You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Chris Ashurst <ca...@thig.com> on 2005/09/06 20:30:30 UTC

Preemptive Authorisation Problem

I've been playing around with the httpclient library for a little bit to 
try and get it to connect to a service website in use by my employer.

The problem is weird... As far as I can see, I've followed the example 
scripts and they've worked fine in terms of testing against the server 
running on my dev machine. However, when I try to connect to the service 
website, I always get the following:

[INFO] AuthChallengeProcessor - basic authentication scheme selected
[INFO] HttpMethodDirector - Failure authenticating with BASIC 
'blackweb.msbexpress.net'@blackweb.msbexpress.net:80

This happens regardless of whether I choose to use preemptive 
authentication or not.

As I say, on my localhost Basic auth test, I get no problems at all with 
the login (again, regardless of whether I choose preemptive login or not).

As far as I can see, the service website uses IIS, and attempting to 
read the headers through a regular login on FireFox shows that it does 
in fact use Basic authentication:

HTTP/1.x 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Tue, 06 Sep 2005 18:26:26 GMT
WWW-Authenticate: Basic realm="blackweb.msbexpress.net"
Connection: close
Content-Length: 4431
Content-Type: text/html

So I know I have the correct realm set, but one thing I'm curious about 
is the fact that the username has to be sent as <domain>\<username> and 
the password includes an ampersand (&)... This is usual of an NTLM 
login, right (as far as the domain\username part)?

And one last thing... Why does Eclipse report 
setAuthenticationPreemptive and setCredentials as depreceated?

Code as follows:

~~~

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.methods.GetMethod;

public class BasicAuth {

     public BasicAuth() {}

     public static void main(String[] args) throws Exception {
         HttpClient client = new HttpClient();
         client.getState().setAuthenticationPreemptive(true);

         // pass our credentials to HttpClient, they will only be used for
         // authenticating to servers with realm "realm", to 
authenticate agains
         // an arbitrary realm change this to null.
         client.getState().setCredentials(
             "blackweb.msbexpress.net",													//Realm
             "blackweb.msbexpress.net", 											//Host
             new UsernamePasswordCredentials("domain\user", 
"pass&word")		//Duh
         );

         GetMethod get = new 
GetMethod("http://blackweb.msbexpress.net/thig/Test");
         get.setDoAuthentication(true);

         int status = client.executeMethod(get);

         System.out.println(status + "\n" + get.getResponseBodyAsString());

         get.releaseConnection();
     }

}

~~~

Thanks in advance


~Chris

-- 
~Chris Ashurst
~~Tower Hill Insurance
~cashurst@thig.com

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org