You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Matt Russell <ma...@gmail.com> on 2014/03/28 16:12:56 UTC
407 error with NTLM proxy
Hi,
I'm hoping someone can help me diagnose an intermittent "407 Proxy
Authentication Required" error when using HttpClient through an NTLM proxy.
I've found that I always get a 407 responses, unless I first go and fetch
any web page in a browser. After I load a page, I get "200 OK" responses
for 30 seconds via HttpClient, after which it reverts to 407s.
(My guess is that this is because HttpClient is handing off the
authentication to the OS, as is the web browser, and the browser request
causes an authentication token to be cached for a while, which lets
HttpClient work until it expires.)
I'm using HttpClient 4.2.3 on Windows XP, proxy is squid/2.7.STABLE4. I've
tried both with and without a JCIFS NTLM engine, but it seems to make no
difference. Java code and logs below.
Any help would be much appreciated,
Cheers,
-- Matt
Code
====
import java.net.InetAddress;
import java.net.URI;
import java.net.UnknownHostException;
import java.util.Date;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.StatusLine;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthSchemeFactory;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.NTCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.params.ConnRoutePNames;
import org.apache.http.impl.auth.NTLMScheme;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.HttpParams;
public class HttpTest {
private static final String PROXY_HOST = "webproxy";
private static final int PROXY_PORT = 8080;
private static final String USERNAME = "USERNAME";
private static final String PASSWORD = "PASSWORD";
private static final String DOMAIN = "DOMAIN";
private static final String TEST_URL = "http://www.example.com";
public static void main(String[] args) throws Exception {
DefaultHttpClient httpClient = httpClient();
HttpGet get = new HttpGet(new URI(TEST_URL));
HttpResponse response = httpClient.execute(get);
StatusLine statusLine = response.getStatusLine();
System.out.println(statusLine);
}
private static DefaultHttpClient httpClient() {
DefaultHttpClient httpClient = new DefaultHttpClient();
httpClient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, new
HttpHost(PROXY_HOST, PROXY_PORT));
configureNTLMCredentials(httpClient);
return httpClient;
}
private static void configureNTLMCredentials(DefaultHttpClient httpClient) {
httpClient.getAuthSchemes().register("ntlm", new AuthSchemeFactory() {
public AuthScheme newInstance(HttpParams _) {
return new NTLMScheme(new JCIFSEngine());
}
});
NTCredentials credentials = new NTCredentials(USERNAME, PASSWORD,
hostName(), DOMAIN);
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, credentials);
httpClient.getCredentialsProvider().setCredentials(AuthScope.ANY,
credentials);
}
private static String hostName() {
try {
return InetAddress.getLocalHost().getHostName();
} catch (UnknownHostException e) {
throw new RuntimeException(e);
}
}
}
Log for a 407
=============
2014/03/28 14:49:40:652 GMT [DEBUG] BasicClientConnectionManager - Get
connection for route {tls}->http://webproxy:8080->https://example.com
2014/03/28 14:49:40:668 GMT [DEBUG] DefaultClientConnectionOperator -
Connecting to webproxy:8080
2014/03/28 14:49:40:699 GMT [DEBUG] RequestAuthCache - Auth cache not set
in the context
2014/03/28 14:49:40:699 GMT [DEBUG] RequestProxyAuthentication - Proxy auth
state: UNCHALLENGED
2014/03/28 14:49:40:699 GMT [DEBUG] DefaultClientConnection - Sending
request: CONNECT example.com:443 HTTP/1.1
2014/03/28 14:49:40:699 GMT [DEBUG] headers - >> CONNECT example.com:443HTTP/1.1
2014/03/28 14:49:40:699 GMT [DEBUG] headers - >> Host: example.com
2014/03/28 14:49:40:699 GMT [DEBUG] headers - >> Proxy-Connection:
Keep-Alive
2014/03/28 14:49:40:699 GMT [DEBUG] headers - >> User-Agent:
Apache-HttpClient/4.2.3 (java 1.5)
2014/03/28 14:49:40:715 GMT [DEBUG] DefaultClientConnection - Receiving
response: HTTP/1.0 407 Proxy Authentication Required
2014/03/28 14:49:40:715 GMT [DEBUG] headers - << HTTP/1.0 407 Proxy
Authentication Required
2014/03/28 14:49:40:715 GMT [DEBUG] headers - << Server: squid/2.7.STABLE4
2014/03/28 14:49:40:715 GMT [DEBUG] headers - << Date: Fri, 28 Mar 2014
14:49:40 GMT
2014/03/28 14:49:40:715 GMT [DEBUG] headers - << Content-Type: text/html
2014/03/28 14:49:40:715 GMT [DEBUG] headers - << Content-Length: 1370
2014/03/28 14:49:40:715 GMT [DEBUG] headers - << Expires: Fri, 28 Mar 2014
14:49:40 GMT
2014/03/28 14:49:40:715 GMT [DEBUG] headers - << X-Squid-Error:
ERR_CACHE_ACCESS_DENIED 0
2014/03/28 14:49:40:715 GMT [DEBUG] headers - << Proxy-Authenticate: NTLM
2014/03/28 14:49:40:715 GMT [DEBUG] headers - << X-Cache: MISS from
ClientSiteProxy
2014/03/28 14:49:40:715 GMT [DEBUG] headers - << X-Cache-Lookup: NONE from
ClientSiteProxy:8080
2014/03/28 14:49:40:715 GMT [DEBUG] headers - << Connection: close
2014/03/28 14:49:40:715 GMT [DEBUG] ResponseProcessCookies - Cookie spec
not specified in HTTP context
2014/03/28 14:49:40:715 GMT [DEBUG] DefaultHttpClient - Authentication
required
2014/03/28 14:49:40:715 GMT [DEBUG] DefaultHttpClient - webproxy:8080
requested authentication
2014/03/28 14:49:40:715 GMT [DEBUG] ProxyAuthenticationStrategy -
Authentication schemes in the order of preference: [negotiate, Kerberos,
NTLM, Digest, Basic]
2014/03/28 14:49:40:715 GMT [DEBUG] ProxyAuthenticationStrategy - Challenge
for negotiate authentication scheme not available
2014/03/28 14:49:40:715 GMT [DEBUG] ProxyAuthenticationStrategy - Challenge
for Kerberos authentication scheme not available
2014/03/28 14:49:40:715 GMT [DEBUG] ProxyAuthenticationStrategy - Challenge
for Digest authentication scheme not available
2014/03/28 14:49:40:715 GMT [DEBUG] ProxyAuthenticationStrategy - Challenge
for Basic authentication scheme not available
2014/03/28 14:49:40:715 GMT [DEBUG] DefaultHttpClient - Selected
authentication options: [NTLM]
2014/03/28 14:49:40:715 GMT [DEBUG] DefaultClientConnection - Connection
0.0.0.0:12165<->192.168.115.74:8080 closed
2014/03/28 14:49:40:715 GMT [DEBUG] DefaultClientConnectionOperator -
Connecting to webproxy:8080
2014/03/28 14:49:40:730 GMT [DEBUG] RequestAuthCache - Auth cache not set
in the context
2014/03/28 14:49:40:730 GMT [DEBUG] RequestProxyAuthentication - Proxy auth
state: CHALLENGED
2014/03/28 14:49:40:730 GMT [DEBUG] RequestProxyAuthentication - Generating
response to an authentication challenge using ntlm scheme
2014/03/28 14:49:40:746 GMT [DEBUG] DefaultClientConnection - Sending
request: CONNECT example.com:443 HTTP/1.1
2014/03/28 14:49:40:746 GMT [DEBUG] headers - >> CONNECT example.com:443HTTP/1.1
2014/03/28 14:49:40:746 GMT [DEBUG] headers - >> Host: example.com
2014/03/28 14:49:40:746 GMT [DEBUG] headers - >> Proxy-Connection:
Keep-Alive
2014/03/28 14:49:40:746 GMT [DEBUG] headers - >> User-Agent:
Apache-HttpClient/4.2.3 (java 1.5)
2014/03/28 14:49:40:746 GMT [DEBUG] headers - >> Proxy-Authorization: NTLM
TlRMTVNTUAABAAAABbIIoAQABAAgAAAACgAKACQAAABIQ1VLTExIQzAwMTUzNw==
2014/03/28 14:49:40:762 GMT [DEBUG] DefaultClientConnection - Receiving
response: HTTP/1.0 407 Proxy Authentication Required
2014/03/28 14:49:40:762 GMT [DEBUG] headers - << HTTP/1.0 407 Proxy
Authentication Required
2014/03/28 14:49:40:762 GMT [DEBUG] headers - << Server: squid/2.7.STABLE4
2014/03/28 14:49:40:762 GMT [DEBUG] headers - << Date: Fri, 28 Mar 2014
14:49:40 GMT
2014/03/28 14:49:40:762 GMT [DEBUG] headers - << Content-Type: text/html
2014/03/28 14:49:40:762 GMT [DEBUG] headers - << Content-Length: 1370
2014/03/28 14:49:40:762 GMT [DEBUG] headers - << Expires: Fri, 28 Mar 2014
14:49:40 GMT
2014/03/28 14:49:40:762 GMT [DEBUG] headers - << X-Squid-Error:
ERR_CACHE_ACCESS_DENIED 0
2014/03/28 14:49:40:762 GMT [DEBUG] headers - << Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAACAAIADgAAAAFgomiTNnsnwdgPAYAAAAAAAAAAIYAhgBAAAAABgGxHQAAAA9IAEMAVQBLAAIACABIAEMAVQBLAAEAFABNAFYAVwBQAC0AQwBTAFAAMAAyAAQAEABoAGMAdQBrAC4AcAByAGkAAwAmAE0AVgBXAFAALQBDAFMAUAAwADIALgBoAGMAdQBrAC4AcAByAGkABQAQAGgAYwB1AGsALgBwAHIAaQAHAAgAZ7jx8pRKzwEAAAAA
2014/03/28 14:49:40:762 GMT [DEBUG] headers - << X-Cache: MISS from
ClientSiteProxy
2014/03/28 14:49:40:762 GMT [DEBUG] headers - << X-Cache-Lookup: NONE from
ClientSiteProxy:8080
2014/03/28 14:49:40:762 GMT [DEBUG] headers - << Connection: keep-alive
2014/03/28 14:49:40:762 GMT [DEBUG] headers - << Proxy-Connection:
keep-alive
2014/03/28 14:49:40:762 GMT [DEBUG] ResponseProcessCookies - Cookie spec
not specified in HTTP context
2014/03/28 14:49:40:762 GMT [DEBUG] DefaultHttpClient - Authentication
required
2014/03/28 14:49:40:762 GMT [DEBUG] DefaultHttpClient - webproxy:8080
requested authentication
2014/03/28 14:49:40:762 GMT [DEBUG] DefaultHttpClient - Authorization
challenge processed
2014/03/28 14:49:40:762 GMT [DEBUG] DefaultHttpClient - Connection kept
alive
2014/03/28 14:49:40:762 GMT [DEBUG] RequestAuthCache - Auth cache not set
in the context
2014/03/28 14:49:40:762 GMT [DEBUG] RequestProxyAuthentication - Proxy auth
state: HANDSHAKE
2014/03/28 14:49:40:762 GMT [DEBUG] DefaultClientConnection - Sending
request: CONNECT example.com:443 HTTP/1.1
2014/03/28 14:49:40:762 GMT [DEBUG] headers - >> CONNECT example.com:443HTTP/1.1
2014/03/28 14:49:40:762 GMT [DEBUG] headers - >> Host: example.com
2014/03/28 14:49:40:762 GMT [DEBUG] headers - >> Proxy-Connection:
Keep-Alive
2014/03/28 14:49:40:762 GMT [DEBUG] headers - >> User-Agent:
Apache-HttpClient/4.2.3 (java 1.5)
2014/03/28 14:49:40:762 GMT [DEBUG] headers - >> Proxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAEAAAAC2ALYAWAAAAAgACAAOAQAADgAOABYBAAAUABQAJAEAAAAAAAAAAAAABYKIosEVy/XXkUTCvU/zAtCvraJ3GkkzjHU8oXJ47IiyvgJDJ8xXYky8wvsBAQAAAAAAAKAf4/KUSs8BwSwUOP6RDVcAAAAAAgAIAEgAQwBVAEsAAQAUAE0AVgBXAFAALQBDAFMAUAAwADIABAAQAGgAYwB1AGsALgBwAHIAaQADACYATQBWAFcAUAAtAEMAUwBQADAAMgAuAGgAYwB1AGsALgBwAHIAaQAFABAAaABjAHUAawAuAHAAcgBpAAcACABnuPHylErPAQAAAAAAAAAASABDAFUASwBqAGUAbgBrAGkAbgBzAEwATABIAEMAMAAwADEANQAzADcA
2014/03/28 14:49:40:793 GMT [DEBUG] DefaultClientConnection - Receiving
response: HTTP/1.0 407 Proxy Authentication Required
2014/03/28 14:49:40:793 GMT [DEBUG] headers - << HTTP/1.0 407 Proxy
Authentication Required
2014/03/28 14:49:40:793 GMT [DEBUG] headers - << Server: squid/2.7.STABLE4
2014/03/28 14:49:40:793 GMT [DEBUG] headers - << Date: Fri, 28 Mar 2014
14:49:40 GMT
2014/03/28 14:49:40:793 GMT [DEBUG] headers - << Content-Type: text/html
2014/03/28 14:49:40:793 GMT [DEBUG] headers - << Content-Length: 1370
2014/03/28 14:49:40:793 GMT [DEBUG] headers - << Expires: Fri, 28 Mar 2014
14:49:40 GMT
2014/03/28 14:49:40:793 GMT [DEBUG] headers - << X-Squid-Error:
ERR_CACHE_ACCESS_DENIED 0
2014/03/28 14:49:40:793 GMT [DEBUG] headers - << Proxy-Authenticate: NTLM
2014/03/28 14:49:40:793 GMT [DEBUG] headers - << X-Cache: MISS from
ClientSiteProxy
2014/03/28 14:49:40:793 GMT [DEBUG] headers - << X-Cache-Lookup: NONE from
ClientSiteProxy:8080
2014/03/28 14:49:40:793 GMT [DEBUG] headers - << Connection: close
2014/03/28 14:49:40:793 GMT [DEBUG] ResponseProcessCookies - Cookie spec
not specified in HTTP context
2014/03/28 14:49:40:793 GMT [DEBUG] DefaultHttpClient - Authentication
required
2014/03/28 14:49:40:793 GMT [DEBUG] DefaultHttpClient - webproxy:8080
requested authentication
2014/03/28 14:49:40:793 GMT [DEBUG] DefaultHttpClient - Authorization
challenge processed
2014/03/28 14:49:40:793 GMT [DEBUG] DefaultHttpClient - Authentication
failed
2014/03/28 14:49:40:793 GMT [DEBUG] DefaultHttpClient - CONNECT refused by
proxy: HTTP/1.0 407 Proxy Authentication Required
2014/03/28 14:49:40:793 GMT [DEBUG] BasicClientConnectionManager -
Releasing connection
org.apache.http.impl.conn.ManagedClientConnectionImpl@1e893df
2014/03/28 14:49:40:793 GMT [DEBUG] BasicClientConnectionManager -
Connection can be kept alive for 9223372036854775807 MILLISECONDS
Re: 407 error with NTLM proxy
Posted by Rob Goodberry <ro...@gmail.com>.
Hey Matt,
So just to confirm then if you have no existing sessions and then you start
the client, you do not receive any 200 OK responses? Can you confirm this
only seems to happen when there is an existing authenticated session?
When you say it doesn't make a difference using 4.3 or specifying
credentials, you mean it seems to work for about 30 seconds and then stops
still? I am also wondering if what you are trying would work using
URLConnection. It has no problem with transparent NTLM in my experience and
testing it would rule out some other potential issues.
Best of luck, discovering NTLM was one of my least favorite discoveries :P
Rob
Hi Rob,
> Are you using NTLM Authentication transparently?
Well, it certainly looked like it was authenticating transparently, I
assumed it was, but it now looks like it is -- somehow -- piggybacking on
authentications from browser sessions that were open at the same time I was
running my Java code.
I've tried 4.3, and specifying the credentials explicitly -- doesn't make a
difference, unfortunately.
Thanks,
-- Matt
On 30 March 2014 15:40, Rob Goodberry <ro...@gmail.com> wrote:
> Hey Matt,
>
> Are you using NTLM Authentication transparently? I emailed this group a
> while ago with problems using NTLM transparently in HC 4.2.3 and was told
> that support for that was going in for 4.3. Unfortunately my workplace is
> limited to JRE 1.5 so I was unable to test the new functionality which
> relied on (I believe) at least JRE 1.6. I was however able to use
> URLConnection with transparent NTLM authentication without an issue, which
> ended up being okay because I didn't really end up needing any advanced HC
> functionality.
>
> Do you have any limitations which prevent you from trying with HC 4.3+?
>
> Rob
> On 2014-03-30 10:12 AM, "Oleg Kalnichevski" <ol...@apache.org> wrote:
>
> > On Fri, 2014-03-28 at 15:12 +0000, Matt Russell wrote:
> > > Hi,
> > >
> > > I'm hoping someone can help me diagnose an intermittent "407 Proxy
> > > Authentication Required" error when using HttpClient through an NTLM
> > proxy.
> > >
> > > I've found that I always get a 407 responses, unless I first go and
> fetch
> > > any web page in a browser. After I load a page, I get "200 OK"
> responses
> > > for 30 seconds via HttpClient, after which it reverts to 407s.
> > >
> > > (My guess is that this is because HttpClient is handing off the
> > > authentication to the OS, as is the web browser, and the browser
> request
> > > causes an authentication token to be cached for a while, which lets
> > > HttpClient work until it expires.)
> > >
> > > I'm using HttpClient 4.2.3 on Windows XP, proxy is squid/2.7.STABLE4.
> > I've
> > > tried both with and without a JCIFS NTLM engine, but it seems to make
> no
> > > difference. Java code and logs below.
> > >
> >
> > Matt,
> >
> > Both JCIFS and the internal NTLM engines are pure java, platform
> > independent implementations that make no use of Windows specific
> > functionality. This is all I can tell you.
> >
> > There is only one person on the project with in-depth understanding of
> > NTLM. You may want to try your luck posting this question to the dev
> > list along with Wireshark packet dumps of successful and unsuccessful
> > session (this is the first thing you most certainly will be asked to
> > produce).
> >
> > Oleg
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
> >
>
Re: 407 error with NTLM proxy
Posted by Matt Russell <ma...@gmail.com>.
Hi Rob,
> Are you using NTLM Authentication transparently?
Well, it certainly looked like it was authenticating transparently, I
assumed it was, but it now looks like it is -- somehow -- piggybacking on
authentications from browser sessions that were open at the same time I was
running my Java code.
I've tried 4.3, and specifying the credentials explicitly -- doesn't make a
difference, unfortunately.
Thanks,
-- Matt
On 30 March 2014 15:40, Rob Goodberry <ro...@gmail.com> wrote:
> Hey Matt,
>
> Are you using NTLM Authentication transparently? I emailed this group a
> while ago with problems using NTLM transparently in HC 4.2.3 and was told
> that support for that was going in for 4.3. Unfortunately my workplace is
> limited to JRE 1.5 so I was unable to test the new functionality which
> relied on (I believe) at least JRE 1.6. I was however able to use
> URLConnection with transparent NTLM authentication without an issue, which
> ended up being okay because I didn't really end up needing any advanced HC
> functionality.
>
> Do you have any limitations which prevent you from trying with HC 4.3+?
>
> Rob
> On 2014-03-30 10:12 AM, "Oleg Kalnichevski" <ol...@apache.org> wrote:
>
> > On Fri, 2014-03-28 at 15:12 +0000, Matt Russell wrote:
> > > Hi,
> > >
> > > I'm hoping someone can help me diagnose an intermittent "407 Proxy
> > > Authentication Required" error when using HttpClient through an NTLM
> > proxy.
> > >
> > > I've found that I always get a 407 responses, unless I first go and
> fetch
> > > any web page in a browser. After I load a page, I get "200 OK"
> responses
> > > for 30 seconds via HttpClient, after which it reverts to 407s.
> > >
> > > (My guess is that this is because HttpClient is handing off the
> > > authentication to the OS, as is the web browser, and the browser
> request
> > > causes an authentication token to be cached for a while, which lets
> > > HttpClient work until it expires.)
> > >
> > > I'm using HttpClient 4.2.3 on Windows XP, proxy is squid/2.7.STABLE4.
> > I've
> > > tried both with and without a JCIFS NTLM engine, but it seems to make
> no
> > > difference. Java code and logs below.
> > >
> >
> > Matt,
> >
> > Both JCIFS and the internal NTLM engines are pure java, platform
> > independent implementations that make no use of Windows specific
> > functionality. This is all I can tell you.
> >
> > There is only one person on the project with in-depth understanding of
> > NTLM. You may want to try your luck posting this question to the dev
> > list along with Wireshark packet dumps of successful and unsuccessful
> > session (this is the first thing you most certainly will be asked to
> > produce).
> >
> > Oleg
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
> >
>
Re: 407 error with NTLM proxy
Posted by Rob Goodberry <ro...@gmail.com>.
Hey Matt,
Are you using NTLM Authentication transparently? I emailed this group a
while ago with problems using NTLM transparently in HC 4.2.3 and was told
that support for that was going in for 4.3. Unfortunately my workplace is
limited to JRE 1.5 so I was unable to test the new functionality which
relied on (I believe) at least JRE 1.6. I was however able to use
URLConnection with transparent NTLM authentication without an issue, which
ended up being okay because I didn't really end up needing any advanced HC
functionality.
Do you have any limitations which prevent you from trying with HC 4.3+?
Rob
On 2014-03-30 10:12 AM, "Oleg Kalnichevski" <ol...@apache.org> wrote:
> On Fri, 2014-03-28 at 15:12 +0000, Matt Russell wrote:
> > Hi,
> >
> > I'm hoping someone can help me diagnose an intermittent "407 Proxy
> > Authentication Required" error when using HttpClient through an NTLM
> proxy.
> >
> > I've found that I always get a 407 responses, unless I first go and fetch
> > any web page in a browser. After I load a page, I get "200 OK" responses
> > for 30 seconds via HttpClient, after which it reverts to 407s.
> >
> > (My guess is that this is because HttpClient is handing off the
> > authentication to the OS, as is the web browser, and the browser request
> > causes an authentication token to be cached for a while, which lets
> > HttpClient work until it expires.)
> >
> > I'm using HttpClient 4.2.3 on Windows XP, proxy is squid/2.7.STABLE4.
> I've
> > tried both with and without a JCIFS NTLM engine, but it seems to make no
> > difference. Java code and logs below.
> >
>
> Matt,
>
> Both JCIFS and the internal NTLM engines are pure java, platform
> independent implementations that make no use of Windows specific
> functionality. This is all I can tell you.
>
> There is only one person on the project with in-depth understanding of
> NTLM. You may want to try your luck posting this question to the dev
> list along with Wireshark packet dumps of successful and unsuccessful
> session (this is the first thing you most certainly will be asked to
> produce).
>
> Oleg
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
Re: 407 error with NTLM proxy
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2014-03-28 at 15:12 +0000, Matt Russell wrote:
> Hi,
>
> I'm hoping someone can help me diagnose an intermittent "407 Proxy
> Authentication Required" error when using HttpClient through an NTLM proxy.
>
> I've found that I always get a 407 responses, unless I first go and fetch
> any web page in a browser. After I load a page, I get "200 OK" responses
> for 30 seconds via HttpClient, after which it reverts to 407s.
>
> (My guess is that this is because HttpClient is handing off the
> authentication to the OS, as is the web browser, and the browser request
> causes an authentication token to be cached for a while, which lets
> HttpClient work until it expires.)
>
> I'm using HttpClient 4.2.3 on Windows XP, proxy is squid/2.7.STABLE4. I've
> tried both with and without a JCIFS NTLM engine, but it seems to make no
> difference. Java code and logs below.
>
Matt,
Both JCIFS and the internal NTLM engines are pure java, platform
independent implementations that make no use of Windows specific
functionality. This is all I can tell you.
There is only one person on the project with in-depth understanding of
NTLM. You may want to try your luck posting this question to the dev
list along with Wireshark packet dumps of successful and unsuccessful
session (this is the first thing you most certainly will be asked to
produce).
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org