hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Issue with BASIC Scheme in HttpClient 4.3.2
Date Mon, 06 Oct 2014 07:49:34 GMT
On Sun, 2014-10-05 at 23:04 -0700, chandra wrote:
> Hi,
> 
>    I am porting code from 3.1 to 4.3.2 of httpclient. I am some queries
> regarding usage of BasicScheme :
> 
>  In 3.1 version of Commons httpclient here is the code i am trying to port
>   
> AuthScope proxyAuthScope = new AuthScope(host,ANY_PORT,domain);
> NTCredentials proxyCredentials = new
> NTCredentials("username","password","",domain);
> client.getState().setProxyCredentials(proxyAuthScope, proxyCredentials);
> client.executeMethod(new GetMethod(url.toString()))
> 
> The above piece of code is working fine for BASIC and NTLM authentication
> scheme.
> 
> After porting the code to 4.3.2:
> 
> AuthScope proxyAuthScope = new AuthScope(host,port,domain) ;
> NTCredentials proxyCredentials = new NTCredentials( "admin1",
> "admin1","",domain);
> CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
> credentialsProvider.setCredentials(proxyAuthScope,proxyCredentials);
> CloseableHttpClient httpClient = HttpClientBuilder.create()
>                                                .setProxy(new HttpHost(host,
> port))
>                                               
> .setDefaultCredentialsProvider(credentialsProvider)
>                                                .build();
> httpClient.execute(httpGet)
> 
> The above piece of code is working fine for NTLM Proxy Authentication but
> during BASIC authentication even though we supply the correct username and
> password credentials we are getting 407 Proxy Authentication error
> repetedly. So on debugging the httpclient source code we found a  difference
> in the funtionality between BasicScheme of 3.1 and 4.3.2.
> 
> Difference:
> In 3.1 -> Even though we supply NTCredentials with domain name to BASIC
> Scheme it will considers only username and Password from the credentialstore
> and sends the authentication string.
> 
> In 4.3.2 -> If we supply NTCredentials with domain name to BASIC Scheme it
> will also consider the domain name along with username and password to
> construct the authentication string .
> 
> Code snippet from 4.3.2 version of BASIC Scheme that constructs the
> authentication string:
> 
> final StringBuilder tmp = new StringBuilder();
>         tmp.append(credentials.getUserPrincipal().getName());
>         tmp.append(":");
>         tmp.append((credentials.getPassword() == null) ? "null" :
> credentials.getPassword());
> 
> For Example if we set the NTCredentials as 
> 
> NTCredentials("admin","pass","","dev");
> 
> then the Authentication String is sent with 
> username: dev/admin
> password:pass
> But server is expecting basic authentication with username:admin and
> password :pass
> 
> Is this a bug in the HttpClient 4.3.2 ?
> If so how can we overcome this ?
> 

This is the intended behavior.

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message