hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Ryan <brett.r...@gmail.com>
Subject Using basic auth produces warnings about NTLM and NEGOTIATE errors.
Date Tue, 11 Feb 2014 03:20:04 GMT
If a server supports NTLM and Kerberos authentication, but when setting up the client I only
provide basic credentials I get a log for each of the NTLM and NEGOTIATE authentication schemes.

Taking the example from : https://hc.apache.org/httpcomponents-client-4.3.x/httpclient/examples/org/apache/http/examples/client/ClientAuthentication.java

    CredentialsProvider credsProvider = new BasicCredentialsProvider();
            new AuthScope(null, -1),
            new UsernamePasswordCredentials(restUser, restPass));
    CloseableHttpClient client = HttpClients.custom()

Use of the above client will produce the following warnings, though requests succeed fine
through basic authentication:

    WARN  o.a.http.impl.auth.HttpAuthenticator - NEGOTIATE authentication error: Invalid name
provided (Mechanism level: KrbException: Cannot locate default realm)
    WARN  o.a.http.impl.auth.HttpAuthenticator - NTLM authentication error: Credentials cannot
be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials

So I figured after searching through the builder method that I'd supply  an auth provider
with only basic support:

    Lookup<AuthSchemeProvider> authProviders = RegistryBuilder.<AuthSchemeProvider>create()
            .register(AuthSchemes.BASIC, new BasicSchemeFactory())
    CloseableHttpClient client = HttpClients.custom()

But now I get a different warning about the scheme's no longer being enabled.

    WARN  o.a.h.i.c.TargetAuthenticationStrategy - Authentication scheme negotiate not supported
    WARN  o.a.h.i.c.TargetAuthenticationStrategy - Authentication scheme NTLM not supported

How do I simply get rid of these warnings and only get the client to use the basic scheme
that I've configured?
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message