You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2012/12/11 15:39:21 UTC

[jira] [Resolved] (HTTPCLIENT-1272) HttpClient does not retry failed PROXY authentication when multiple challenges are present

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski resolved HTTPCLIENT-1272.
-------------------------------------------

    Resolution: Won't Fix

Daz
Actually, when user credentials are not applicable for NTLM authentication (for instance, when represented by UsernamePasswordCrednentials instead of NTCredentials) the NTLM auth scheme should fail and HttpClient should pick the next available scheme (BASIC in your case). So, instead of giving HttpClient incomplete NTCredentials with bogus domain and workstation attributes, try giving it UsernamePasswordCrednentials and see what happens.

I am going to close this issue as WONTFIX. While it would be permissible to retry authentication with BASIC scheme in the context of a corporate proxy on a secure corporate network, it would be pretty irresponsible to automatically send user credentials in clear text to an arbitrary host after having a more secure scheme failed due to credentials being invalid. I hope you agree.

Oleg  
                
> HttpClient does not retry failed PROXY authentication when multiple challenges are present
> ------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1272
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1272
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.2
>            Reporter: Daz DeBoer
>
> Similar to HTTPCLIENT-1107, but for Proxy authentication. It appears that subsequent authentication schemes are not attempted if an earlier scheme fails.
> In our case, a proxy supports Negotiate, NTLM and BASIC authentication. When NTML authentication fails due to the wrong credentials being supplied, BASIC authentication is never attempted against the proxy.
> I am a Gradle core developer, and we use HttpClient internally for dependency resolution. This issue was reported by one of our users.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org