You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2019/02/26 16:57:00 UTC
[jira] [Resolved] (HTTPCLIENT-1970) HttpClient does not support
(non preemptive) digest authentication
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-1970.
-------------------------------------------
Resolution: Invalid
When used correctly HttpClient works just fine.
Oleg
{noformat}
Executing request GET http://httpbin.org/digest-auth/auth/user/passwd HTTP/1.1 to target http://httpbin.org:80
[DEBUG] RequestAddCookies - CookieSpec selected: default
[DEBUG] RequestAuthCache - Auth cache not set in the context
[DEBUG] PoolingHttpClientConnectionManager - Connection request: [route: {}->http://httpbin.org:80][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
[DEBUG] PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {}->http://httpbin.org:80][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
[DEBUG] MainClientExec - Opening connection {}->http://httpbin.org:80
[DEBUG] DefaultHttpClientConnectionOperator - Connecting to httpbin.org/52.71.234.219:80
[DEBUG] DefaultHttpClientConnectionOperator - Connection established 192.168.8.104:58656<->52.71.234.219:80
[DEBUG] MainClientExec - Executing request GET /digest-auth/auth/user/passwd HTTP/1.1
[DEBUG] MainClientExec - Target auth state: UNCHALLENGED
[DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
[DEBUG] headers - http-outgoing-0 >> GET /digest-auth/auth/user/passwd HTTP/1.1
[DEBUG] headers - http-outgoing-0 >> Host: httpbin.org
[DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.8-SNAPSHOT (Java/1.6.0_45)
[DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] headers - http-outgoing-0 << HTTP/1.1 401 UNAUTHORIZED
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Credentials: true
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] headers - http-outgoing-0 << Content-Type: text/html; charset=utf-8
[DEBUG] headers - http-outgoing-0 << Date: Tue, 26 Feb 2019 16:54:46 GMT
[DEBUG] headers - http-outgoing-0 << Server: nginx
[DEBUG] headers - http-outgoing-0 << Set-Cookie: stale_after=never; Path=/
[DEBUG] headers - http-outgoing-0 << Set-Cookie: fake=fake_value; Path=/
[DEBUG] headers - http-outgoing-0 << WWW-Authenticate: Digest realm="me@kennethreitz.com", nonce="1b33760699d56bfd9f082ab0a26c02ae", qop="auth", opaque="b99ee2503a513867924899c28e59c3a9", algorithm=MD5, stale=FALSE
[DEBUG] headers - http-outgoing-0 << Content-Length: 0
[DEBUG] headers - http-outgoing-0 << Connection: keep-alive
[DEBUG] MainClientExec - Connection can be kept alive indefinitely
[DEBUG] HttpAuthenticator - Authentication required
[DEBUG] HttpAuthenticator - httpbin.org:80 requested authentication
[DEBUG] TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
[DEBUG] TargetAuthenticationStrategy - Challenge for Negotiate authentication scheme not available
[DEBUG] TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
[DEBUG] TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
[DEBUG] TargetAuthenticationStrategy - Challenge for CredSSP authentication scheme not available
[DEBUG] TargetAuthenticationStrategy - Challenge for Basic authentication scheme not available
[DEBUG] HttpAuthenticator - Selected authentication options: [DIGEST [complete=true, nonce=null, nc=0]]
[DEBUG] MainClientExec - Executing request GET /digest-auth/auth/user/passwd HTTP/1.1
[DEBUG] MainClientExec - Target auth state: CHALLENGED
[DEBUG] HttpAuthenticator - Generating response to an authentication challenge using digest scheme
[DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
[DEBUG] headers - http-outgoing-0 >> GET /digest-auth/auth/user/passwd HTTP/1.1
[DEBUG] headers - http-outgoing-0 >> Host: httpbin.org
[DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.8-SNAPSHOT (Java/1.6.0_45)
[DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] headers - http-outgoing-0 >> Authorization: Digest username="user", realm="me@kennethreitz.com", nonce="1b33760699d56bfd9f082ab0a26c02ae", uri="/digest-auth/auth/user/passwd", response="4cf81f9122072a78772899ac734fc733", qop=auth, nc=00000001, cnonce="528e79c8918a05e6", algorithm=MD5, opaque="b99ee2503a513867924899c28e59c3a9"
[DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Credentials: true
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] headers - http-outgoing-0 << Content-Encoding: gzip
[DEBUG] headers - http-outgoing-0 << Content-Type: application/json
[DEBUG] headers - http-outgoing-0 << Date: Tue, 26 Feb 2019 16:54:46 GMT
[DEBUG] headers - http-outgoing-0 << Server: nginx
[DEBUG] headers - http-outgoing-0 << Set-Cookie: fake=fake_value; Path=/
[DEBUG] headers - http-outgoing-0 << Content-Length: 59
[DEBUG] headers - http-outgoing-0 << Connection: keep-alive
[DEBUG] MainClientExec - Connection can be kept alive indefinitely
[DEBUG] HttpAuthenticator - Authentication succeeded
[DEBUG] ResponseProcessCookies - Cookie accepted [fake="fake_value", version:0, domain:httpbin.org, path:/, expiry:null]
----------------------------------------
HTTP/1.1 200 OK
[DEBUG] PoolingHttpClientConnectionManager - Connection [id: 0][route: {}->http://httpbin.org:80] can be kept alive indefinitely
[DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 0
[DEBUG] PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {}->http://httpbin.org:80][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
{
"authenticated": true,
"user": "user"
}
[DEBUG] RequestAddCookies - CookieSpec selected: default
[DEBUG] RequestAddCookies - Cookie [version: 0][name: fake][value: fake_value][domain: httpbin.org][path: /][expiry: null] match [httpbin.org:80/digest-auth/auth/user/passwd]
[DEBUG] RequestAuthCache - Auth cache not set in the context
[DEBUG] PoolingHttpClientConnectionManager - Connection request: [route: {}->http://httpbin.org:80][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
[DEBUG] PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {}->http://httpbin.org:80][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
[DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 0
[DEBUG] MainClientExec - Executing request GET /digest-auth/auth/user/passwd HTTP/1.1
[DEBUG] MainClientExec - Target auth state: SUCCESS
[DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
[DEBUG] headers - http-outgoing-0 >> GET /digest-auth/auth/user/passwd HTTP/1.1
[DEBUG] headers - http-outgoing-0 >> Host: httpbin.org
[DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.8-SNAPSHOT (Java/1.6.0_45)
[DEBUG] headers - http-outgoing-0 >> Cookie: fake=fake_value
[DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] headers - http-outgoing-0 >> Authorization: Digest username="user", realm="me@kennethreitz.com", nonce="1b33760699d56bfd9f082ab0a26c02ae", uri="/digest-auth/auth/user/passwd", response="018f914bb0296baacfd64e9586e2f687", qop=auth, nc=00000002, cnonce="528e79c8918a05e6", algorithm=MD5, opaque="b99ee2503a513867924899c28e59c3a9"
[DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Credentials: true
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] headers - http-outgoing-0 << Content-Encoding: gzip
[DEBUG] headers - http-outgoing-0 << Content-Type: application/json
[DEBUG] headers - http-outgoing-0 << Date: Tue, 26 Feb 2019 16:54:47 GMT
[DEBUG] headers - http-outgoing-0 << Server: nginx
[DEBUG] headers - http-outgoing-0 << Set-Cookie: fake=fake_value; Path=/
[DEBUG] headers - http-outgoing-0 << Content-Length: 59
[DEBUG] headers - http-outgoing-0 << Connection: keep-alive
[DEBUG] MainClientExec - Connection can be kept alive indefinitely
[DEBUG] ResponseProcessCookies - Cookie accepted [fake="fake_value", version:0, domain:httpbin.org, path:/, expiry:null]
----------------------------------------
HTTP/1.1 200 OK
[DEBUG] PoolingHttpClientConnectionManager - Connection [id: 0][route: {}->http://httpbin.org:80] can be kept alive indefinitely
[DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 0
[DEBUG] PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {}->http://httpbin.org:80][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
{
"authenticated": true,
"user": "user"
}
[DEBUG] RequestAddCookies - CookieSpec selected: default
[DEBUG] RequestAddCookies - Cookie [version: 0][name: fake][value: fake_value][domain: httpbin.org][path: /][expiry: null] match [httpbin.org:80/digest-auth/auth/user/passwd]
[DEBUG] RequestAuthCache - Auth cache not set in the context
[DEBUG] PoolingHttpClientConnectionManager - Connection request: [route: {}->http://httpbin.org:80][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
[DEBUG] PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {}->http://httpbin.org:80][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
[DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 0
[DEBUG] MainClientExec - Executing request GET /digest-auth/auth/user/passwd HTTP/1.1
[DEBUG] MainClientExec - Target auth state: SUCCESS
[DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
[DEBUG] headers - http-outgoing-0 >> GET /digest-auth/auth/user/passwd HTTP/1.1
[DEBUG] headers - http-outgoing-0 >> Host: httpbin.org
[DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.8-SNAPSHOT (Java/1.6.0_45)
[DEBUG] headers - http-outgoing-0 >> Cookie: fake=fake_value
[DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] headers - http-outgoing-0 >> Authorization: Digest username="user", realm="me@kennethreitz.com", nonce="1b33760699d56bfd9f082ab0a26c02ae", uri="/digest-auth/auth/user/passwd", response="23155c348c17b56017895d0525a4f4d7", qop=auth, nc=00000003, cnonce="528e79c8918a05e6", algorithm=MD5, opaque="b99ee2503a513867924899c28e59c3a9"
[DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Credentials: true
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] headers - http-outgoing-0 << Content-Encoding: gzip
[DEBUG] headers - http-outgoing-0 << Content-Type: application/json
[DEBUG] headers - http-outgoing-0 << Date: Tue, 26 Feb 2019 16:54:47 GMT
[DEBUG] headers - http-outgoing-0 << Server: nginx
[DEBUG] headers - http-outgoing-0 << Set-Cookie: fake=fake_value; Path=/
[DEBUG] headers - http-outgoing-0 << Content-Length: 59
[DEBUG] headers - http-outgoing-0 << Connection: keep-alive
[DEBUG] MainClientExec - Connection can be kept alive indefinitely
[DEBUG] ResponseProcessCookies - Cookie accepted [fake="fake_value", version:0, domain:httpbin.org, path:/, expiry:null]
----------------------------------------
HTTP/1.1 200 OK
[DEBUG] PoolingHttpClientConnectionManager - Connection [id: 0][route: {}->http://httpbin.org:80] can be kept alive indefinitely
[DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 0
[DEBUG] PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {}->http://httpbin.org:80][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
{
"authenticated": true,
"user": "user"
}
[DEBUG] PoolingHttpClientConnectionManager - Connection manager is shutting down
[DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
[DEBUG] PoolingHttpClientConnectionManager - Connection manager shut down
{noformat}
> HttpClient does not support (non preemptive) digest authentication
> -------------------------------------------------------------------
>
> Key: HTTPCLIENT-1970
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1970
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.6
> Reporter: Cisto Cyriac
> Priority: Major
>
> In HttpClient 4.5.6 the preemptive digest authentication works, however non-Preemptive digest authentication does not work. We found this issue when the HttpClient library was upgraded from 4.4.1 to 4.5.6.
> As per rfc2617 https://tools.ietf.org/html/rfc2617#section-3.2.1
> nonce is a server-specified data string which should be uniquely generated each time a 401 response is made.
> This issue can be reproduced by commenting out the following two digest authentication override parameters in the preemptive auth example in https://hc.apache.org/httpcomponents-client-4.5.x/httpclient/examples/org/apache/http/examples/client/ClientPreemptiveDigestAuthentication.java
>
> DigestScheme digestAuth = new DigestScheme();
> // Suppose we already know the realm name
> //digestAuth.overrideParamter("realm", "some realm");
> // Suppose we already know the expected nonce value
> //digestAuth.overrideParamter("nonce", "whatever");
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org