hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Ryan <brett.r...@gmail.com>
Subject Re: Using basic auth produces warnings about NTLM and NEGOTIATE errors.
Date Wed, 12 Feb 2014 00:05:31 GMT
Any other way to prevent it? I've also tried setting
the proxyPreferredAuthSchemes property with no change.


On 12 February 2014 02:44, Oleg Kalnichevski <olegk@apache.org> wrote:

> On Wed, 2014-02-12 at 02:21 +1100, Brett Ryan wrote:
> > Thanks Oleg, I've added this to the client, yet I am still getting the
> same
> > warnings.
> >
> >     Lookup<AuthSchemeProvider> authProviders =
> > RegistryBuilder.<AuthSchemeProvider>create()
> >             .register(AuthSchemes.BASIC, new BasicSchemeFactory())
> >             .build();
> >     RequestConfig rc = RequestConfig.custom()
> >             .setTargetPreferredAuthSchemes(Arrays.asList("BASIC"))
> >             .build();
> >     BasicCredentialsProvider credsProvider = new
> BasicCredentialsProvider();
> >     credsProvider.setCredentials(AuthScope.ANY, null);
> >     client = HttpClients.custom()
> >             .setDefaultCredentialsProvider(credsProvider)
> >             .setDefaultAuthSchemeRegistry(authProviders)
> >             .setDefaultRequestConfig(rc)
> >
> > .setTargetAuthenticationStrategy(TargetAuthenticationStrategy.INSTANCE)
> >             .build();
> >
>
> Can happen if the proxy auth strategy tries to pick up an auth scheme
> from the list of preferred schemes still containing NTLM and SPNEGO.
>
> Oleg
>
> >
> >
> > On 12 February 2014 00:58, Oleg Kalnichevski <olegk@apache.org> wrote:
> >
> > > On Tue, 2014-02-11 at 14:20 +1100, Brett Ryan wrote:
> > > > If a server supports NTLM and Kerberos authentication, but when
> setting
> > > up the client I only provide basic credentials I get a log for each of
> the
> > > NTLM and NEGOTIATE authentication schemes.
> > > >
> > > > Taking the example from :
> > >
> https://hc.apache.org/httpcomponents-client-4.3.x/httpclient/examples/org/apache/http/examples/client/ClientAuthentication.java
> > > >
> > > >     CredentialsProvider credsProvider = new
> BasicCredentialsProvider();
> > > >     credsProvider.setCredentials(
> > > >             new AuthScope(null, -1),
> > > >             new UsernamePasswordCredentials(restUser, restPass));
> > > >     CloseableHttpClient client = HttpClients.custom()
> > > >             .setDefaultCredentialsProvider(credsProvider)
> > > >             .build();
> > > >
> > > > Use of the above client will produce the following warnings, though
> > > requests succeed fine through basic authentication:
> > > >
> > > >     WARN  o.a.http.impl.auth.HttpAuthenticator - NEGOTIATE
> > > authentication error: Invalid name provided (Mechanism level:
> KrbException:
> > > Cannot locate default realm)
> > > >     WARN  o.a.http.impl.auth.HttpAuthenticator - NTLM authentication
> > > error: Credentials cannot be used for NTLM authentication:
> > > org.apache.http.auth.UsernamePasswordCredentials
> > > >
> > > > So I figured after searching through the builder method that I'd
> supply
> > >  an auth provider with only basic support:
> > > >
> > > >     Lookup<AuthSchemeProvider> authProviders =
> > > RegistryBuilder.<AuthSchemeProvider>create()
> > > >             .register(AuthSchemes.BASIC, new BasicSchemeFactory())
> > > >             .build();
> > > >     CloseableHttpClient client = HttpClients.custom()
> > > >             .setDefaultCredentialsProvider(credsProvider)
> > > >             .setDefaultAuthSchemeRegistry(authProviders)
> > > >             .build();
> > > >
> > > > But now I get a different warning about the scheme's no longer being
> > > enabled.
> > > >
> > > >     WARN  o.a.h.i.c.TargetAuthenticationStrategy - Authentication
> scheme
> > > negotiate not supported
> > > >     WARN  o.a.h.i.c.TargetAuthenticationStrategy - Authentication
> scheme
> > > NTLM not supported
> > > >
> > > > How do I simply get rid of these warnings and only get the client to
> use
> > > the basic scheme that I've configured?
> > >
> > > ---
> > > RequestConfig config = RequestConfig.custom()
> > >         .setTargetPreferredAuthSchemes(Arrays.asList("BASIC"))
> > >         .build();
> > > HttpGet get = new HttpGet("/");
> > > get.setConfig(config);
> > > ---
> > >
> > > Hope this helps
> > >
> > > Oleg
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > >
> > >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message