manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Osipov (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
Date Thu, 17 Jan 2019 16:32:00 GMT

    [ https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16745267#comment-16745267 ] 

Michael Osipov commented on CONNECTORS-1564:
--------------------------------------------

OK friends, here is minimal working example with HttpClient 4.5.6 against latest Apache Web Server:

Anonymous endpoint:
{code:java}
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;

import org.apache.http.HttpEntity;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

public class ExpectContinueTest {

	public static void main(String[] args) throws IOException {
		HttpClientBuilder builder = HttpClientBuilder.create();
		RequestConfig rc = RequestConfig.custom().setExpectContinueEnabled(true).build();
		builder.setDefaultRequestConfig(rc);

		try (CloseableHttpClient httpClient = builder.build();
				InputStream is = Files.newInputStream(Paths.get("D:", "metadata.dmp"))) {

			HttpPost method = new HttpPost(
					"https://blnn719x.ad001.siemens.net/~osipovmi/CONNECTORS-1564.php");
			HttpEntity entity = new InputStreamEntity(is);
			method.setEntity(entity);
			CloseableHttpResponse response = httpClient.execute(method);
			EntityUtils.consumeQuietly(response.getEntity());
			response.close();

		}

	}

}
{code}

Log ouput:
{noformat}
655 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
665 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
666 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
683 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
684 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://blnn719x.ad001.siemens.net:443
695 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to blnn719x.ad001.siemens.net/147.54.64.19:443
695 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to blnn719x.ad001.siemens.net/147.54.64.19:443 with timeout 0
754 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
754 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
754 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
938 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established
939 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.2
939 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
939 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer principal: CN=blnn719x.ad001.siemens.net, OU=PD LD AP DW, O=Siemens, C=DE
939 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer alternative names: [blnn719x.ad001.siemens.net]
939 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer principal: CN=Siemens Issuing CA Intranet Server 2017, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB7, O=Siemens, L=Muenchen, ST=Bayern, C=DE
942 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 147.54.65.49:56942<->147.54.64.19:443
942 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request POST /~osipovmi/CONNECTORS-1564.php HTTP/1.1
942 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
943 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST /~osipovmi/CONNECTORS-1564.php HTTP/1.1
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Transfer-Encoding: chunked
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: blnn719x.ad001.siemens.net
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.6 (Java/1.8.0_181)
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Expect: 100-continue
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
951 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 100 Continue
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 200 OK
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Thu, 17 Jan 2019 16:09:43 GMT
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: Apache/2.4.37 (FreeBSD) OpenSSL/1.0.2q PHP/7.2.13 SVN/1.9.9 mod_auth_gssapi/1.6.1
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Frame-Options: SAMEORIGIN
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Powered-By: PHP/7.2.13
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 0
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Keep-Alive: timeout=300, max=1000
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: Keep-Alive
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: text/html; charset=UTF-8
1117 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive for 300000 MILLISECONDS
1118 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection [id: 0][route: {s}->https://blnn719x.ad001.siemens.net:443] can be kept alive for 300.0 seconds
1118 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 0
1118 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
1121 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager is shutting down
1121 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
1122 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager shut down
{noformat}

Basic endpoint:
{code:java}
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;

import org.apache.http.HttpEntity;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

public class ExpectContinueTest {

	public static void main(String[] args) throws IOException {
		HttpClientBuilder builder = HttpClientBuilder.create();
		RequestConfig rc = RequestConfig.custom().setExpectContinueEnabled(true).build();
		builder.setDefaultRequestConfig(rc);

		try (CloseableHttpClient httpClient = builder.build();
				InputStream is = Files.newInputStream(Paths.get("D:", "metadata.dmp"))) {

			HttpPost method = new HttpPost(
					"https://blnn719x.ad001.siemens.net/~osipovmi/basic/CONNECTORS-1564.php");
			HttpEntity entity = new InputStreamEntity(is);
			method.setEntity(entity);
			CloseableHttpResponse response = httpClient.execute(method);
			EntityUtils.consumeQuietly(response.getEntity());
			response.close();

		}

	}

}
{code}

No credentials provided:
{noformat}
679 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
695 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
696 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
712 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
714 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://blnn719x.ad001.siemens.net:443
726 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to blnn719x.ad001.siemens.net/147.54.64.19:443
726 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to blnn719x.ad001.siemens.net/147.54.64.19:443 with timeout 0
785 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
785 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
785 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
956 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established
956 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.2
956 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
956 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer principal: CN=blnn719x.ad001.siemens.net, OU=PD LD AP DW, O=Siemens, C=DE
956 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer alternative names: [blnn719x.ad001.siemens.net]
956 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer principal: CN=Siemens Issuing CA Intranet Server 2017, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB7, O=Siemens, L=Muenchen, ST=Bayern, C=DE
960 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 147.54.65.49:57003<->147.54.64.19:443
960 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
960 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
960 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Transfer-Encoding: chunked
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: blnn719x.ad001.siemens.net
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.6 (Java/1.8.0_181)
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Expect: 100-continue
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 401 Unauthorized
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Thu, 17 Jan 2019 16:13:47 GMT
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: Apache/2.4.37 (FreeBSD) OpenSSL/1.0.2q PHP/7.2.13 SVN/1.9.9 mod_auth_gssapi/1.6.1
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Frame-Options: SAMEORIGIN
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << WWW-Authenticate: Basic realm="CONNECTORS-1564 Realm"
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 533
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: close
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: text/html; charset=iso-8859-1
972 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication required
972 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - blnn719x.ad001.siemens.net:443 requested authentication
972 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
972 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Negotiate authentication scheme not available
972 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
972 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
972 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for CredSSP authentication scheme not available
972 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
980 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
981 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection discarded
981 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
981 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager is shutting down
982 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager shut down
{noformat}

Invalid credentials provided:
{code:java}
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;

import org.apache.http.HttpEntity;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

public class ExpectContinueTest {

	public static void main(String[] args) throws IOException {
		CredentialsProvider cp = new BasicCredentialsProvider();
		Credentials c = new UsernamePasswordCredentials("expect", "magic");
		cp.setCredentials(AuthScope.ANY, c);

		HttpClientBuilder builder = HttpClientBuilder.create();
		RequestConfig rc = RequestConfig.custom().setExpectContinueEnabled(true).build();
		builder.setDefaultRequestConfig(rc);
		builder.setDefaultCredentialsProvider(cp);

		try (CloseableHttpClient httpClient = builder.build();
				InputStream is = Files.newInputStream(Paths.get("D:", "metadata.dmp"))) {

			HttpPost method = new HttpPost(
					"https://blnn719x.ad001.siemens.net/~osipovmi/basic/CONNECTORS-1564.php");
			HttpEntity entity = new InputStreamEntity(is);
			method.setEntity(entity);
			CloseableHttpResponse response = httpClient.execute(method);
			EntityUtils.consumeQuietly(response.getEntity());
			response.close();

		}

	}

}
{code}

Failed authentication:
{noformat}
696 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
705 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
709 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
724 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
725 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://blnn719x.ad001.siemens.net:443
735 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to blnn719x.ad001.siemens.net/147.54.64.19:443
736 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to blnn719x.ad001.siemens.net/147.54.64.19:443 with timeout 0
798 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
798 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
798 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
981 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established
981 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.2
981 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
981 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer principal: CN=blnn719x.ad001.siemens.net, OU=PD LD AP DW, O=Siemens, C=DE
982 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer alternative names: [blnn719x.ad001.siemens.net]
982 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer principal: CN=Siemens Issuing CA Intranet Server 2017, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB7, O=Siemens, L=Muenchen, ST=Bayern, C=DE
986 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 147.54.65.49:57083<->147.54.64.19:443
986 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
986 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
987 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Transfer-Encoding: chunked
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: blnn719x.ad001.siemens.net
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.6 (Java/1.8.0_181)
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Expect: 100-continue
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
998 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 401 Unauthorized
998 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Thu, 17 Jan 2019 16:18:17 GMT
999 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: Apache/2.4.37 (FreeBSD) OpenSSL/1.0.2q PHP/7.2.13 SVN/1.9.9 mod_auth_gssapi/1.6.1
999 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Frame-Options: SAMEORIGIN
999 [main] DEBUG org.apache.http.headers - http-outgoing-0 << WWW-Authenticate: Basic realm="CONNECTORS-1564 Realm"
999 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 533
999 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: close
999 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: text/html; charset=iso-8859-1
1000 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication required
1000 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - blnn719x.ad001.siemens.net:443 requested authentication
1001 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
1001 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Negotiate authentication scheme not available
1001 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
1001 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
1001 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for CredSSP authentication scheme not available
1001 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
1006 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Selected authentication options: [BASIC [complete=true]]
1006 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
1006 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://blnn719x.ad001.siemens.net:443
1007 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to blnn719x.ad001.siemens.net/147.54.64.19:443
1007 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to blnn719x.ad001.siemens.net/147.54.64.19:443 with timeout 0
1010 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
1010 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
1010 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
1121 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established
1121 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.2
1122 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1122 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer principal: CN=blnn719x.ad001.siemens.net, OU=PD LD AP DW, O=Siemens, C=DE
1122 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer alternative names: [blnn719x.ad001.siemens.net]
1122 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer principal: CN=Siemens Issuing CA Intranet Server 2017, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB7, O=Siemens, L=Muenchen, ST=Bayern, C=DE
1123 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 147.54.65.49:57084<->147.54.64.19:443
1123 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
1123 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: CHALLENGED
1123 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Generating response to an authentication challenge using basic scheme
1128 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Transfer-Encoding: chunked
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: blnn719x.ad001.siemens.net
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.6 (Java/1.8.0_181)
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Expect: 100-continue
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Authorization: Basic ZXhwZWN0Om1hZ2lj
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 401 Unauthorized
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Thu, 17 Jan 2019 16:18:17 GMT
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: Apache/2.4.37 (FreeBSD) OpenSSL/1.0.2q PHP/7.2.13 SVN/1.9.9 mod_auth_gssapi/1.6.1
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Frame-Options: SAMEORIGIN
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << WWW-Authenticate: Basic realm="CONNECTORS-1564 Realm"
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 533
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: close
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: text/html; charset=iso-8859-1
1133 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication required
1133 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - blnn719x.ad001.siemens.net:443 requested authentication
1133 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authorization challenge processed
1134 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication failed
1137 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
1137 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection discarded
1138 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
1138 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager is shutting down
1138 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager shut down
{noformat}

Proper credentials:
{code:java}
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;

import org.apache.http.HttpEntity;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

public class ExpectContinueTest {

	public static void main(String[] args) throws IOException {
		CredentialsProvider cp = new BasicCredentialsProvider();
		Credentials c = new UsernamePasswordCredentials("michaelo", "expect-magic");
		cp.setCredentials(AuthScope.ANY, c);

		HttpClientBuilder builder = HttpClientBuilder.create();
		RequestConfig rc = RequestConfig.custom().setExpectContinueEnabled(true).build();
		builder.setDefaultRequestConfig(rc);
		builder.setDefaultCredentialsProvider(cp);

		try (CloseableHttpClient httpClient = builder.build();
				InputStream is = Files.newInputStream(Paths.get("D:", "metadata.dmp"))) {

			HttpPost method = new HttpPost(
					"https://blnn719x.ad001.siemens.net/~osipovmi/basic/CONNECTORS-1564.php");
			HttpEntity entity = new InputStreamEntity(is);
			method.setEntity(entity);
			CloseableHttpResponse response = httpClient.execute(method);
			EntityUtils.consumeQuietly(response.getEntity());
			response.close();

		}

	}

}
{code}

Successful authentication:
{noformat}
589 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
598 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
601 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
613 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
615 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://blnn719x.ad001.siemens.net:443
627 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to blnn719x.ad001.siemens.net/147.54.64.19:443
627 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to blnn719x.ad001.siemens.net/147.54.64.19:443 with timeout 0
685 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
685 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
685 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
865 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established
865 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.2
865 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
865 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer principal: CN=blnn719x.ad001.siemens.net, OU=PD LD AP DW, O=Siemens, C=DE
866 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer alternative names: [blnn719x.ad001.siemens.net]
866 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer principal: CN=Siemens Issuing CA Intranet Server 2017, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB7, O=Siemens, L=Muenchen, ST=Bayern, C=DE
869 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 147.54.65.49:57122<->147.54.64.19:443
869 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
869 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
869 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Transfer-Encoding: chunked
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: blnn719x.ad001.siemens.net
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.6 (Java/1.8.0_181)
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Expect: 100-continue
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
879 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 401 Unauthorized
879 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Thu, 17 Jan 2019 16:20:17 GMT
879 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: Apache/2.4.37 (FreeBSD) OpenSSL/1.0.2q PHP/7.2.13 SVN/1.9.9 mod_auth_gssapi/1.6.1
879 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Frame-Options: SAMEORIGIN
879 [main] DEBUG org.apache.http.headers - http-outgoing-0 << WWW-Authenticate: Basic realm="CONNECTORS-1564 Realm"
880 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 533
880 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: close
880 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: text/html; charset=iso-8859-1
881 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication required
881 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - blnn719x.ad001.siemens.net:443 requested authentication
882 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
882 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Negotiate authentication scheme not available
882 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
882 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
882 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for CredSSP authentication scheme not available
882 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
886 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Selected authentication options: [BASIC [complete=true]]
886 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
887 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://blnn719x.ad001.siemens.net:443
887 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to blnn719x.ad001.siemens.net/147.54.64.19:443
887 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to blnn719x.ad001.siemens.net/147.54.64.19:443 with timeout 0
889 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
889 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
889 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established
997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.2
997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer principal: CN=blnn719x.ad001.siemens.net, OU=PD LD AP DW, O=Siemens, C=DE
997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer alternative names: [blnn719x.ad001.siemens.net]
997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer principal: CN=Siemens Issuing CA Intranet Server 2017, OU=Siemens Trust Center, SERIALNUMBER=ZZZZZZB7, O=Siemens, L=Muenchen, ST=Bayern, C=DE
997 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 147.54.65.49:57123<->147.54.64.19:443
997 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
997 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: CHALLENGED
998 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Generating response to an authentication challenge using basic scheme
1002 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Transfer-Encoding: chunked
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: blnn719x.ad001.siemens.net
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.6 (Java/1.8.0_181)
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Expect: 100-continue
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Authorization: Basic bWljaGFlbG86ZXhwZWN0LW1hZ2lj
1007 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 100 Continue
1179 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 200 OK
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Thu, 17 Jan 2019 16:20:17 GMT
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: Apache/2.4.37 (FreeBSD) OpenSSL/1.0.2q PHP/7.2.13 SVN/1.9.9 mod_auth_gssapi/1.6.1
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Frame-Options: SAMEORIGIN
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Powered-By: PHP/7.2.13
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 0
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Keep-Alive: timeout=300, max=1000
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: Keep-Alive
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: text/html; charset=UTF-8
1181 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive for 300000 MILLISECONDS
1181 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication succeeded
1181 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Caching 'basic' auth scheme for https://blnn719x.ad001.siemens.net:443
1188 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection [id: 0][route: {s}->https://blnn719x.ad001.siemens.net:443] can be kept alive for 300.0 seconds
1188 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 0
1188 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
1191 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager is shutting down
1191 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
1191 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager shut down
{noformat}

PHP script:
{code}
$ less CONNECTORS-1564.php
<?php
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
file_put_contents('/tmp/CONNECTORS-1564.bin', file_get_contents('php://input'));
}

?>
{code}

I can repeat the same test with Tomcat, but the result won't change.

If you happen to run Tomcat behind Apache Web Server as reverse proxy, the expect *won't* work. You will suffer from https://bz.apache.org/bugzilla/show_bug.cgi?id=60330. If this is your case, please reach out to Jean-Frédéric and Yann. I need this backport too.

> Support preemptive authentication to Solr connector
> ---------------------------------------------------
>
>                 Key: CONNECTORS-1564
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
>             Project: ManifoldCF
>          Issue Type: Improvement
>          Components: Lucene/SOLR connector
>            Reporter: Erlend Garåsen
>            Assignee: Karl Wright
>            Priority: Major
>         Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic authentication. This will make the communication between ManifoldCF and Solr much more effective instead of the following:
>  * Send a HTTP POST request to Solr
>  * Solr sends a 401 response
>  * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message