You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2009/06/30 10:48:48 UTC
[jira] Closed: (HTTPCLIENT-856) Proxy NTLM Authentication Redirecting to different address fails saying Proxy Auth Required.

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski closed HTTPCLIENT-856.
----------------------------------------


Raj,

You are welcome to back-port the fix to the 3.x branch and I will happily commit it to the official SVN repository. However, it is very unlikely there will ever be an official release off the 3.x branch. HttpClient 3.x is pretty much end of life.

Oleg

> Proxy NTLM Authentication  Redirecting to different address fails saying Proxy Auth Required.
> ---------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-856
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-856
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 3.1 Final, 4.0 Beta 2
>         Environment: HttpClient , Proxy Authentication (Microsoft ISA server) 
>            Reporter: Raj
>             Fix For: 4.0 Final
>
>         Attachments: HTTPCLIENT-856.patch
>
>
> The issue has been discussed in,
> http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tt23867531.html
> This was found in http client 3.1 release,  where NTLM proxy authentication is must and the server ask the redirect to a new url, in this case, when redirecting, the earlier proxy auth status is not cleared, so, it does not do proxy authentication for the new URL and hence fails.
> Target Host Authenticaiton NTLM authentication - redirect also had problem and fixed as said,
> http://issues.apache.org/jira/browse/HTTPCLIENT-211
> Proxy Authentication - redirect has to be fixed, 
> The wire logs for the release https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/
> is given below,
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Negotiate[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Kerberos[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Basic realm="lab1."[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 4107  [EOL]"
> [DEBUG] wire - << "[EOL]"
> [DEBUG] wire - << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">[\r][\n]"
> [DEBUG] wire - << "<HTML><HEAD><TITLE>Error Message</TITLE>[\r][\n]"
> [DEBUG] wire - << "<META http-equiv=Content-Type content="text/html; charset=UTF-8">[\r][\n]"
> [DEBUG] wire - << "<STYLE id=L_default_1>A {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #005a80; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "A:hover {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #0d3372; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-SIZE: 8pt; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD.titleBorder {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 1px solid; BORDER-TOP: #955319 1px solid; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 12pt; VERTICAL-ALIGN: middle; BORDER-LEFT: #955319 0px solid; COLOR: #955319; BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: tahoma; HEIGHT: 35px; BACKGROUND-COLOR: #d2b87a; TEXT-ALIGN: left[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD.titleBorder_x {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 0px solid; BORDER-TOP: #955319 1px solid; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 12pt; VERTICAL-ALIGN: middle; BORDER-LEFT: #955319 1px solid; COLOR: #978c79; BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: tahoma; HEIGHT: 35px; BACKGROUND-COLOR: #d2b87a; TEXT-ALIGN: left[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".TitleDescription {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "SPAN.explain {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: normal; FONT-SIZE: 10pt; COLOR: #934225[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "SPAN.TryThings {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: normal; FONT-SIZE: 10pt; COLOR: #934225[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".TryList {[\r][\n]"
> [DEBUG] wire - << "[0x9]MARGIN-TOP: 5px; FONT-WEIGHT: normal; FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".X {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 1px solid; BORDER-TOP: #955319 1px solid; FONT-WEIGHT: normal; FONT-SIZE: 12pt; BORDER-LEFT: #955319 1px solid; COLOR: #7b3807; BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: verdana; BACKGROUND-COLOR: #d1c2b4[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".adminList {[\r][\n]"
> [DEBUG] wire - << "[0x9]MARGIN-TOP: 2px[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "</STYLE>[\r][\n]"
> [DEBUG] wire - << "<META content="MSHTML 6.00.2800.1170" name=GENERATOR></HEAD>[\r][\n]"
> [DEBUG] wire - << "<BODY bgColor=#f3f3ed>[\r][\n]"
> [DEBUG] wire - << "<TABLE cellSpacing=0 cellPadding=0 width="100%">[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD class=titleborder_x width=30>[\r][\n]"
> [DEBUG] wire - << "      <TABLE height=25 cellSpacing=2 cellPadding=0 width=25 bgColor=black>[\r][\n]"
> [DEBUG] wire - << "        <TBODY>[\r][\n]"
> [DEBUG] wire - << "        <TR>[\r][\n]"
> [DEBUG] wire - << "          <TD class=x vAlign=center alig"
> [DEBUG] wire - << "n=middle>X</TD>[\r][\n]"
> [DEBUG] wire - << "        </TR>[\r][\n]"
> [DEBUG] wire - << "        </TBODY>[\r][\n]"
> [DEBUG] wire - << "      </TABLE>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "    <TD class=titleBorder id=L_default_2>Network Access Message:<SPAN class=TitleDescription> The page cannot be displayed</SPAN> </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE id=spacer>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD height=10></TD></TR></TBODY></TABLE>[\r][\n]"
> [DEBUG] wire - << "<TABLE width=400>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD noWrap width=25></TD>[\r][\n]"
> [DEBUG] wire - << "    <TD width=400><SPAN class=explain><ID id=L_default_3><B>Explanation:</B></ID></SPAN><ID id=L_default_4> There is a problem with the page you are trying to reach and it cannot be displayed. </ID><BR><BR>[\r][\n]"
> [DEBUG] wire - << "    <B><SPAN class=tryThings><ID id=L_default_5><B>Try the following:</B></ID></SPAN></B> [\r][\n]"
> [DEBUG] wire - << "      <UL class=TryList>[\r][\n]"
> [DEBUG] wire - << "        <LI id=L_default_6><B>Refresh page:</B> Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_7><B>Check spelling:</B> Check that you typed the Web page address correctly. The address may have been mistyped.[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_8><B>Access from a link:</B> If there is a link to the page you are looking for, try accessing the page from that link.[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "      </UL>[\r][\n]"
> [DEBUG] wire - << "<ID id=L_default_9>If you are still not able to view the requested page, try contacting your administrator or Helpdesk.</ID> <BR><BR>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE id=spacer><TBODY><TR><TD height=15></TD></TR></TBODY></TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE width=400>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD noWrap width=25></TD>[\r][\n]"
> [DEBUG] wire - << "    <TD width=400 id=L_default_10><B>Technical Information (for support personnel)</B> [\r][\n]"
> [DEBUG] wire - << "      <UL class=adminList>[\r][\n]"
> [DEBUG] wire - << "        <LI id=L_default_11>Error Code: 407 Proxy Authentication Required. The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. (12209)[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_12>IP Address: x.x.x.x[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_13>Date: 6/29/2009 11:15:15 AM [GMT][\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_14>Server: lab1[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_15>Source: proxy[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "      </UL>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "</BODY>[\r][\n]"
> [DEBUG] wire - << "</HTML>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "Proxy-Authorization: NTLM TlRMTVNTUAABAAAAATIAAAgACAAgAAAADgAOACgAAABNWURPTUFJTkpDSUZTMjMwXzg2Xzkx[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAADgAAAABAgACqbXrIWnZ3i4AAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 0     [EOL]"
> [DEBUG] wire - << "[EOL]"
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAwADAAWAAAABAAEACIAAAAGgAaAJgAAAAcABwAsgAAAAAAAAAAAAAAAQIAAAXLpW40q7jqh7E6FgFnJqy9529ANaSLqfTiwjyF2BrUP9F8ObYOyYsBAQAAAAAAACDgxRg9+skBRt4mUOFFCs0AAAAAAAAAAE0AWQBEAE8ATQBBAEkATgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEoAQwBJAEYAUwAyADMAMABfADgANgBfADkAMQA=[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 301 Unknown reason[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Content-length: 0[EOL]"
> [DEBUG] wire - << "Date: Mon, 29 Jun 2009 11:16:50 GMT[EOL]"
> [DEBUG] wire - << "Location: http://www.verisign.com/[EOL]"
> [DEBUG] wire - << "Content-type: text/html[EOL]"
> [DEBUG] wire - << "Server: Netscape-Enterprise/4.1[EOL]"
> [DEBUG] wire - << "[EOL]"
> [ERROR] RequestProxyAuthentication - Proxy authentication error: Unexpected state: MSG_TYPE3_GENERATED
> [DEBUG] wire - >> "GET http://www.verisign.com/ HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: www.verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Negotiate[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Kerberos[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Basic realm="lab1."[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 4107  [EOL]"
> [DEBUG] wire - << "[EOL]"
> ----------------------------------------
> HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
> Thanks,
> Raj

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org