You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Oleg Kalnichevski <ol...@apache.org> on 2004/09/30 00:09:43 UTC
RE: HttpClient + HTTPS + NTLM Authentication = HTTP/1.1 401Access
Denied
Christopher,
Ok, I see. This is weird. I can't explain it. Maybe I am just too tired
right now and should go to bed.
Actually it is preferred to not do a POST against a protected URL. One
should do a GET or a HEAD first, get authenticated, get a session
cookie, and than do a POST.
Another thing to try is turning on 'expect: continue' handshake
http://jakarta.apache.org/commons/httpclient/apidocs/org/apache/commons/httpclient/methods/ExpectContinueMethod.html#setUseExpectHeader(boolean)
Oleg
On Wed, 2004-09-29 at 23:59, Burke, Christopher wrote:
> Oleg,
> Thanks for your prompt response. The main problem is that the file has
> not been uploaded, but the return code is 200. I am trying to post the
> File object 'f' to the 'F1' textbox in the following form (File f = new
> File("C:/secureHttp/anotherLog.log");). I believe my code is correct.
>
> I am at a loss. What could be the problem?
>
> <FORM ENCTYPE="multipart/form-data" METHOD="POST"
> ACTION="siteman.asp?u=D&d=c:\im\">
> <FONT SIZE=1 FACE="Arial, Helvetica, sans-serif">NAME OF DESTINATION
> FOLDER ON WEB SITE</FONT><BR>
> <FONT SIZE=4 FACE="Arial, Helvetica, sans-serif"><B>c:\im\</B></FONT><P>
> <FONT SIZE=1 FACE="Arial, Helvetica, sans-serif">PATHNAME OF LOCAL
> DOCUMENT<BR>(SEND THIS FILE TO THE WEB SERVER)</FONT><BR><INPUT SIZE=30
> TYPE="FILE" NAME="F1"><P>
> <INPUT TYPE="SUBMIT" VALUE="UPLOAD">
> <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL">
> <P><FONT SIZE=2 FACE="Arial, Helvetica, sans-serif">If the
> <B>[BROWSE...]</B> button is not displayed,
> <BR>you must upgrade your <A HREF="http://www.netscape.com">Netscape</A>
> or <A HREF="http://www.microsoft.com">Microsoft</A> browser.
> </FORM></
>
> Thanks again for your help, Oleg.
>
> Christopher
>
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org]
> Sent: Wednesday, September 29, 2004 4:29 PM
> To: Commons HttpClient Project
> Subject: Re: HttpClient + HTTPS + NTLM Authentication = HTTP/1.1
> 401Access Denied
>
> Christopher,
> What is exactly the problem?
>
> The authentication succeeded:
> HTTP/1.1 200 OK
>
> Session cookie has been sent:
> ASPSESSIONIDAQQBDABR=LMNNMHNALPPKIBENMNNANHGP
>
> NTLM authentication scheme is a stateful one and requires multiple
> challenges/responses. The first 401 Access Denied response is perfectly
> OK.
>
> For details see:
> http://davenport.sourceforge.net/ntlm.html
> WARNING: contains utter insanity ;-)
>
> Oleg
>
> On Wed, 2004-09-29 at 23:10, Burke, Christopher wrote:
> > All,
> > I need help implementing a Commons HttpClient solution to post files
> to
> > a web server via an ASP page. This seems somewhat straightforward,
> but
> > I am having trouble with the NTLM authentication.
> >
> > Code Snippet:
> > String url =
> >
> "https://keystone.ibanksystems.com/carlsontest/siteman.asp?u=Y&d=c:\\im\
> > \";
> >
> > NTCredentials creds = new
> > NTCredentials("user","password","keystone.ibanksystems.com","domain");
> > HttpClient client = new HttpClient();
> > MultipartPostMethod mpPostMethod = new MultipartPostMethod(url);
> >
> > client.getState().setCredentials(null, null, creds);
> >
> > File f = new File("C:/secureHttp/anotherLog.log");
> >
> > //mpPostMethod.addParameter("F1",f.getName(),f);
> > mpPostMethod.addParameter("F1",f);
> >
> > int statusCode = client.executeMethod(mpPostMethod);
> >
> > System.out.println("Status Line: " + mpPostMethod.getStatusLine());
> > System.out.println("Status Code: " + statusCode);
> >
> > mpPostMethod.releaseConnection();
> >
> > Debug Output:
> > 2004/09/29 15:53:44:425 CDT [DEBUG] HttpClient - Java version:
> 1.4.2_05
> > 2004/09/29 15:53:44:425 CDT [DEBUG] HttpClient - Java vendor: Sun
> > Microsystems I
> > nc.
> > 2004/09/29 15:53:44:425 CDT [DEBUG] HttpClient - Java class path:
> > .;..;C:\j2sdk1
> >
> .4.2_05\bin;C:\apacheCommons\commons-httpclient.jar;C:\apacheCommons\com
> > mons-log
> >
> ging-api.jar;C:\apacheCommons\commons-logging.jar;C:\apacheCommons\commo
> > ns-codec
> > -1.3.jar
> > 2004/09/29 15:53:44:425 CDT [DEBUG] HttpClient - Operating system
> name:
> > Windows
> > XP
> > 2004/09/29 15:53:44:425 CDT [DEBUG] HttpClient - Operating system
> > architecture:
> > x86
> > 2004/09/29 15:53:44:425 CDT [DEBUG] HttpClient - Operating system
> > version: 5.1
> > 2004/09/29 15:53:44:565 CDT [DEBUG] HttpClient - SUN 1.42: SUN (DSA
> > key/paramete
> > r generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509
> > certificates;
> > JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP,
> > Collection Ce
> > rtStores)
> > 2004/09/29 15:53:44:565 CDT [DEBUG] HttpClient - SunJSSE 1.42: Sun
> JSSE
> > provider
> > (implements RSA Signatures, PKCS12, SunX509 key/trust factories,
> SSLv3,
> > TLSv1)
> > 2004/09/29 15:53:44:565 CDT [DEBUG] HttpClient - SunRsaSign 1.42:
> SUN's
> > provider
> > for RSA signatures
> > 2004/09/29 15:53:44:565 CDT [DEBUG] HttpClient - SunJCE 1.42: SunJCE
> > Provider (i
> > mplements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman,
> HMAC-MD5,
> > HMAC-SH
> > A1)
> > 2004/09/29 15:53:44:565 CDT [DEBUG] HttpClient - SunJGSS 1.0: Sun
> > (Kerberos v5)
> > 2004/09/29 15:53:45:857 CDT [DEBUG] HttpConnection -
> > HttpConnection.setSoTimeout
> > (0)
> > 2004/09/29 15:53:45:857 CDT [DEBUG] HttpMethodBase - Execute loop try
> 1
> > 2004/09/29 15:53:45:857 CDT [DEBUG] header - >> "POST
> > /carlsontest/siteman.asp?u
> > =Y&d=c:\im\ HTTP/1.1[\r][\n]"
> > 2004/09/29 15:53:45:857 CDT [DEBUG] HttpMethodBase - Adding Host
> request
> > header
> > 2004/09/29 15:53:45:867 CDT [DEBUG] header - >> "User-Agent: Jakarta
> > Commons-Htt
> > pClient/2.0.1[\r][\n]"
> > 2004/09/29 15:53:45:867 CDT [DEBUG] header - >> "Host:
> > keystone.ibanksystems.com
> > [\r][\n]"
> > 2004/09/29 15:53:45:867 CDT [DEBUG] header - >> "Content-Length:
> > 965[\r][\n]"
> > 2004/09/29 15:53:45:867 CDT [DEBUG] header - >> "Content-Type:
> > multipart/form-da
> > ta; boundary=----------------314159265358979323846[\r][\n]"
> > 2004/09/29 15:53:46:037 CDT [DEBUG] header - >> "[\r][\n]"
> > 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "HTTP/1.1 401 Access
> > Denied[\r][
> > \n]"
> > 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "Server:
> > Microsoft-IIS/5.0[\r][\
> > n]"
> > 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "Date: Wed, 29 Sep
> 2004
> > 20:53:50
> > GMT[\r][\n]"
> > 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "WWW-Authenticate:
> > Negotiate[\r]
> > [\n]"
> > 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "WWW-Authenticate:
> > NTLM[\r][\n]"
> >
> > 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "Connection:
> > close[\r][\n]"
> > 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "Content-Length:
> > 4431[\r][\n]"
> > 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "Content-Type:
> > text/html[\r][\n]
> > "
> > 2004/09/29 15:53:46:107 CDT [DEBUG] HttpMethodBase - Authorization
> > required
> > 2004/09/29 15:53:46:117 CDT [DEBUG] HttpAuthenticator - Authenticating
> > with the
> > default authentication realm at keystone.ibanksystems.com
> > 2004/09/29 15:53:46:117 CDT [DEBUG] HttpMethodBase -
> > HttpMethodBase.execute(): S
> > erver demanded authentication credentials, will try again.
> > 2004/09/29 15:53:46:127 CDT [DEBUG] HttpMethodBase - Should close
> > connection in
> > response to Connection: close
> >
> > 2004/09/29 15:53:46:127 CDT [DEBUG] HttpMethodBase - Execute loop try
> 2
> > 2004/09/29 15:53:46:127 CDT [DEBUG] HttpMethodBase - Opening the
> > connection.
> > 2004/09/29 15:53:46:167 CDT [DEBUG] header - >> "POST
> > /carlsontest/siteman.asp?u
> > =Y&d=c:\im\ HTTP/1.1[\r][\n]"
> > 2004/09/29 15:53:46:167 CDT [DEBUG] HttpMethodBase - Request to add
> Host
> > header
> > ignored: header already added
> > 2004/09/29 15:53:46:167 CDT [DEBUG] header - >> "User-Agent: Jakarta
> > Commons-Htt
> > pClient/2.0.1[\r][\n]"
> > 2004/09/29 15:53:46:167 CDT [DEBUG] header - >> "Host:
> > keystone.ibanksystems.com
> > [\r][\n]"
> > 2004/09/29 15:53:46:167 CDT [DEBUG] header - >> "Content-Length:
> > 965[\r][\n]"
> > 2004/09/29 15:53:46:167 CDT [DEBUG] header - >> "Authorization: NTLM
> > TlRMTVNTUAA
> >
> BAAAABlIAAAwADAA5AAAAGQAZACAAAABLRVlTVE9ORS5JQkFOS1NZU1RFTVMuQ09NSUJBTkt
> > TWVNURU1
> > T[\r][\n]"
> > 2004/09/29 15:53:46:167 CDT [DEBUG] header - >> "Content-Type:
> > multipart/form-da
> > ta; boundary=----------------314159265358979323846[\r][\n]"
> > 2004/09/29 15:53:46:217 CDT [DEBUG] header - >> "[\r][\n]"
> > 2004/09/29 15:53:46:328 CDT [DEBUG] header - << "HTTP/1.1 401 Access
> > Denied[\r][
> > \n]"
> > 2004/09/29 15:53:46:328 CDT [DEBUG] header - << "Server:
> > Microsoft-IIS/5.0[\r][\
> > n]"
> > 2004/09/29 15:53:46:328 CDT [DEBUG] header - << "Date: Wed, 29 Sep
> 2004
> > 20:53:50
> > GMT[\r][\n]"
> > 2004/09/29 15:53:46:328 CDT [DEBUG] header - << "WWW-Authenticate:
> NTLM
> > TlRMTVNT
> >
> UAACAAAAAwADADAAAAAGAoEAi30aMw030nIAAAAAAAAAADoAOgAzAAAAQVRTAgAGAEEAVABT
> > AAEAEgBJ
> > AEIAQQBOAEsAVwBFAEIAMQADABIAaQBiAGEAbgBrAHcAZQBiADEAAAAAAA==[\r][\n]"
> > 2004/09/29 15:53:46:328 CDT [DEBUG] header - << "Content-Length:
> > 4033[\r][\n]"
> > 2004/09/29 15:53:46:328 CDT [DEBUG] header - << "Content-Type:
> > text/html[\r][\n]
> > "
> > 2004/09/29 15:53:46:328 CDT [DEBUG] HttpMethodBase - Authorization
> > required
> > 2004/09/29 15:53:46:328 CDT [DEBUG] HttpAuthenticator - Authenticating
> > with the
> > default authentication realm at keystone.ibanksystems.com
> > 2004/09/29 15:53:46:628 CDT [DEBUG] HttpMethodBase -
> > HttpMethodBase.execute(): S
> > erver demanded authentication credentials, will try again.
> > 2004/09/29 15:53:46:628 CDT [DEBUG] HttpMethodBase - Resorting to
> > protocol versi
> > on default close connection policy
> > 2004/09/29 15:53:46:628 CDT [DEBUG] HttpMethodBase - Should NOT close
> > connection
> > , using HTTP/1.1.
> > 2004/09/29 15:53:46:628 CDT [DEBUG] HttpMethodBase - Execute loop try
> 3
> > 2004/09/29 15:53:46:628 CDT [DEBUG] header - >> "POST
> > /carlsontest/siteman.asp?u
> > =Y&d=c:\im\ HTTP/1.1[\r][\n]"
> > 2004/09/29 15:53:46:638 CDT [DEBUG] HttpMethodBase - Request to add
> Host
> > header
> > ignored: header already added
> > 2004/09/29 15:53:46:638 CDT [DEBUG] header - >> "User-Agent: Jakarta
> > Commons-Htt
> > pClient/2.0.1[\r][\n]"
> > 2004/09/29 15:53:46:638 CDT [DEBUG] header - >> "Host:
> > keystone.ibanksystems.com
> > [\r][\n]"
> > 2004/09/29 15:53:46:638 CDT [DEBUG] header - >> "Content-Length:
> > 965[\r][\n]"
> > 2004/09/29 15:53:46:638 CDT [DEBUG] header - >> "Authorization: NTLM
> > TlRMTVNTUAA
> >
> DAAAAGAAYAHAAAAAAAAAAiAAAAAwADABAAAAACwALAEwAAAAZABkAVwAAAAAAAACIAAAABlI
> > AAElCQU5
> >
> LU1lTVEVNU0pXSUxMSUFNU09OS0VZU1RPTkUuSUJBTktTWVNURU1TLkNPTdQW3Tg5H/LspBn
> > 2RSOZkzf
> > ILnVSU4p+Ow==[\r][\n]"
> > 2004/09/29 15:53:46:638 CDT [DEBUG] header - >> "Content-Type:
> > multipart/form-da
> > ta; boundary=----------------314159265358979323846[\r][\n]"
> > 2004/09/29 15:53:46:648 CDT [DEBUG] header - >> "[\r][\n]"
> > 2004/09/29 15:53:46:698 CDT [DEBUG] header - << "HTTP/1.1 100
> > Continue[\r][\n]"
> > 2004/09/29 15:53:46:698 CDT [DEBUG] header - << "Server:
> > Microsoft-IIS/5.0[\r][\
> > n]"
> > 2004/09/29 15:53:46:698 CDT [DEBUG] header - << "Date: Wed, 29 Sep
> 2004
> > 20:53:50
> > GMT[\r][\n]"
> > 2004/09/29 15:53:46:698 CDT [DEBUG] header - << "IISExport: This web
> > site was ex
> > ported using IIS Export v3.0[\r][\n]"
> > 2004/09/29 15:53:46:698 CDT [INFO] HttpMethodBase - Discarding
> > unexpected respon
> > se: HTTP/1.1 100 Continue
> > 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "HTTP/1.1 200
> > OK[\r][\n]"
> > 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "Server:
> > Microsoft-IIS/5.0[\r][\
> > n]"
> > 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "Date: Wed, 29 Sep
> 2004
> > 20:53:50
> > GMT[\r][\n]"
> > 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "IISExport: This web
> > site was ex
> > ported using IIS Export v3.0[\r][\n]"
> > 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "Content-Length:
> > 2873[\r][\n]"
> > 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "Content-Type:
> > text/html[\r][\n]
> > "
> > 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "Set-Cookie:
> > ASPSESSIONIDAQQBDAB
> > R=LMNNMHNALPPKIBENMNNANHGP; path=/[\r][\n]"
> > 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "Cache-control:
> > private[\r][\n]"
> >
> > 2004/09/29 15:53:46:738 CDT [DEBUG] HttpMethodBase - Cookie accepted:
> > "$Version=
> > 0; ASPSESSIONIDAQQBDABR=LMNNMHNALPPKIBENMNNANHGP; $Path=/"
> > Status Line: HTTP/1.1 200 OK
> > Status Code: 200
> > Press any key to continue . . .
> >
> > Any help/advice would be greatly appreciated.
> >
> > Best regards,
> >
> > Chris
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> commons-httpclient-dev-help@jakarta.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> commons-httpclient-dev-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org