You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by MASTRELLA STEFANO <sm...@sogei.it> on 2010/09/08 12:03:06 UTC
[httpclient] NTLM scheme authentication: Credentials not found
I'd like to goggle around via the httpclient library through a proxy
with a NTLM authentication scheme, so I've just copied the example in
http://hc.apache.org/httpcomponents-client-4.0.1/ntlm.html#Using_Samba_J
CIFS_as_an_NTLM_engine
and adjust the variable to match my goal.
The result code is the same for the NTLMSchemeFactory but in the
JCIFSEngine I've changed the Type3Message constructor in the method
generateType3Msg(..) to accomplish the signature
public class JCIFSEngine implements NTLMEngine
{
...
public String generateType3Msg (String username,
String password,
String domain,
String workstation,
String challenge)
throws NTLMEngineException
{
Type2Message t2m;
try
{
t2m = new Type2Message(Base64.decode(challenge));
}
catch (IOException ex)
{
throw new NTLMEngineException("Invalid Type2 message", ex);
}
/*
* The constructor for the Type3Message in the jcifs_1.3.14 library
MUST have the
* flags variable, the (Type2Message, String, String, String,
String) construcotr is
* no longer avialable
*/
Type3Message t3m = new Type3Message(t2m, password, domain, username,
workstation, Type3Message.getDefaultFlags(t2m));
return Base64.encode(t3m.toByteArray());
}
}
The configuration of the HttpClient is as in the following
public class HttpTest
{
public void doGoogling() throws ClientProtocolException, IOException
{
BasicConfigurator.configure();
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getAuthSchemes().register("ntlm", new
NTLMSchemeFactory());
/*
* Proxy configuration
*/
HttpHost proxy = new HttpHost("myproxy.it", 8080);
httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY,
proxy);
/*
* credentials: the username and the workstation are the same
because
* the program run from the user owner of the workstation
*/
NTCredentials creds = new NTCredentials("myusername", "mypassw",
"myusername", "mydomain");
AuthScope scope = new AuthScope("google.com", AuthScope.ANY_PORT);
httpclient.getCredentialsProvider().setCredentials(scope, creds);
HttpHost target = new HttpHost("wwww.google.com", 8080, "http");
HttpRequest httpRequest = new HttpGet("");
HttpResponse response = httpclient.execute(target, httpRequest);
System.out.println("Form get: " + response.getStatusLine());
}
public static void main (String[] args) throws
ClientProtocolException, IOException
{
HttpTest login = new HttpTest();
login.doGoogling();
}
}
What I get is a "Credential not found" which leads to a "HTTP/1.1 407
Proxy Authentication Required" as you can see in the last lines of the
stack trace posted below (look at those lines marked with the 311 at the
start of the line)
0 [main] DEBUG .impl.conn.SingleClientConnManager - Get connection for
route HttpRoute[{}->http://myproxy.it:8080->http://wwww.google.com:8080]
90 [main] DEBUG .client.protocol.RequestAddCookies - CookieSpec
selected: best-match
110 [main] DEBUG .impl.client.DefaultHttpClient - Attempt 1 to execute
request
110 [main] DEBUG .impl.conn.DefaultClientConnection - Sending request:
GET http://wwww.google.com:8080/ HTTP/1.1
110 [main] DEBUG .wire - >> "GET http://wwww.google.com:8080/
HTTP/1.1[EOL]"
120 [main] DEBUG .wire - >> "Host: wwww.google.com:8080[EOL]"
120 [main] DEBUG .wire - >> "Proxy-Connection: Keep-Alive[EOL]"
120 [main] DEBUG .wire - >> "User-Agent: Apache-HttpClient/4.0.1 (java
1.5)[EOL]"
120 [main] DEBUG .wire - >> "[EOL]"
120 [main] DEBUG .headers - >> GET http://wwww.google.com:8080/
HTTP/1.1
120 [main] DEBUG .headers - >> Host: wwww.google.com:8080
120 [main] DEBUG .headers - >> Proxy-Connection: Keep-Alive
120 [main] DEBUG .headers - >> User-Agent: Apache-HttpClient/4.0.1
(java 1.5)
171 [main] DEBUG .wire - << "HTTP/1.1 407 Proxy Authentication
Required[EOL]"
201 [main] DEBUG .wire - << "Proxy-Authenticate: NTLM[EOL]"
201 [main] DEBUG .wire - << "Proxy-Authenticate: BASIC
realm="MY_REALM"[EOL]"
201 [main] DEBUG .wire - << "Cache-Control: no-cache[EOL]"
201 [main] DEBUG .wire - << "Pragma: no-cache[EOL]"
201 [main] DEBUG .wire - << "Content-Type: text/html;
charset=utf-8[EOL]"
201 [main] DEBUG .wire - << "Proxy-Connection: close[EOL]"
201 [main] DEBUG .wire - << "Set-Cookie: BCSI-CS-0FE2DDB991FDFC36=2;
Path=/[EOL]"
201 [main] DEBUG .wire - << "Connection: close[EOL]"
201 [main] DEBUG .wire - << "Content-Length: 1015[EOL]"
201 [main] DEBUG .wire - << "[EOL]"
201 [main] DEBUG .impl.conn.DefaultClientConnection - Receiving
response: HTTP/1.1 407 Proxy Authentication Required
201 [main] DEBUG .headers - << HTTP/1.1 407 Proxy Authentication
Required
201 [main] DEBUG .headers - << Proxy-Authenticate: NTLM
201 [main] DEBUG .headers - << Proxy-Authenticate: BASIC
realm="MY_REALM"
201 [main] DEBUG .headers - << Cache-Control: no-cache
201 [main] DEBUG .headers - << Pragma: no-cache
201 [main] DEBUG .headers - << Content-Type: text/html; charset=utf-8
201 [main] DEBUG .headers - << Proxy-Connection: close
201 [main] DEBUG .headers - << Set-Cookie: BCSI-CS-0FE2DDB991FDFC36=2;
Path=/
201 [main] DEBUG .headers - << Connection: close
201 [main] DEBUG .headers - << Content-Length: 1015
261 [main] DEBUG .client.protocol.ResponseProcessCookies - Cookie
accepted: "[version: 0][name: BCSI-CS-0FE2DDB991FDFC36][value:
2][domain: wwww.google.com][path: /][expiry: null]".
261 [main] DEBUG .impl.client.DefaultHttpClient - Proxy requested
authentication
261 [main] DEBUG .impl.client.DefaultProxyAuthenticationHandler -
Authentication schemes in the order of preference: [ntlm, digest, basic]
261 [main] DEBUG .impl.client.DefaultProxyAuthenticationHandler - ntlm
authentication scheme selected
311 [main] DEBUG .impl.client.DefaultHttpClient - Authorization
challenge processed
311 [main] DEBUG .impl.client.DefaultHttpClient - Authentication scope:
NTLM <any realm>@myproxy.it:8080
311 [main] DEBUG .impl.client.DefaultHttpClient - Credentials not found
Form get: HTTP/1.1 407 Proxy Authentication Required
The question is quite simple, what's wrong?
---
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: [httpclient] NTLM scheme authentication: Credentials not found
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2010-09-08 at 12:03 +0200, MASTRELLA STEFANO wrote:
> I'd like to goggle around via the httpclient library through a proxy
> with a NTLM authentication scheme, so I've just copied the example in
>
...
> The configuration of the HttpClient is as in the following
>
> public class HttpTest
> {
> public void doGoogling() throws ClientProtocolException, IOException
> {
> BasicConfigurator.configure();
>
> DefaultHttpClient httpclient = new DefaultHttpClient();
>
> httpclient.getAuthSchemes().register("ntlm", new
> NTLMSchemeFactory());
>
> /*
> * Proxy configuration
> */
> HttpHost proxy = new HttpHost("myproxy.it", 8080);
> httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY,
> proxy);
>
> /*
> * credentials: the username and the workstation are the same
> because
> * the program run from the user owner of the workstation
> */
> NTCredentials creds = new NTCredentials("myusername", "mypassw",
> "myusername", "mydomain");
> AuthScope scope = new AuthScope("google.com", AuthScope.ANY_PORT);
>
> httpclient.getCredentialsProvider().setCredentials(scope, creds);
>
Auth scope is wrong. The host name should be that of the proxy not of
the target.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org