You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by "Godbey, David J. (HQ-LM020)[DIGITAL MANAGEMENT INC.]" <da...@nasa.gov> on 2013/06/03 17:15:44 UTC
4.3 issue with NTLMv2 authentication
Ok, I guess my previous post was a bit winded, and I got no response. No big deal. I was able to get my application working using HC 4.3 for NTLMv2 authentication. I used your ClientPreemptiveDigestAuthentication class as a guide, and replaced all DigestScheme stuff with NTLM scheme stuff. I attach my code that is a slight variant of the Digest class. You may add this to your examples package if you wish.
I do see one issue you may want to address. This call in the code below (line 44): entity.getContentLength() always returns -1 for me.
The entity does unpack properly containing my SOAP response, even though getContentLength does not tell me the size of the payload.
Of secondary importance, the symmetry is missing for the NTLMScheme class. You cannot instantiate an NTLMScheme object like you can a DigestScheme object, you need to go directly to an AuthScheme through the NTLMSchmeFactory. And the NTLMSchemeFactory does not have a getNTLMScheme method, just a method that returns an AuthScheme object. I don't see any way of actually handling an NTLMScheme object. Or perhaps you meant to hide the DigestScheme object behind a factory? I suppose not a big deal, but maybe something you want to consider.
private String getSoapReponse() {
String retStr = null;
CloseableHttpClient httpclient = null;
try {
String localIp = Inet4Address.getLocalHost().getHostAddress();
HttpHost targetHost = new HttpHost(_host, 443, "https");
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(new AuthScope(targetHost), new NTCredentials(_user, _password, localIp, _domain));
httpclient = HttpClients.custom().setDefaultCredentialsProvider(credsProvider).build();
// Create AuthCache instance
AuthCache authCache = new BasicAuthCache();
// NTLM-based AuthScheme
NTLMSchemeFactory f = new NTLMSchemeFactory();
HttpContext ctx = new BasicHttpContext();
AuthScheme ns = f.create(ctx);
authCache.put(targetHost, ns);
// Add AuthCache to the execution context
HttpClientContext localContext = HttpClientContext.create();
localContext.setAuthCache(authCache);
HttpGet http = new HttpGet(_serviceEndpoint);
System.out.println("executing request: " + http.getRequestLine());
System.out.println("to target: " + targetHost);
CloseableHttpResponse response = httpclient.execute(targetHost, http, localContext);
try {
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (entity != null) {
System.out.println("Response content length: " + entity.getContentLength());
retStr = EntityUtils.toString(entity);
}
EntityUtils.consume(entity);
} finally {
response.close();
}
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
try {
if (httpclient != null)
httpclient.close();
} catch (Exception e) {
e.printStackTrace();
}
}
return retStr;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: 4.3 issue with NTLMv2 authentication
Posted by "Godbey, David J. (HQ-LM020)[DIGITAL MANAGEMENT INC.]" <da...@nasa.gov>.
NTLMv2 in 4.3 works out of the box for the new classes. See tickets for more info. I'm reporting a problem with the deprecated classes, these no longer work, and a cosmetic/organization suggestion.
-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: Monday, June 03, 2013 11:59 AM
To: HttpClient User Discussion
Subject: Re: 4.3 issue with NTLMv2 authentication
On Mon, 2013-06-03 at 15:15 +0000, Godbey, David J. (HQ-LM020)[DIGITAL MANAGEMENT INC.] wrote:
> Ok, I guess my previous post was a bit winded, and I got no response. No big deal.
Actually I did respond to your first message. It was stored in my SENT box but for some reason never delivered to my SMTP server. I often use my mobile as a modem to connect to the Internet. Probably it got lost due to bad connection over radio.
> I was able to get my application working using HC 4.3 for NTLMv2 authentication. I used your ClientPreemptiveDigestAuthentication class as a guide, and replaced all DigestScheme stuff with NTLM scheme stuff. I attach my code that is a slight variant of the Digest class. You may add this to your examples package if you wish.
>
NTLMv2 should work out of the box. If it does not please provide two wire / context logs: one generated with the 4.2.x version and another one with 4.3.x.
> I do see one issue you may want to address. This call in the code below (line 44): entity.getContentLength() always returns -1 for me.
This is expected. Entity content is not delimited with a Content-Length header. Larger entities usually get transmitted chunk coded and their length is not known.
> The entity does unpack properly containing my SOAP response, even though getContentLength does not tell me the size of the payload.
>
> Of secondary importance, the symmetry is missing for the NTLMScheme
> class. You cannot instantiate an NTLMScheme object like you can a
> DigestScheme object, you need to go directly to an AuthScheme through
> the NTLMSchmeFactory. And the NTLMSchemeFactory does not have a
> getNTLMScheme method, just a method that returns an AuthScheme object.
> I don't see any way of actually handling an NTLMScheme object. Or
> perhaps you meant to hide the DigestScheme object behind a factory? I
> suppose not a big deal, but maybe something you want to consider
Please raise a JIRA for this issue.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: 4.3 issue with NTLMv2 authentication
Posted by "Godbey, David J. (HQ-LM020)[DIGITAL MANAGEMENT INC.]" <da...@nasa.gov>.
Oleg,
I raised two tickets per your request, 1363 and 1364. Let me know if you need anything more from me.
Yours,
Dave
-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: Monday, June 03, 2013 11:59 AM
To: HttpClient User Discussion
Subject: Re: 4.3 issue with NTLMv2 authentication
On Mon, 2013-06-03 at 15:15 +0000, Godbey, David J. (HQ-LM020)[DIGITAL MANAGEMENT INC.] wrote:
> Ok, I guess my previous post was a bit winded, and I got no response. No big deal.
Actually I did respond to your first message. It was stored in my SENT box but for some reason never delivered to my SMTP server. I often use my mobile as a modem to connect to the Internet. Probably it got lost due to bad connection over radio.
> I was able to get my application working using HC 4.3 for NTLMv2 authentication. I used your ClientPreemptiveDigestAuthentication class as a guide, and replaced all DigestScheme stuff with NTLM scheme stuff. I attach my code that is a slight variant of the Digest class. You may add this to your examples package if you wish.
>
NTLMv2 should work out of the box. If it does not please provide two wire / context logs: one generated with the 4.2.x version and another one with 4.3.x.
> I do see one issue you may want to address. This call in the code below (line 44): entity.getContentLength() always returns -1 for me.
This is expected. Entity content is not delimited with a Content-Length header. Larger entities usually get transmitted chunk coded and their length is not known.
> The entity does unpack properly containing my SOAP response, even though getContentLength does not tell me the size of the payload.
>
> Of secondary importance, the symmetry is missing for the NTLMScheme
> class. You cannot instantiate an NTLMScheme object like you can a
> DigestScheme object, you need to go directly to an AuthScheme through
> the NTLMSchmeFactory. And the NTLMSchemeFactory does not have a
> getNTLMScheme method, just a method that returns an AuthScheme object.
> I don't see any way of actually handling an NTLMScheme object. Or
> perhaps you meant to hide the DigestScheme object behind a factory? I
> suppose not a big deal, but maybe something you want to consider
Please raise a JIRA for this issue.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: 4.3 issue with NTLMv2 authentication
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2013-06-03 at 15:15 +0000, Godbey, David J. (HQ-LM020)[DIGITAL
MANAGEMENT INC.] wrote:
> Ok, I guess my previous post was a bit winded, and I got no response. No big deal.
Actually I did respond to your first message. It was stored in my SENT
box but for some reason never delivered to my SMTP server. I often use
my mobile as a modem to connect to the Internet. Probably it got lost
due to bad connection over radio.
> I was able to get my application working using HC 4.3 for NTLMv2 authentication. I used your ClientPreemptiveDigestAuthentication class as a guide, and replaced all DigestScheme stuff with NTLM scheme stuff. I attach my code that is a slight variant of the Digest class. You may add this to your examples package if you wish.
>
NTLMv2 should work out of the box. If it does not please provide two
wire / context logs: one generated with the 4.2.x version and another
one with 4.3.x.
> I do see one issue you may want to address. This call in the code below (line 44): entity.getContentLength() always returns -1 for me.
This is expected. Entity content is not delimited with a Content-Length
header. Larger entities usually get transmitted chunk coded and their
length is not known.
> The entity does unpack properly containing my SOAP response, even though getContentLength does not tell me the size of the payload.
>
> Of secondary importance, the symmetry is missing for the NTLMScheme class. You cannot instantiate an NTLMScheme object like you can a DigestScheme object, you need to go directly to an AuthScheme through the NTLMSchmeFactory. And the NTLMSchemeFactory does not have a getNTLMScheme method, just a method that returns an AuthScheme object. I don't see any way of actually handling an NTLMScheme object. Or perhaps you meant to hide the DigestScheme object behind a factory? I suppose not a big deal, but maybe something you want to consider
Please raise a JIRA for this issue.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org