Return-Path: X-Original-To: apmail-hc-httpclient-users-archive@www.apache.org Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 421601091B for ; Tue, 11 Feb 2014 15:22:29 +0000 (UTC) Received: (qmail 64805 invoked by uid 500); 11 Feb 2014 15:22:28 -0000 Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org Received: (qmail 64655 invoked by uid 500); 11 Feb 2014 15:22:25 -0000 Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpClient User Discussion" Delivered-To: mailing list httpclient-users@hc.apache.org Received: (qmail 64631 invoked by uid 99); 11 Feb 2014 15:22:24 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Feb 2014 15:22:24 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of brett.ryan@gmail.com designates 209.85.219.49 as permitted sender) Received: from [209.85.219.49] (HELO mail-oa0-f49.google.com) (209.85.219.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Feb 2014 15:22:17 +0000 Received: by mail-oa0-f49.google.com with SMTP id i7so9150404oag.8 for ; Tue, 11 Feb 2014 07:21:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=ui0w1GuPZuo3wyOKZx3n0p3tpK37GxpJ6jPkbJF+uc4=; b=X9A7PHS+VW28eVhuB3abx/FjoWjfTh0n4vlZjwnvC7fM0eZ+/L7wDbewRn0b1xYgRs 2ym499sfAZwbv462SW2OsAkipg1o6LSnz2TOk2fz5LtdsSUFLr2ub65vPV3J7oL2wxdk q2gm6oGsuvO/oDEwnxoDwkdJnx5WCVfkd1pXgJbSIs9yU60rkB6VJLINFgVvetqED63Q lK8vbfof7e9PMfjrYpGNtmX4OcIQ2qoFK72bwRGYBLJHhgp4NhfvMueSxiqa/MrksZOM pIvMXhzMkib03CR6twCLLmzgEMscJ5hYI/bBtODQuKXUdsdtPK4lt55Vx9Z3mhF6ZjqQ hkHA== X-Received: by 10.60.70.239 with SMTP id p15mr31977885oeu.26.1392132116464; Tue, 11 Feb 2014 07:21:56 -0800 (PST) MIME-Version: 1.0 Received: by 10.76.172.163 with HTTP; Tue, 11 Feb 2014 07:21:36 -0800 (PST) In-Reply-To: <1392127127.6000.5.camel@ubuntu> References: <1392127127.6000.5.camel@ubuntu> From: Brett Ryan Date: Wed, 12 Feb 2014 02:21:36 +1100 Message-ID: Subject: Re: Using basic auth produces warnings about NTLM and NEGOTIATE errors. To: HttpClient User Discussion Content-Type: multipart/alternative; boundary=001a113311e6484e7904f2230466 X-Virus-Checked: Checked by ClamAV on apache.org --001a113311e6484e7904f2230466 Content-Type: text/plain; charset=ISO-8859-1 Thanks Oleg, I've added this to the client, yet I am still getting the same warnings. Lookup authProviders = RegistryBuilder.create() .register(AuthSchemes.BASIC, new BasicSchemeFactory()) .build(); RequestConfig rc = RequestConfig.custom() .setTargetPreferredAuthSchemes(Arrays.asList("BASIC")) .build(); BasicCredentialsProvider credsProvider = new BasicCredentialsProvider(); credsProvider.setCredentials(AuthScope.ANY, null); client = HttpClients.custom() .setDefaultCredentialsProvider(credsProvider) .setDefaultAuthSchemeRegistry(authProviders) .setDefaultRequestConfig(rc) .setTargetAuthenticationStrategy(TargetAuthenticationStrategy.INSTANCE) .build(); On 12 February 2014 00:58, Oleg Kalnichevski wrote: > On Tue, 2014-02-11 at 14:20 +1100, Brett Ryan wrote: > > If a server supports NTLM and Kerberos authentication, but when setting > up the client I only provide basic credentials I get a log for each of the > NTLM and NEGOTIATE authentication schemes. > > > > Taking the example from : > https://hc.apache.org/httpcomponents-client-4.3.x/httpclient/examples/org/apache/http/examples/client/ClientAuthentication.java > > > > CredentialsProvider credsProvider = new BasicCredentialsProvider(); > > credsProvider.setCredentials( > > new AuthScope(null, -1), > > new UsernamePasswordCredentials(restUser, restPass)); > > CloseableHttpClient client = HttpClients.custom() > > .setDefaultCredentialsProvider(credsProvider) > > .build(); > > > > Use of the above client will produce the following warnings, though > requests succeed fine through basic authentication: > > > > WARN o.a.http.impl.auth.HttpAuthenticator - NEGOTIATE > authentication error: Invalid name provided (Mechanism level: KrbException: > Cannot locate default realm) > > WARN o.a.http.impl.auth.HttpAuthenticator - NTLM authentication > error: Credentials cannot be used for NTLM authentication: > org.apache.http.auth.UsernamePasswordCredentials > > > > So I figured after searching through the builder method that I'd supply > an auth provider with only basic support: > > > > Lookup authProviders = > RegistryBuilder.create() > > .register(AuthSchemes.BASIC, new BasicSchemeFactory()) > > .build(); > > CloseableHttpClient client = HttpClients.custom() > > .setDefaultCredentialsProvider(credsProvider) > > .setDefaultAuthSchemeRegistry(authProviders) > > .build(); > > > > But now I get a different warning about the scheme's no longer being > enabled. > > > > WARN o.a.h.i.c.TargetAuthenticationStrategy - Authentication scheme > negotiate not supported > > WARN o.a.h.i.c.TargetAuthenticationStrategy - Authentication scheme > NTLM not supported > > > > How do I simply get rid of these warnings and only get the client to use > the basic scheme that I've configured? > > --- > RequestConfig config = RequestConfig.custom() > .setTargetPreferredAuthSchemes(Arrays.asList("BASIC")) > .build(); > HttpGet get = new HttpGet("/"); > get.setConfig(config); > --- > > Hope this helps > > Oleg > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org > For additional commands, e-mail: httpclient-users-help@hc.apache.org > > --001a113311e6484e7904f2230466--