hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: NTLM proxy authentication...
Date Sat, 22 Mar 2014 12:17:47 GMT
On Fri, 2014-03-21 at 12:03 -0400, Ray Williams Robinson Valiente wrote:
> Hi again:
> 
> Problem is in company proxy configuration I guess. I have tried setting no
> proxy domain and it worked fine. For some reason HttpClient fails to
> authenticate when the proxy domain is set (even when I'm pretty sure it's
> correct, since it's the same proxy domain I have in cntlm configuration).
> Is there any reason for this?
> 


Ray,

There is only one person on the project who understands NTLM protocol.
You might want to post your question to the dev list along with a
wireshark packet dump and kindly ask for help there.

Oleg

> 
> 2014-03-21 11:48 GMT-04:00 Ray Williams Robinson Valiente <
> shaka.shadows@gmail.com>:
> 
> > Hi:
> >
> > Code remains the same, here is the logging output:
> >
> > 2014/03/21 11:43:44:075 EDT [DEBUG] RequestAddCookies - CookieSpec
> > selected: best-match
> > 2014/03/21 11:43:44:105 EDT [DEBUG] RequestAuthCache - Auth cache not set
> > in the context
> > 2014/03/21 11:43:44:106 EDT [DEBUG] PoolingHttpClientConnectionManager -
> > Connection request: [route: {tls}->http://proxy.hab.desoft.cu:3128-
> > >https://www.google.com.cu:443][total kept alive: 0; route allocated: 0
> > of 2; total allocated: 0 of 20]
> > 2014/03/21 11:43:44:122 EDT [DEBUG] PoolingHttpClientConnectionManager -
> > Connection leased: [id: 0][route: {tls}->http://proxy.hab.desoft.cu:3128-
> > >https://www.google.com.cu:443][total kept alive: 0; route allocated: 1
> > of 2; total allocated: 1 of 20]
> > 2014/03/21 11:43:44:129 EDT [DEBUG] MainClientExec - Opening connection
> > {tls}->http://proxy.hab.desoft.cu:3128->https://www.google.com.cu:443
> > 2014/03/21 11:43:44:132 EDT [DEBUG] HttpClientConnectionOperator -
> > Connecting to proxy.hab.desoft.cu/10.176.0.2:3128
> > 2014/03/21 11:43:44:141 EDT [DEBUG] HttpClientConnectionOperator -
> > Connection established 10.176.0.170:54967<->10.176.0.2:3128
> > 2014/03/21 11:43:44:143 EDT [DEBUG] headers - http-outgoing-0 >> CONNECT
> > www.google.com.cu:443 HTTP/1.1
> > 2014/03/21 11:43:44:143 EDT [DEBUG] headers - http-outgoing-0 >> Host:
> > www.google.com.cu
> > 2014/03/21 11:43:44:143 EDT [DEBUG] headers - http-outgoing-0 >>
> > Proxy-Connection: Keep-Alive
> > 2014/03/21 11:43:44:146 EDT [DEBUG] headers - http-outgoing-0 << HTTP/1.0
> > 407 Proxy Authentication Required
> > 2014/03/21 11:43:44:146 EDT [DEBUG] headers - http-outgoing-0 << Server:
> > squid/3.1.20
> > 2014/03/21 11:43:44:146 EDT [DEBUG] headers - http-outgoing-0 <<
> > Mime-Version: 1.0
> > 2014/03/21 11:43:44:146 EDT [DEBUG] headers - http-outgoing-0 << Date:
> > Fri, 21 Mar 2014 15:44:01 GMT
> > 2014/03/21 11:43:44:146 EDT [DEBUG] headers - http-outgoing-0 <<
> > Content-Type: text/html
> > 2014/03/21 11:43:44:146 EDT [DEBUG] headers - http-outgoing-0 <<
> > Content-Length: 3177
> > 2014/03/21 11:43:44:146 EDT [DEBUG] headers - http-outgoing-0 <<
> > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
> > 2014/03/21 11:43:44:146 EDT [DEBUG] headers - http-outgoing-0 <<
> > Proxy-Authenticate: NTLM
> > 2014/03/21 11:43:44:146 EDT [DEBUG] headers - http-outgoing-0 << X-Cache:
> > MISS from proxy.hab.desoft.cu
> > 2014/03/21 11:43:44:146 EDT [DEBUG] headers - http-outgoing-0 <<
> > X-Cache-Lookup: NONE from proxy.hab.desoft.cu:3128
> > 2014/03/21 11:43:44:147 EDT [DEBUG] headers - http-outgoing-0 << Via: 1.0
> > proxy.hab.desoft.cu (squid/3.1.20)
> > 2014/03/21 11:43:44:147 EDT [DEBUG] headers - http-outgoing-0 <<
> > Connection: close
> > 2014/03/21 11:43:44:148 EDT [DEBUG] HttpAuthenticator - Authentication
> > required
> > 2014/03/21 11:43:44:148 EDT [DEBUG] HttpAuthenticator -
> > proxy.hab.desoft.cu:3128 requested authentication
> > 2014/03/21 11:43:44:148 EDT [DEBUG] ProxyAuthenticationStrategy -
> > Authentication schemes in the order of preference: [negotiate, Kerberos,
> > NTLM, Digest, Basic]
> > 2014/03/21 11:43:44:148 EDT [DEBUG] ProxyAuthenticationStrategy -
> > Challenge for negotiate authentication scheme not available
> > 2014/03/21 11:43:44:148 EDT [DEBUG] ProxyAuthenticationStrategy -
> > Challenge for Kerberos authentication scheme not available
> > 2014/03/21 11:43:44:152 EDT [DEBUG] ProxyAuthenticationStrategy -
> > Challenge for Digest authentication scheme not available
> > 2014/03/21 11:43:44:152 EDT [DEBUG] ProxyAuthenticationStrategy -
> > Challenge for Basic authentication scheme not available
> > 2014/03/21 11:43:44:152 EDT [DEBUG] HttpAuthenticator - Selected
> > authentication options: [NTLM]
> > 2014/03/21 11:43:44:153 EDT [DEBUG] DefaultManagedHttpClientConnection -
> > http-outgoing-0: Close connection
> > 2014/03/21 11:43:44:153 EDT [DEBUG] HttpClientConnectionOperator -
> > Connecting to proxy.hab.desoft.cu/10.176.0.2:3128
> > 2014/03/21 11:43:44:155 EDT [DEBUG] HttpClientConnectionOperator -
> > Connection established 10.176.0.170:54968<->10.176.0.2:3128
> > 2014/03/21 11:43:44:155 EDT [DEBUG] HttpAuthenticator - Generating
> > response to an authentication challenge using ntlm scheme
> > 2014/03/21 11:43:44:164 EDT [DEBUG] headers - http-outgoing-0 >> CONNECT
> > www.google.com.cu:443 HTTP/1.1
> > 2014/03/21 11:43:44:164 EDT [DEBUG] headers - http-outgoing-0 >> Host:
> > www.google.com.cu
> > 2014/03/21 11:43:44:164 EDT [DEBUG] headers - http-outgoing-0 >>
> > Proxy-Connection: Keep-Alive
> > 2014/03/21 11:43:44:164 EDT [DEBUG] headers - http-outgoing-0 >>
> > Proxy-Authorization: NTLM
> > TlRMTVNTUAABAAAAAYIIogAAAAAoAAAAAAAAACgAAAAFASgKAAAADw==
> > 2014/03/21 11:43:44:166 EDT [DEBUG] headers - http-outgoing-0 << HTTP/1.0
> > 407 Proxy Authentication Required
> > 2014/03/21 11:43:44:166 EDT [DEBUG] headers - http-outgoing-0 << Server:
> > squid/3.1.20
> > 2014/03/21 11:43:44:166 EDT [DEBUG] headers - http-outgoing-0 <<
> > Mime-Version: 1.0
> > 2014/03/21 11:43:44:166 EDT [DEBUG] headers - http-outgoing-0 << Date:
> > Fri, 21 Mar 2014 15:44:01 GMT
> > 2014/03/21 11:43:44:166 EDT [DEBUG] headers - http-outgoing-0 <<
> > Content-Type: text/html
> > 2014/03/21 11:43:44:166 EDT [DEBUG] headers - http-outgoing-0 <<
> > Content-Length: 3275
> > 2014/03/21 11:43:44:166 EDT [DEBUG] headers - http-outgoing-0 <<
> > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
> > 2014/03/21 11:43:44:166 EDT [DEBUG] headers - http-outgoing-0 <<
> > Proxy-Authenticate: NTLM
> > TlRMTVNTUAACAAAAAAAAADgAAAABggiiuBCoBrncpGYAAAAAAAAAAAAAAAA4AAAABgEAAAAAAA8=
> > 2014/03/21 11:43:44:166 EDT [DEBUG] headers - http-outgoing-0 << X-Cache:
> > MISS from proxy.hab.desoft.cu
> > 2014/03/21 11:43:44:166 EDT [DEBUG] headers - http-outgoing-0 <<
> > X-Cache-Lookup: NONE from proxy.hab.desoft.cu:3128
> > 2014/03/21 11:43:44:166 EDT [DEBUG] headers - http-outgoing-0 << Via: 1.0
> > proxy.hab.desoft.cu (squid/3.1.20)
> > 2014/03/21 11:43:44:166 EDT [DEBUG] headers - http-outgoing-0 <<
> > Connection: keep-alive
> > 2014/03/21 11:43:44:166 EDT [DEBUG] HttpAuthenticator - Authentication
> > required
> > 2014/03/21 11:43:44:166 EDT [DEBUG] HttpAuthenticator -
> > proxy.hab.desoft.cu:3128 requested authentication
> > 2014/03/21 11:43:44:166 EDT [DEBUG] HttpAuthenticator - Authorization
> > challenge processed
> > 2014/03/21 11:43:44:167 EDT [DEBUG] MainClientExec - Connection kept alive
> > 2014/03/21 11:43:44:257 EDT [DEBUG] headers - http-outgoing-0 >> CONNECT
> > www.google.com.cu:443 HTTP/1.1
> > 2014/03/21 11:43:44:257 EDT [DEBUG] headers - http-outgoing-0 >> Host:
> > www.google.com.cu
> > 2014/03/21 11:43:44:257 EDT [DEBUG] headers - http-outgoing-0 >>
> > Proxy-Connection: Keep-Alive
> > 2014/03/21 11:43:44:257 EDT [DEBUG] headers - http-outgoing-0 >>
> > Proxy-Authorization: NTLM
> > TlRMTVNTUAADAAAAGAAYAEgAAAAYABgAYAAAAAYABgB4AAAAGgAaAH4AAAAQABAAmAAAAAAAAACoAAAAAYIIogUBKAoAAAAPMDJRVvJ3PDoAAAAAAAAAAAAAAAAAAAAASEOSanBi3r5wXnzdcZRzItIZfNM8pmc4SABBAEIAcgBhAHkAdwAuAHIAbwBiAGkAbgBzAG8AbgBEAEUAUwAtAFIAQQBZAFcA
> > 2014/03/21 11:43:44:259 EDT [DEBUG] headers - http-outgoing-0 << HTTP/1.0
> > 407 Proxy Authentication Required
> > 2014/03/21 11:43:44:259 EDT [DEBUG] headers - http-outgoing-0 << Server:
> > squid/3.1.20
> > 2014/03/21 11:43:44:259 EDT [DEBUG] headers - http-outgoing-0 <<
> > Mime-Version: 1.0
> > 2014/03/21 11:43:44:259 EDT [DEBUG] headers - http-outgoing-0 << Date:
> > Fri, 21 Mar 2014 15:44:01 GMT
> > 2014/03/21 11:43:44:259 EDT [DEBUG] headers - http-outgoing-0 <<
> > Content-Type: text/html
> > 2014/03/21 11:43:44:259 EDT [DEBUG] headers - http-outgoing-0 <<
> > Content-Length: 3439
> > 2014/03/21 11:43:44:259 EDT [DEBUG] headers - http-outgoing-0 <<
> > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
> > 2014/03/21 11:43:44:259 EDT [DEBUG] headers - http-outgoing-0 <<
> > Proxy-Authenticate: NTLM
> > 2014/03/21 11:43:44:259 EDT [DEBUG] headers - http-outgoing-0 << X-Cache:
> > MISS from proxy.hab.desoft.cu
> > 2014/03/21 11:43:44:259 EDT [DEBUG] headers - http-outgoing-0 <<
> > X-Cache-Lookup: NONE from proxy.hab.desoft.cu:3128
> > 2014/03/21 11:43:44:259 EDT [DEBUG] headers - http-outgoing-0 << Via: 1.0
> > proxy.hab.desoft.cu (squid/3.1.20)
> > 2014/03/21 11:43:44:259 EDT [DEBUG] headers - http-outgoing-0 <<
> > Connection: close
> > 2014/03/21 11:43:44:259 EDT [DEBUG] HttpAuthenticator - Authentication
> > required
> > 2014/03/21 11:43:44:260 EDT [DEBUG] HttpAuthenticator -
> > proxy.hab.desoft.cu:3128 requested authentication
> > 2014/03/21 11:43:44:260 EDT [DEBUG] HttpAuthenticator - Authorization
> > challenge processed
> > 2014/03/21 11:43:44:260 EDT [DEBUG] HttpAuthenticator - Authentication
> > failed
> > 2014/03/21 11:43:44:260 EDT [DEBUG] DefaultManagedHttpClientConnection -
> > http-outgoing-0: Close connection
> > 2014/03/21 11:43:44:261 EDT [DEBUG] MainClientExec - CONNECT refused by
> > proxy: HTTP/1.0 407 Proxy Authentication Required
> > 2014/03/21 11:43:44:261 EDT [DEBUG] DefaultManagedHttpClientConnection -
> > http-outgoing-0: Close connection
> > 2014/03/21 11:43:44:261 EDT [DEBUG] MainClientExec - Connection discarded
> > 2014/03/21 11:43:44:261 EDT [DEBUG] DefaultManagedHttpClientConnection -
> > http-outgoing-0: Close connection
> > 2014/03/21 11:43:44:261 EDT [DEBUG] PoolingHttpClientConnectionManager -
> > Connection released: [id: 0][route: {tls}->http://proxy.hab.desoft.cu:3128-
> > >https://www.google.com.cu:443][total kept alive: 0; route allocated: 0
> > of 2; total allocated: 0 of 20]
> >
> >
> >
> > 2014-03-20 9:18 GMT-04:00 Oleg Kalnichevski <olegk@apache.org>:
> >
> > On Wed, 2014-03-19 at 14:46 -0400, Ray Williams Robinson Valiente wrote:
> >> > Hi:
> >> >
> >> > I'm a fairly new with HttpClient. I'm trying to test it against a NTLM
> >> > proxy but I'm getting error 407 over and over again. What should be
> >> > the correct way to do it? My current code looks like (with proper
> >> > values for declared constants):
> >>
> >> Ray,
> >>
> >> I see nothing wrong with your code.
> >>
> >> Please try running your application with wire / context logging on.
> >> There is a chance there might be clues in the logs as to what is causing
> >> the authentication failure.
> >>
> >> http://hc.apache.org/httpcomponents-client-4.3.x/logging.html
> >>
> >> Oleg
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>
> >>
> >
> >
> > --
> >
> > *Eng. Ray Williams Robinson Valiente*
> >
> > *Base Technologies Group *
> >
> > *DESOFT, Havana Division(+537)8356379*
> >
> 
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message