hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Re: Using basic auth produces warnings about NTLM and NEGOTIATE errors.
Date Tue, 11 Feb 2014 14:18:24 GMT
On Tue, Feb 11, 2014 at 8:58 AM, Oleg Kalnichevski <olegk@apache.org> wrote:

> On Tue, 2014-02-11 at 14:20 +1100, Brett Ryan wrote:
> > If a server supports NTLM and Kerberos authentication, but when setting
> up the client I only provide basic credentials I get a log for each of the
> NTLM and NEGOTIATE authentication schemes.
> >
> > Taking the example from :
> https://hc.apache.org/httpcomponents-client-4.3.x/httpclient/examples/org/apache/http/examples/client/ClientAuthentication.java
> >
> >     CredentialsProvider credsProvider = new BasicCredentialsProvider();
> >     credsProvider.setCredentials(
> >             new AuthScope(null, -1),
> >             new UsernamePasswordCredentials(restUser, restPass));
> >     CloseableHttpClient client = HttpClients.custom()
> >             .setDefaultCredentialsProvider(credsProvider)
> >             .build();
> >
> > Use of the above client will produce the following warnings, though
> requests succeed fine through basic authentication:
> >
> >     WARN  o.a.http.impl.auth.HttpAuthenticator - NEGOTIATE
> authentication error: Invalid name provided (Mechanism level: KrbException:
> Cannot locate default realm)
> >     WARN  o.a.http.impl.auth.HttpAuthenticator - NTLM authentication
> error: Credentials cannot be used for NTLM authentication:
> org.apache.http.auth.UsernamePasswordCredentials
> >
> > So I figured after searching through the builder method that I'd supply
>  an auth provider with only basic support:
> >
> >     Lookup<AuthSchemeProvider> authProviders =
> RegistryBuilder.<AuthSchemeProvider>create()
> >             .register(AuthSchemes.BASIC, new BasicSchemeFactory())
> >             .build();
> >     CloseableHttpClient client = HttpClients.custom()
> >             .setDefaultCredentialsProvider(credsProvider)
> >             .setDefaultAuthSchemeRegistry(authProviders)
> >             .build();
> >
> > But now I get a different warning about the scheme's no longer being
> enabled.
> >
> >     WARN  o.a.h.i.c.TargetAuthenticationStrategy - Authentication scheme
> negotiate not supported
> >     WARN  o.a.h.i.c.TargetAuthenticationStrategy - Authentication scheme
> NTLM not supported
> >
> > How do I simply get rid of these warnings and only get the client to use
> the basic scheme that I've configured?
>
> ---
> RequestConfig config = RequestConfig.custom()
>         .setTargetPreferredAuthSchemes(Arrays.asList("BASIC"))
>

Wouldn't an enum be more helpful here?

Otherwise, I have to do more digging to find other strings are allowed.

Gary


>         .build();
> HttpGet get = new HttpGet("/");
> get.setConfig(config);
> ---
>
> Hope this helps
>
> Oleg
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>


-- 
E-Mail: garydgregory@gmail.com | ggregory@apache.org
Java Persistence with Hibernate, Second Edition<http://www.manning.com/bauer3/>
JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
Spring Batch in Action <http://www.manning.com/templier/>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message