You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by chandra <ca...@gmail.com> on 2014/10/06 08:04:20 UTC
Issue with BASIC Scheme in HttpClient 4.3.2
Hi,
I am porting code from 3.1 to 4.3.2 of httpclient. I am some queries
regarding usage of BasicScheme :
In 3.1 version of Commons httpclient here is the code i am trying to port
AuthScope proxyAuthScope = new AuthScope(host,ANY_PORT,domain);
NTCredentials proxyCredentials = new
NTCredentials("username","password","",domain);
client.getState().setProxyCredentials(proxyAuthScope, proxyCredentials);
client.executeMethod(new GetMethod(url.toString()))
The above piece of code is working fine for BASIC and NTLM authentication
scheme.
After porting the code to 4.3.2:
AuthScope proxyAuthScope = new AuthScope(host,port,domain) ;
NTCredentials proxyCredentials = new NTCredentials( "admin1",
"admin1","",domain);
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(proxyAuthScope,proxyCredentials);
CloseableHttpClient httpClient = HttpClientBuilder.create()
.setProxy(new HttpHost(host,
port))
.setDefaultCredentialsProvider(credentialsProvider)
.build();
httpClient.execute(httpGet)
The above piece of code is working fine for NTLM Proxy Authentication but
during BASIC authentication even though we supply the correct username and
password credentials we are getting 407 Proxy Authentication error
repetedly. So on debugging the httpclient source code we found a difference
in the funtionality between BasicScheme of 3.1 and 4.3.2.
Difference:
In 3.1 -> Even though we supply NTCredentials with domain name to BASIC
Scheme it will considers only username and Password from the credentialstore
and sends the authentication string.
In 4.3.2 -> If we supply NTCredentials with domain name to BASIC Scheme it
will also consider the domain name along with username and password to
construct the authentication string .
Code snippet from 4.3.2 version of BASIC Scheme that constructs the
authentication string:
final StringBuilder tmp = new StringBuilder();
tmp.append(credentials.getUserPrincipal().getName());
tmp.append(":");
tmp.append((credentials.getPassword() == null) ? "null" :
credentials.getPassword());
For Example if we set the NTCredentials as
NTCredentials("admin","pass","","dev");
then the Authentication String is sent with
username: dev/admin
password:pass
But server is expecting basic authentication with username:admin and
password :pass
Is this a bug in the HttpClient 4.3.2 ?
If so how can we overcome this ?
--
View this message in context: http://httpcomponents.10934.n7.nabble.com/Issue-with-BASIC-Scheme-in-HttpClient-4-3-2-tp24527.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Issue with BASIC Scheme in HttpClient 4.3.2
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Sun, 2014-10-05 at 23:04 -0700, chandra wrote:
> Hi,
>
> I am porting code from 3.1 to 4.3.2 of httpclient. I am some queries
> regarding usage of BasicScheme :
>
> In 3.1 version of Commons httpclient here is the code i am trying to port
>
> AuthScope proxyAuthScope = new AuthScope(host,ANY_PORT,domain);
> NTCredentials proxyCredentials = new
> NTCredentials("username","password","",domain);
> client.getState().setProxyCredentials(proxyAuthScope, proxyCredentials);
> client.executeMethod(new GetMethod(url.toString()))
>
> The above piece of code is working fine for BASIC and NTLM authentication
> scheme.
>
> After porting the code to 4.3.2:
>
> AuthScope proxyAuthScope = new AuthScope(host,port,domain) ;
> NTCredentials proxyCredentials = new NTCredentials( "admin1",
> "admin1","",domain);
> CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
> credentialsProvider.setCredentials(proxyAuthScope,proxyCredentials);
> CloseableHttpClient httpClient = HttpClientBuilder.create()
> .setProxy(new HttpHost(host,
> port))
>
> .setDefaultCredentialsProvider(credentialsProvider)
> .build();
> httpClient.execute(httpGet)
>
> The above piece of code is working fine for NTLM Proxy Authentication but
> during BASIC authentication even though we supply the correct username and
> password credentials we are getting 407 Proxy Authentication error
> repetedly. So on debugging the httpclient source code we found a difference
> in the funtionality between BasicScheme of 3.1 and 4.3.2.
>
> Difference:
> In 3.1 -> Even though we supply NTCredentials with domain name to BASIC
> Scheme it will considers only username and Password from the credentialstore
> and sends the authentication string.
>
> In 4.3.2 -> If we supply NTCredentials with domain name to BASIC Scheme it
> will also consider the domain name along with username and password to
> construct the authentication string .
>
> Code snippet from 4.3.2 version of BASIC Scheme that constructs the
> authentication string:
>
> final StringBuilder tmp = new StringBuilder();
> tmp.append(credentials.getUserPrincipal().getName());
> tmp.append(":");
> tmp.append((credentials.getPassword() == null) ? "null" :
> credentials.getPassword());
>
> For Example if we set the NTCredentials as
>
> NTCredentials("admin","pass","","dev");
>
> then the Authentication String is sent with
> username: dev/admin
> password:pass
> But server is expecting basic authentication with username:admin and
> password :pass
>
> Is this a bug in the HttpClient 4.3.2 ?
> If so how can we overcome this ?
>
This is the intended behavior.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org