apache-HttpClient/4.3.1 (java 1.5)[\r][\n]"
2013-12-03 14:15:18,960 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "Accept-Encoding: gzip,deflate[\r][\n]"
2013-12-03 14:15:18,960 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "[\r][\n]"
2013-12-03 14:15:18,991 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "HTTP/1.1 407 authenticationrequired[\r][\n]"
2013-12-03 14:15:18,991 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "Content-Type: text/html[\r][\n]"
2013-12-03 14:15:18,991 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "Cache-Control: no-cache[\r][\n]"
2013-12-03 14:15:18,991 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "Content-Length: 5920[\r][\n]"
2013-12-03 14:15:18,991 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "Proxy-Connection: Keep-Alive[\r][\n]"
2013-12-03 14:15:18,991 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "Proxy-Authenticate: NTLM[\r][\n]"
2013-12-03 14:15:18,991 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "Proxy-Authenticate: Basic realm="proxyrealm"[\r][\n]"
2013-12-03 14:15:18,991 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "[\r][\n]"
2013-12-03 14:15:18,992 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[\n]"
2013-12-03 14:15:18,992 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "[ ... some proxy content ... ]"
2013-12-03 14:15:18,999 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
<< HTTP/1.1 407 authenticationrequired
2013-12-03 14:15:18,999 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
<< Content-Type: text/html
2013-12-03 14:15:18,999 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
<< Cache-Control: no-cache
2013-12-03 14:15:18,999 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
<< Content-Length: 5920
2013-12-03 14:15:18,999 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
<< Proxy-Connection: Keep-Alive
2013-12-03 14:15:18,999 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
<< Proxy-Authenticate: NTLM
2013-12-03 14:15:19,000 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
<< Proxy-Authenticate: Basic realm="proxyrealm"
2013-12-03 14:15:19,002 DEBUG [org.apache.http.impl.execchain.MainClientExec     ] - Connection
can be kept alive indefinitely
2013-12-03 14:15:19,002 DEBUG [org.apache.http.impl.auth.HttpAuthenticator       ] - Authentication
required
2013-12-03 14:15:19,002 DEBUG [org.apache.http.impl.auth.HttpAuthenticator       ] - proxyurl:8080
requested authentication
2013-12-03 14:15:19,002 DEBUG [pache.http.impl.client.ProxyAuthenticationStrategy] - Authentication
schemes in the order of preference: [negotiate, Kerberos, NTLM, Digest, Basic]
2013-12-03 14:15:19,002 DEBUG [pache.http.impl.client.ProxyAuthenticationStrategy] - Challenge
for negotiate authentication scheme not available
2013-12-03 14:15:19,002 DEBUG [pache.http.impl.client.ProxyAuthenticationStrategy] - Challenge
for Kerberos authentication scheme not available
2013-12-03 14:15:19,002 WARN  [pache.http.impl.client.ProxyAuthenticationStrategy] - Authentication
scheme NTLM not supported
2013-12-03 14:15:19,002 DEBUG [pache.http.impl.client.ProxyAuthenticationStrategy] - Challenge
for Digest authentication scheme not available
2013-12-03 14:15:19,005 DEBUG [org.apache.http.impl.auth.HttpAuthenticator       ] - Selected
authentication options: [BASIC]
2013-12-03 14:15:19,006 DEBUG [org.apache.http.impl.execchain.MainClientExec     ] - Executing
request GET targeturl HTTP/1.1
2013-12-03 14:15:19,006 DEBUG [org.apache.http.impl.execchain.MainClientExec     ] - Target
auth state: UNCHALLENGED
2013-12-03 14:15:19,006 DEBUG [org.apache.http.impl.execchain.MainClientExec     ] - Proxy
auth state: CHALLENGED
2013-12-03 14:15:19,006 DEBUG [org.apache.http.impl.auth.HttpAuthenticator       ] - Generating
response to an authentication challenge using basic scheme
2013-12-03 14:15:19,007 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> GET targeturl HTTP/1.1
2013-12-03 14:15:19,007 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> Host: targethost
2013-12-03 14:15:19,007 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> Accept: application/json
2013-12-03 14:15:19,007 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> Proxy-Connection: Keep-Alive
2013-12-03 14:15:19,007 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> User-Agent: Apache-HttpClient/4.3.1 (java 1.5)
2013-12-03 14:15:19,007 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> Accept-Encoding: gzip,deflate
2013-12-03 14:15:19,007 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
>> Proxy-Authorization: Basic *********
2013-12-03 14:15:19,007 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "GET targeturl HTTP/1.1[\r][\n]"
2013-12-03 14:15:19,007 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "Host: targethost[\r][\n]"
2013-12-03 14:15:19,007 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "Accept: application/json[\r][\n]"
2013-12-03 14:15:19,007 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "Proxy-Connection: Keep-Alive[\r][\n]"
2013-12-03 14:15:19,007 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "User-Agent: Apache-HttpClient/4.3.1 (java 1.5)[\r][\n]"
2013-12-03 14:15:19,007 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "Accept-Encoding: gzip,deflate[\r][\n]"
2013-12-03 14:15:19,007 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "Proxy-Authorization: Basic *********[\r][\n]"
2013-12-03 14:15:19,007 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
>> "[\r][\n]"
2013-12-03 14:15:19,334 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "HTTP/1.1 401 Unauthorized[\r][\n]"
2013-12-03 14:15:19,334 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "Date: Tue, 03 Dec 2013 13:15:18 GMT[\r][\n]"
2013-12-03 14:15:19,334 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "Datacenter: IAD1[\r][\n]"
2013-12-03 14:15:19,334 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "Content-Type: text/html;charset=utf-8[\r][\n]"
2013-12-03 14:15:19,334 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "Content-Length: 1038[\r][\n]"
2013-12-03 14:15:19,334 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "Proxy-Connection: Keep-Alive[\r][\n]"
2013-12-03 14:15:19,334 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "[\r][\n]"
2013-12-03 14:15:19,334 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
<< HTTP/1.1 401 Unauthorized
2013-12-03 14:15:19,334 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
<< Date: Tue, 03 Dec 2013 13:15:18 GMT
2013-12-03 14:15:19,334 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
<< Datacenter: IAD1
2013-12-03 14:15:19,334 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
<< Content-Type: text/html;charset=utf-8
2013-12-03 14:15:19,335 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
<< Content-Length: 1038
2013-12-03 14:15:19,335 DEBUG [org.apache.http.headers                           ] - http-outgoing-0
<< Proxy-Connection: Keep-Alive
2013-12-03 14:15:19,335 DEBUG [org.apache.http.impl.execchain.MainClientExec     ] - Connection
can be kept alive indefinitely
2013-12-03 14:15:19,335 DEBUG [org.apache.http.impl.auth.HttpAuthenticator       ] - Authentication
required
2013-12-03 14:15:19,335 DEBUG [org.apache.http.impl.auth.HttpAuthenticator       ] - targethost:80
requested authentication
2013-12-03 14:15:19,335 DEBUG [org.apache.http.impl.auth.HttpAuthenticator       ] - Response
contains no authentication challenges
2013-12-03 14:15:19,341 DEBUG [org.apache.http.wire                              ] - http-outgoing-0
<< "[ some target error output ]"
2013-12-03 14:15:19,341 DEBUG [.http.impl.conn.PoolingHttpClientConnectionManager] - Connection
[id: 0][route: {}->proxyurl->targeturl] can be kept alive indefinitely
2013-12-03 14:15:19,341 DEBUG [.http.impl.conn.PoolingHttpClientConnectionManager] - Connection
released: [id: 0][route: {}->proxyurl->targeturl][total kept alive: 1; route allocated:
1 of 2; total allocated: 1 of 20]
#######################



Tobias



-----Urspr√ľngliche Nachricht-----
Von: Oleg Kalnichevski [mailto:olegk@apache.org] 
Gesendet: Dienstag, 3. Dezember 2013 16:56
An: HttpClient User Discussion
Betreff: Re: Request loses authorization header when redirected by proxy

On Tue, 2013-12-03 at 15:51 +0000, Tobias Woerenkaemper wrote:
> Hi Oleg,
> 
> I am using httpclient 4.3.1 and configured my http client like this:
> 
>     HttpHost tmpProxy = new HttpHost("proxyhost", Integer.parseInt(####));
>     AuthScope tmpAuthScope = new AuthScope(tmpProxy);
>     BasicCredentialsProvider tmpCredentialsProvider = new BasicCredentialsProvider();
>     Credentials tmpCredentials = new UsernamePasswordCredentials("username", "****");
>     tmpCredentialsProvider.setCredentials(tmpAuthScope, tmpCredentials);
> 
>     RequestConfig tmpRequestConfig = RequestConfig.custom()
>       .setConnectTimeout(4000)
>       .setProxyPreferredAuthSchemes(Arrays.asList(AuthSchemes.BASIC))
>       .setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.BASIC))
>       .build();
> 
>     HttpClient tmpClient = HttpClients.custom()
>       .setDefaultRequestConfig(tmpRequestConfig)
>       .setProxy(tmpProxy)
>       .setDefaultCredentialsProvider(tmpCredentialsProvider)
>       .setTargetAuthenticationStrategy(new SummonAuthenticationStrategy())
>       .build();
> 
> Now I am sending an http request with an Authorization/Authentication header since the
request target needs basic authentication as well:
> 
>     HttpGet tmpGetRequest = new HttpGet("target url");
>     tmpGetRequest.addHeader("Authorization", ".....");
> 
> While being routed through the proxy the (2nd) request seems to lose this authentication
header and hence I am getting a 401 by the target server.
> 
> Best Regards
> Tobias


Tobias,

Could you please post a wire / context log (obfuscated if necessary) of
the session?

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

Mime
View raw message