redirect fails when NTLM authentication is used for proxy
|
View:
New views
10 Messages
—
Rating Filter:
Alert me
|
 |
redirect fails when NTLM authentication is used for proxy
by RajK
::
Rate this Message:
HI all,
During redirect time, the auth has to be cleared as the below issues says, http://issues.apache.org/jira/browse/HTTPCLIENT-211 but, it does it only for the hosts NTLM authentication, But, when we have NTLM at proxy, redirect fails. Should we have it cleared for proxy also, right? please let me know otherwise, please let me know. Thanks, Raj |
|
|
Re: redirect fails when NTLM authentication is used for proxy
by olegk
::
Rate this Message:
On Thu, Jun 04, 2009 at 03:41:53AM -0700, RajK wrote:
> > HI all, > During redirect time, the auth has to be cleared as the below issues > says, > http://issues.apache.org/jira/browse/HTTPCLIENT-211 > but, it does it only for the hosts NTLM authentication, > But, when we have NTLM at proxy, redirect fails. > > Should we have it cleared for proxy also, right? please let me know > otherwise, please let me know. > > Thanks, > Raj > > Post wire / context log Oleg > > -- > View this message in context: http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p23867531.html > Sent from the HttpClient-User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscribe@... > For additional commands, e-mail: httpclient-users-help@... > --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscribe@... For additional commands, e-mail: httpclient-users-help@... |
|
|
Re: redirect fails when NTLM authentication is used for proxy
by RajK
::
Rate this Message:
HI Oleg,
Thanks for the reply, here is the wire logs, [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]" [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" [DEBUG] header - >> "Host: verisign.com[\r][\n]" [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" [DEBUG] header - >> "[\r][\n]" [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )[\r][\n]" [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )[\r][\n]" [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" [DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]" [DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]" [DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]" [DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]" [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" [DEBUG] header - << "Pragma: no-cache[\r][\n]" [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" [DEBUG] header - << "Content-Type: text/html[\r][\n]" [DEBUG] header - << "Content-Length: 4106 [\r][\n]" [DEBUG] header - << "[\r][\n]" [INFO] AuthChallengeProcessor - ntlm authentication scheme selected [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]" [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" [DEBUG] header - >> "Proxy-Authorization: NTLM TlRMTVNTUAABAAAABlIAAA0ADQAiAAAAAgACACAAAABOVDE3Mi4yNi4yMzAuODY=[\r][\n]" [DEBUG] header - >> "Host: verisign.com[\r][\n]" [DEBUG] header - >> "[\r][\n]" [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )[\r][\n]" [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )[\r][\n]" [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" [DEBUG] header - << "Proxy-Authenticate: NTLM TlRMTVNTUAACAAAACQAJADgAAAAGAoECE6EfrShmucQAAAAAAAAAAJ4AngBBAAAABQLODgAAAA9DSElMRElCQUMCABIAQwBIAEkATABEAEkAQgBBAEMAAQAYAFMAVQBOAEkATABOAEsALQBMAEEAQgAxAAQAKABjAGgAaQBsAGQALgBpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAwAYAHMAdQBuAGkAbABuAGsALQBsAGEAYgAxAAUAHABpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAAAAAA==[\r][\n]" [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" [DEBUG] header - << "Pragma: no-cache[\r][\n]" [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" [DEBUG] header - << "Content-Type: text/html[\r][\n]" [DEBUG] header - << "Content-Length: 0 [\r][\n]" [DEBUG] header - << "[\r][\n]" [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]" [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" [DEBUG] header - >> "Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAFwAAAAAAAAAdAAAAA0ADQBAAAAADQANAE0AAAACAAIAWgAAAAAAAAB0AAAABlIAADE3Mi4yNi4yMzAuODZBRE1JTklTVFJBVE9STlTpGOVYkkr+LQRybRsJCgxl2lYVu2N/vb8=[\r][\n]" [DEBUG] header - >> "Host: verisign.com[\r][\n]" [DEBUG] header - >> "[\r][\n]" [DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]" [DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]" [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" [DEBUG] header - << "Content-length: 0[\r][\n]" [DEBUG] header - << "Date: Tue, 23 Jun 2009 04:19:48 GMT[\r][\n]" [DEBUG] header - << "Location: http://www.verisign.com/[\r][\n]" [DEBUG] header - << "Content-type: text/html[\r][\n]" [DEBUG] header - << "Server: Netscape-Enterprise/4.1[\r][\n]" [DEBUG] header - << "[\r][\n]" [DEBUG] header - >> "GET http://www.verisign.com/ HTTP/1.1[\r][\n]" [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" [DEBUG] header - >> "Host: www.verisign.com[\r][\n]" [DEBUG] header - >> "[\r][\n]" [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )[\r][\n]" [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )[\r][\n]" [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" [DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]" [DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]" [DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]" [DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]" [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" [DEBUG] header - << "Pragma: no-cache[\r][\n]" [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" [DEBUG] header - << "Content-Type: text/html[\r][\n]" [DEBUG] header - << "Content-Length: 4106 [\r][\n]" [DEBUG] header - << "[\r][\n]" [INFO] HttpMethodDirector - Failure authenticating with NTLM <any realm>@172.16.100.16:8080 When I tried the with the code changes as In processRedirectResponse { method.getHostAuthState().invalidate(); I added the below line, method.getProxyAuthState().invalidate(); } This works Thanks, RajK
|
|
|
Re: redirect fails when NTLM authentication is used for proxy
by olegk
::
Rate this Message:
On Mon, Jun 22, 2009 at 09:35:58PM -0700, RajK wrote:
> > HI Oleg, > Thanks for the reply, here is the wire logs, > > [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]" > [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" > [DEBUG] header - >> "Host: verisign.com[\r][\n]" > [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - >> "[\r][\n]" > [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA > Server requires authorization to fulfill the request. Access to the Web > Proxy filter is denied. )[\r][\n]" > [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA > Server requires authorization to fulfill the request. Access to the Web > Proxy filter is denied. )[\r][\n]" > [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]" > [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Pragma: no-cache[\r][\n]" > [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" > [DEBUG] header - << "Content-Type: text/html[\r][\n]" > [DEBUG] header - << "Content-Length: 4106 [\r][\n]" > [DEBUG] header - << "[\r][\n]" > [INFO] AuthChallengeProcessor - ntlm authentication scheme selected > [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]" > [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" > [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - >> "Proxy-Authorization: NTLM > TlRMTVNTUAABAAAABlIAAA0ADQAiAAAAAgACACAAAABOVDE3Mi4yNi4yMzAuODY=[\r][\n]" > [DEBUG] header - >> "Host: verisign.com[\r][\n]" > [DEBUG] header - >> "[\r][\n]" > [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access is > denied. )[\r][\n]" > [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access is > denied. )[\r][\n]" > [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: NTLM > TlRMTVNTUAACAAAACQAJADgAAAAGAoECE6EfrShmucQAAAAAAAAAAJ4AngBBAAAABQLODgAAAA9DSElMRElCQUMCABIAQwBIAEkATABEAEkAQgBBAEMAAQAYAFMAVQBOAEkATABOAEsALQBMAEEAQgAxAAQAKABjAGgAaQBsAGQALgBpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAwAYAHMAdQBuAGkAbABuAGsALQBsAGEAYgAxAAUAHABpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAAAAAA==[\r][\n]" > [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Pragma: no-cache[\r][\n]" > [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" > [DEBUG] header - << "Content-Type: text/html[\r][\n]" > [DEBUG] header - << "Content-Length: 0 [\r][\n]" > [DEBUG] header - << "[\r][\n]" > [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]" > [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" > [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - >> "Proxy-Authorization: NTLM > TlRMTVNTUAADAAAAGAAYAFwAAAAAAAAAdAAAAA0ADQBAAAAADQANAE0AAAACAAIAWgAAAAAAAAB0AAAABlIAADE3Mi4yNi4yMzAuODZBRE1JTklTVFJBVE9STlTpGOVYkkr+LQRybRsJCgxl2lYVu2N/vb8=[\r][\n]" > [DEBUG] header - >> "Host: verisign.com[\r][\n]" > [DEBUG] header - >> "[\r][\n]" > [DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]" > [DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]" > [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" > [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Content-length: 0[\r][\n]" > [DEBUG] header - << "Date: Tue, 23 Jun 2009 04:19:48 GMT[\r][\n]" > [DEBUG] header - << "Location: http://www.verisign.com/[\r][\n]" > [DEBUG] header - << "Content-type: text/html[\r][\n]" > [DEBUG] header - << "Server: Netscape-Enterprise/4.1[\r][\n]" > [DEBUG] header - << "[\r][\n]" > [DEBUG] header - >> "GET http://www.verisign.com/ HTTP/1.1[\r][\n]" > [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" > [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - >> "Host: www.verisign.com[\r][\n]" > [DEBUG] header - >> "[\r][\n]" > [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA > Server requires authorization to fulfill the request. Access to the Web > Proxy filter is denied. )[\r][\n]" > [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA > Server requires authorization to fulfill the request. Access to the Web > Proxy filter is denied. )[\r][\n]" > [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]" > [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Pragma: no-cache[\r][\n]" > [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" > [DEBUG] header - << "Content-Type: text/html[\r][\n]" > [DEBUG] header - << "Content-Length: 4106 [\r][\n]" > [DEBUG] header - << "[\r][\n]" > [INFO] HttpMethodDirector - Failure authenticating with NTLM <any > realm>@172.16.100.16:8080 > > When I tried the with the code changes as > In processRedirectResponse { > method.getHostAuthState().invalidate(); > I added the below line, > method.getProxyAuthState().invalidate(); > } > This works > Thanks, > RajK > This appears to be a bug in HttpClient 3.1. Would it be a big deal for you to test the same request with the latest HttpClient 4.0 snapshot? https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/ Also, feel free to open an issue in JIRA for this bug https://issues.apache.org/jira/browse/HTTPCLIENT Oleg > > olegk wrote: > > > > On Thu, Jun 04, 2009 at 03:41:53AM -0700, RajK wrote: > >> > >> HI all, > >> During redirect time, the auth has to be cleared as the below issues > >> says, > >> http://issues.apache.org/jira/browse/HTTPCLIENT-211 > >> but, it does it only for the hosts NTLM authentication, > >> But, when we have NTLM at proxy, redirect fails. > >> > >> Should we have it cleared for proxy also, right? please let me know > >> otherwise, please let me know. > >> > >> Thanks, > >> Raj > >> > >> > > > > Post wire / context log > > > > Oleg > > > > > >> > >> -- > >> View this message in context: > >> http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p23867531.html > >> Sent from the HttpClient-User mailing list archive at Nabble.com. > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: httpclient-users-unsubscribe@... > >> For additional commands, e-mail: httpclient-users-help@... > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: httpclient-users-unsubscribe@... > > For additional commands, e-mail: httpclient-users-help@... > > > > > > > > -- > View this message in context: http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p24158833.html > Sent from the HttpClient-User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscribe@... > For additional commands, e-mail: httpclient-users-help@... > --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscribe@... For additional commands, e-mail: httpclient-users-help@... |
|
|
Re: redirect fails when NTLM authentication is used for proxy
by RajK
::
Rate this Message:
HI Oleg,
I will surely test, but, I downloaded the file from the below given link, it does not compile, org.apache.http.params. classes reference fails and many other fails. https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/ I tried downloading jar files, that also does have params package, Am I missing anything? Does that work? or any other referrence, Thanks, Raj
|
|
|
Re: redirect fails when NTLM authentication is used for proxy
by RajK
::
Rate this Message:
Hi Oleg,
I have downloaded the source file and try to compile it, it gave errors as it was not able to locate the files such as files in org.apache.http.params. https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/ Neither jar files also has these references. Am I missing anything, is that the right link? Thanks, Raj
|
|
|
Re: redirect fails when NTLM authentication is used for proxy
by olegk
::
Rate this Message:
On Fri, Jun 26, 2009 at 04:36:14AM -0700, RajK wrote:
> > Hi Oleg, > I have downloaded the source file and try to compile it, > it gave errors as it was not able to locate the files such as > files in org.apache.http.params. > https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/ > > Neither jar files also has these references. > > Am I missing anything, is that the right link? > Thanks, > Raj > You need to make sure you have all requisite dependencies on the classpath. You can get the latest build of HttpClient 4.0 with all dependencies here: http://people.apache.org/~olegk/httpclient-4.0-rc1/ Oleg > > olegk wrote: > > > > On Mon, Jun 22, 2009 at 09:35:58PM -0700, RajK wrote: > >> > >> HI Oleg, > >> Thanks for the reply, here is the wire logs, > >> > >> [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]" > >> [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" > >> [DEBUG] header - >> "Host: verisign.com[\r][\n]" > >> [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" > >> [DEBUG] header - >> "[\r][\n]" > >> [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA > >> Server requires authorization to fulfill the request. Access to the Web > >> Proxy filter is denied. )[\r][\n]" > >> [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA > >> Server requires authorization to fulfill the request. Access to the Web > >> Proxy filter is denied. )[\r][\n]" > >> [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" > >> [DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]" > >> [DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]" > >> [DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]" > >> [DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]" > >> [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" > >> [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" > >> [DEBUG] header - << "Pragma: no-cache[\r][\n]" > >> [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" > >> [DEBUG] header - << "Content-Type: text/html[\r][\n]" > >> [DEBUG] header - << "Content-Length: 4106 [\r][\n]" > >> [DEBUG] header - << "[\r][\n]" > >> [INFO] AuthChallengeProcessor - ntlm authentication scheme selected > >> [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]" > >> [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" > >> [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" > >> [DEBUG] header - >> "Proxy-Authorization: NTLM > >> TlRMTVNTUAABAAAABlIAAA0ADQAiAAAAAgACACAAAABOVDE3Mi4yNi4yMzAuODY=[\r][\n]" > >> [DEBUG] header - >> "Host: verisign.com[\r][\n]" > >> [DEBUG] header - >> "[\r][\n]" > >> [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access > >> is > >> denied. )[\r][\n]" > >> [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access > >> is > >> denied. )[\r][\n]" > >> [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" > >> [DEBUG] header - << "Proxy-Authenticate: NTLM > >> TlRMTVNTUAACAAAACQAJADgAAAAGAoECE6EfrShmucQAAAAAAAAAAJ4AngBBAAAABQLODgAAAA9DSElMRElCQUMCABIAQwBIAEkATABEAEkAQgBBAEMAAQAYAFMAVQBOAEkATABOAEsALQBMAEEAQgAxAAQAKABjAGgAaQBsAGQALgBpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAwAYAHMAdQBuAGkAbABuAGsALQBsAGEAYgAxAAUAHABpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAAAAAA==[\r][\n]" > >> [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" > >> [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" > >> [DEBUG] header - << "Pragma: no-cache[\r][\n]" > >> [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" > >> [DEBUG] header - << "Content-Type: text/html[\r][\n]" > >> [DEBUG] header - << "Content-Length: 0 [\r][\n]" > >> [DEBUG] header - << "[\r][\n]" > >> [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]" > >> [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" > >> [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" > >> [DEBUG] header - >> "Proxy-Authorization: NTLM > >> TlRMTVNTUAADAAAAGAAYAFwAAAAAAAAAdAAAAA0ADQBAAAAADQANAE0AAAACAAIAWgAAAAAAAAB0AAAABlIAADE3Mi4yNi4yMzAuODZBRE1JTklTVFJBVE9STlTpGOVYkkr+LQRybRsJCgxl2lYVu2N/vb8=[\r][\n]" > >> [DEBUG] header - >> "Host: verisign.com[\r][\n]" > >> [DEBUG] header - >> "[\r][\n]" > >> [DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]" > >> [DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]" > >> [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" > >> [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" > >> [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" > >> [DEBUG] header - << "Content-length: 0[\r][\n]" > >> [DEBUG] header - << "Date: Tue, 23 Jun 2009 04:19:48 GMT[\r][\n]" > >> [DEBUG] header - << "Location: http://www.verisign.com/[\r][\n]" > >> [DEBUG] header - << "Content-type: text/html[\r][\n]" > >> [DEBUG] header - << "Server: Netscape-Enterprise/4.1[\r][\n]" > >> [DEBUG] header - << "[\r][\n]" > >> [DEBUG] header - >> "GET http://www.verisign.com/ HTTP/1.1[\r][\n]" > >> [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" > >> [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" > >> [DEBUG] header - >> "Host: www.verisign.com[\r][\n]" > >> [DEBUG] header - >> "[\r][\n]" > >> [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA > >> Server requires authorization to fulfill the request. Access to the Web > >> Proxy filter is denied. )[\r][\n]" > >> [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA > >> Server requires authorization to fulfill the request. Access to the Web > >> Proxy filter is denied. )[\r][\n]" > >> [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" > >> [DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]" > >> [DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]" > >> [DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]" > >> [DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]" > >> [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" > >> [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" > >> [DEBUG] header - << "Pragma: no-cache[\r][\n]" > >> [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" > >> [DEBUG] header - << "Content-Type: text/html[\r][\n]" > >> [DEBUG] header - << "Content-Length: 4106 [\r][\n]" > >> [DEBUG] header - << "[\r][\n]" > >> [INFO] HttpMethodDirector - Failure authenticating with NTLM <any > >> realm>@172.16.100.16:8080 > >> > >> When I tried the with the code changes as > >> In processRedirectResponse { > >> method.getHostAuthState().invalidate(); > >> I added the below line, > >> method.getProxyAuthState().invalidate(); > >> } > >> This works > >> Thanks, > >> RajK > >> > > > > This appears to be a bug in HttpClient 3.1. Would it be a big deal for you > > to test the same request with the latest HttpClient 4.0 snapshot? > > > > https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/ > > > > Also, feel free to open an issue in JIRA for this bug > > > > https://issues.apache.org/jira/browse/HTTPCLIENT > > > > Oleg > > > > > > > >> > >> olegk wrote: > >> > > >> > On Thu, Jun 04, 2009 at 03:41:53AM -0700, RajK wrote: > >> >> > >> >> HI all, > >> >> During redirect time, the auth has to be cleared as the below > >> issues > >> >> says, > >> >> http://issues.apache.org/jira/browse/HTTPCLIENT-211 > >> >> but, it does it only for the hosts NTLM authentication, > >> >> But, when we have NTLM at proxy, redirect fails. > >> >> > >> >> Should we have it cleared for proxy also, right? please let me know > >> >> otherwise, please let me know. > >> >> > >> >> Thanks, > >> >> Raj > >> >> > >> >> > >> > > >> > Post wire / context log > >> > > >> > Oleg > >> > > >> > > >> >> > >> >> -- > >> >> View this message in context: > >> >> > >> http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p23867531.html > >> >> Sent from the HttpClient-User mailing list archive at Nabble.com. > >> >> > >> >> > >> >> --------------------------------------------------------------------- > >> >> To unsubscribe, e-mail: httpclient-users-unsubscribe@... > >> >> For additional commands, e-mail: httpclient-users-help@... > >> >> > >> > > >> > --------------------------------------------------------------------- > >> > To unsubscribe, e-mail: httpclient-users-unsubscribe@... > >> > For additional commands, e-mail: httpclient-users-help@... > >> > > >> > > >> > > >> > >> -- > >> View this message in context: > >> http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p24158833.html > >> Sent from the HttpClient-User mailing list archive at Nabble.com. > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: httpclient-users-unsubscribe@... > >> For additional commands, e-mail: httpclient-users-help@... > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: httpclient-users-unsubscribe@... > > For additional commands, e-mail: httpclient-users-help@... > > > > > > > > -- > View this message in context: http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p24218716.html > Sent from the HttpClient-User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscribe@... > For additional commands, e-mail: httpclient-users-help@... > --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscribe@... For additional commands, e-mail: httpclient-users-help@... |
|
|
Re: redirect fails when NTLM authentication is used for proxy
by RajK
::
Rate this Message:
Hi Oleg,
I tried out for the release, https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/ This time I did include all the jars (http-core, jcifs for Ntlm etc.) and tried out NTLM as given http://hc.apache.org/httpcomponents-client/ntlm.html It still fails on trying out the new urls in the re-direct executions. Here is the logs, [DEBUG] DefaultRequestDirector - Attempt 1 to execute request [DEBUG] DefaultRequestDirector - Connection can be kept alive indefinitely [DEBUG] DefaultRequestDirector - Proxy requested authentication [DEBUG] DefaultRequestDirector - Authorization challenge processed [DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any realm>@172.16.231.11:8080 [DEBUG] DefaultRequestDirector - Found credentials [DEBUG] DefaultRequestDirector - Attempt 2 to execute request [DEBUG] DefaultRequestDirector - Connection can be kept alive indefinitely [DEBUG] DefaultRequestDirector - Proxy requested authentication [DEBUG] DefaultRequestDirector - Authorization challenge processed [DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any realm>@172.16.231.11:8080 [DEBUG] DefaultRequestDirector - Attempt 3 to execute request [DEBUG] DefaultRequestDirector - Connection can be kept alive indefinitely [DEBUG] DefaultRequestDirector - Redirecting to 'http://www.verisign.com/' via HttpRoute[{}->http://172.16.231.11:8080->http://www.verisign.com] [ERROR] RequestProxyAuthentication - Proxy authentication error: Unexpected state: MSG_TYPE3_GENERATED [DEBUG] DefaultRequestDirector - Attempt 4 to execute request [DEBUG] DefaultRequestDirector - Connection can be kept alive indefinitely [DEBUG] DefaultRequestDirector - Proxy requested authentication [DEBUG] DefaultRequestDirector - Authorization challenge processed [DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any realm>@172.16.231.11:8080 [DEBUG] DefaultRequestDirector - Authentication failed ---------------------------------------- HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ) I tried with the direct urls such as https://www.verisign.com etc, and it works. Thanks and Regards, Raj K |
|
|
Re: redirect fails when NTLM authentication is used for proxy
by olegk
::
Rate this Message:
On Mon, Jun 29, 2009 at 02:09:32AM -0700, RajK wrote:
> > Hi Oleg, > I tried out for the release, > > https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/ > This time I did include all the jars (http-core, jcifs for Ntlm etc.) > and tried out NTLM as given > http://hc.apache.org/httpcomponents-client/ntlm.html > > It still fails on trying out the new urls in the re-direct executions. > Raj, Could you please raise a JIRA for this issue and attach a complete wire / context log to it? https://issues.apache.org/jira/browse/HTTPCLIENT http://hc.apache.org/httpcomponents-client/logging.html Oleg > Here is the logs, > [DEBUG] DefaultRequestDirector - Attempt 1 to execute request > [DEBUG] DefaultRequestDirector - Connection can be kept alive indefinitely > [DEBUG] DefaultRequestDirector - Proxy requested authentication > [DEBUG] DefaultRequestDirector - Authorization challenge processed > [DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any > realm>@172.16.231.11:8080 > [DEBUG] DefaultRequestDirector - Found credentials > [DEBUG] DefaultRequestDirector - Attempt 2 to execute request > [DEBUG] DefaultRequestDirector - Connection can be kept alive indefinitely > [DEBUG] DefaultRequestDirector - Proxy requested authentication > [DEBUG] DefaultRequestDirector - Authorization challenge processed > [DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any > realm>@172.16.231.11:8080 > [DEBUG] DefaultRequestDirector - Attempt 3 to execute request > [DEBUG] DefaultRequestDirector - Connection can be kept alive indefinitely > [DEBUG] DefaultRequestDirector - Redirecting to 'http://www.verisign.com/' > via HttpRoute[{}->http://172.16.231.11:8080->http://www.verisign.com] > [ERROR] RequestProxyAuthentication - Proxy authentication error: Unexpected > state: MSG_TYPE3_GENERATED > [DEBUG] DefaultRequestDirector - Attempt 4 to execute request > [DEBUG] DefaultRequestDirector - Connection can be kept alive indefinitely > [DEBUG] DefaultRequestDirector - Proxy requested authentication > [DEBUG] DefaultRequestDirector - Authorization challenge processed > [DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any > realm>@172.16.231.11:8080 > [DEBUG] DefaultRequestDirector - Authentication failed > ---------------------------------------- > HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires > authorization to fulfill the request. Access to the Web Proxy filter is > denied. ) > > I tried with the direct urls such as https://www.verisign.com etc, and it > works. > > Thanks and Regards, > Raj K > -- > View this message in context: http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p24250740.html > Sent from the HttpClient-User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscribe@... > For additional commands, e-mail: httpclient-users-help@... > --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscribe@... For additional commands, e-mail: httpclient-users-help@... |
|
|
Re: redirect fails when NTLM authentication is used for proxy
by RajK
::
Rate this Message:
|
| Free embeddable forum powered by Nabble | Forum Help |
