You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by bu...@apache.org on 2003/04/22 21:31:34 UTC
DO NOT REPLY [Bug 19226] New: -
NTLM authentication failed due to closing of connection
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19226>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19226
NTLM authentication failed due to closing of connection
Summary: NTLM authentication failed due to closing of connection
Product: Commons
Version: 2.0 Beta 2
Platform: PC
OS/Version: Other
Status: NEW
Severity: Major
Priority: Other
Component: HttpClient
AssignedTo: commons-httpclient-dev@jakarta.apache.org
ReportedBy: bin.chen@sabre-holdings.com
Description:
When dealing with a NTLM proxy server that sends response back with lines:
14:51:27:750 << HTTP/1.0 407 Proxy Authentication Required
14:51:27:796 << Date: Mon, 14 Apr 2003 19:52:43GMT[\r][\n]
14:51:27:796 << Content-Length: 257[\r][\n]
14:51:27:796 << Content-Type: text/html[\r][\n]
14:51:27:796 << Server: NetCache appliance (NetApp/5.3.1R1)[\r][\n]
14:51:27:796 << Connection: keep-alive[\r][\n]
14:51:27:796 << Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAABgAGACgAAAAGggEAtOoNy4M0g0EAAAAAAAAAAEdMT0JBTA==[\r][\n]
The httpClient code is using the "HTTP/1.0" as clue for closing the connection
and ignored the "Connection: keep-alive". That caused the NTLM authentication
to fail as the NTLM requires the response to the challenge to be sent back on
the same connection.
Proposed Fix:
Our fix is to add a flag inProxyAuthenticationRetry (in HttpMethodBase) to
indicate that the method is doing proxy authentication retry. When the flag is
true, in "HttpMethodBase.shouldCloseConnection", check the "Connection: keep-
alive" before determining to close the connection.