You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Oleg Kalnichevski <ol...@apache.org> on 2004/09/29 23:29:24 UTC
Re: HttpClient + HTTPS + NTLM Authentication = HTTP/1.1 401
Access Denied
Christopher,
What is exactly the problem?
The authentication succeeded:
HTTP/1.1 200 OK
Session cookie has been sent:
ASPSESSIONIDAQQBDABR=LMNNMHNALPPKIBENMNNANHGP
NTLM authentication scheme is a stateful one and requires multiple
challenges/responses. The first 401 Access Denied response is perfectly
OK.
For details see:
http://davenport.sourceforge.net/ntlm.html
WARNING: contains utter insanity ;-)
Oleg
On Wed, 2004-09-29 at 23:10, Burke, Christopher wrote:
> All,
> I need help implementing a Commons HttpClient solution to post files to
> a web server via an ASP page. This seems somewhat straightforward, but
> I am having trouble with the NTLM authentication.
>
> Code Snippet:
> String url =
> "https://keystone.ibanksystems.com/carlsontest/siteman.asp?u=Y&d=c:\\im\
> \";
>
> NTCredentials creds = new
> NTCredentials("user","password","keystone.ibanksystems.com","domain");
> HttpClient client = new HttpClient();
> MultipartPostMethod mpPostMethod = new MultipartPostMethod(url);
>
> client.getState().setCredentials(null, null, creds);
>
> File f = new File("C:/secureHttp/anotherLog.log");
>
> //mpPostMethod.addParameter("F1",f.getName(),f);
> mpPostMethod.addParameter("F1",f);
>
> int statusCode = client.executeMethod(mpPostMethod);
>
> System.out.println("Status Line: " + mpPostMethod.getStatusLine());
> System.out.println("Status Code: " + statusCode);
>
> mpPostMethod.releaseConnection();
>
> Debug Output:
> 2004/09/29 15:53:44:425 CDT [DEBUG] HttpClient - Java version: 1.4.2_05
> 2004/09/29 15:53:44:425 CDT [DEBUG] HttpClient - Java vendor: Sun
> Microsystems I
> nc.
> 2004/09/29 15:53:44:425 CDT [DEBUG] HttpClient - Java class path:
> .;..;C:\j2sdk1
> .4.2_05\bin;C:\apacheCommons\commons-httpclient.jar;C:\apacheCommons\com
> mons-log
> ging-api.jar;C:\apacheCommons\commons-logging.jar;C:\apacheCommons\commo
> ns-codec
> -1.3.jar
> 2004/09/29 15:53:44:425 CDT [DEBUG] HttpClient - Operating system name:
> Windows
> XP
> 2004/09/29 15:53:44:425 CDT [DEBUG] HttpClient - Operating system
> architecture:
> x86
> 2004/09/29 15:53:44:425 CDT [DEBUG] HttpClient - Operating system
> version: 5.1
> 2004/09/29 15:53:44:565 CDT [DEBUG] HttpClient - SUN 1.42: SUN (DSA
> key/paramete
> r generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509
> certificates;
> JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP,
> Collection Ce
> rtStores)
> 2004/09/29 15:53:44:565 CDT [DEBUG] HttpClient - SunJSSE 1.42: Sun JSSE
> provider
> (implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3,
> TLSv1)
> 2004/09/29 15:53:44:565 CDT [DEBUG] HttpClient - SunRsaSign 1.42: SUN's
> provider
> for RSA signatures
> 2004/09/29 15:53:44:565 CDT [DEBUG] HttpClient - SunJCE 1.42: SunJCE
> Provider (i
> mplements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5,
> HMAC-SH
> A1)
> 2004/09/29 15:53:44:565 CDT [DEBUG] HttpClient - SunJGSS 1.0: Sun
> (Kerberos v5)
> 2004/09/29 15:53:45:857 CDT [DEBUG] HttpConnection -
> HttpConnection.setSoTimeout
> (0)
> 2004/09/29 15:53:45:857 CDT [DEBUG] HttpMethodBase - Execute loop try 1
> 2004/09/29 15:53:45:857 CDT [DEBUG] header - >> "POST
> /carlsontest/siteman.asp?u
> =Y&d=c:\im\ HTTP/1.1[\r][\n]"
> 2004/09/29 15:53:45:857 CDT [DEBUG] HttpMethodBase - Adding Host request
> header
> 2004/09/29 15:53:45:867 CDT [DEBUG] header - >> "User-Agent: Jakarta
> Commons-Htt
> pClient/2.0.1[\r][\n]"
> 2004/09/29 15:53:45:867 CDT [DEBUG] header - >> "Host:
> keystone.ibanksystems.com
> [\r][\n]"
> 2004/09/29 15:53:45:867 CDT [DEBUG] header - >> "Content-Length:
> 965[\r][\n]"
> 2004/09/29 15:53:45:867 CDT [DEBUG] header - >> "Content-Type:
> multipart/form-da
> ta; boundary=----------------314159265358979323846[\r][\n]"
> 2004/09/29 15:53:46:037 CDT [DEBUG] header - >> "[\r][\n]"
> 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "HTTP/1.1 401 Access
> Denied[\r][
> \n]"
> 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "Server:
> Microsoft-IIS/5.0[\r][\
> n]"
> 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "Date: Wed, 29 Sep 2004
> 20:53:50
> GMT[\r][\n]"
> 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "WWW-Authenticate:
> Negotiate[\r]
> [\n]"
> 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "WWW-Authenticate:
> NTLM[\r][\n]"
>
> 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "Connection:
> close[\r][\n]"
> 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "Content-Length:
> 4431[\r][\n]"
> 2004/09/29 15:53:46:107 CDT [DEBUG] header - << "Content-Type:
> text/html[\r][\n]
> "
> 2004/09/29 15:53:46:107 CDT [DEBUG] HttpMethodBase - Authorization
> required
> 2004/09/29 15:53:46:117 CDT [DEBUG] HttpAuthenticator - Authenticating
> with the
> default authentication realm at keystone.ibanksystems.com
> 2004/09/29 15:53:46:117 CDT [DEBUG] HttpMethodBase -
> HttpMethodBase.execute(): S
> erver demanded authentication credentials, will try again.
> 2004/09/29 15:53:46:127 CDT [DEBUG] HttpMethodBase - Should close
> connection in
> response to Connection: close
>
> 2004/09/29 15:53:46:127 CDT [DEBUG] HttpMethodBase - Execute loop try 2
> 2004/09/29 15:53:46:127 CDT [DEBUG] HttpMethodBase - Opening the
> connection.
> 2004/09/29 15:53:46:167 CDT [DEBUG] header - >> "POST
> /carlsontest/siteman.asp?u
> =Y&d=c:\im\ HTTP/1.1[\r][\n]"
> 2004/09/29 15:53:46:167 CDT [DEBUG] HttpMethodBase - Request to add Host
> header
> ignored: header already added
> 2004/09/29 15:53:46:167 CDT [DEBUG] header - >> "User-Agent: Jakarta
> Commons-Htt
> pClient/2.0.1[\r][\n]"
> 2004/09/29 15:53:46:167 CDT [DEBUG] header - >> "Host:
> keystone.ibanksystems.com
> [\r][\n]"
> 2004/09/29 15:53:46:167 CDT [DEBUG] header - >> "Content-Length:
> 965[\r][\n]"
> 2004/09/29 15:53:46:167 CDT [DEBUG] header - >> "Authorization: NTLM
> TlRMTVNTUAA
> BAAAABlIAAAwADAA5AAAAGQAZACAAAABLRVlTVE9ORS5JQkFOS1NZU1RFTVMuQ09NSUJBTkt
> TWVNURU1
> T[\r][\n]"
> 2004/09/29 15:53:46:167 CDT [DEBUG] header - >> "Content-Type:
> multipart/form-da
> ta; boundary=----------------314159265358979323846[\r][\n]"
> 2004/09/29 15:53:46:217 CDT [DEBUG] header - >> "[\r][\n]"
> 2004/09/29 15:53:46:328 CDT [DEBUG] header - << "HTTP/1.1 401 Access
> Denied[\r][
> \n]"
> 2004/09/29 15:53:46:328 CDT [DEBUG] header - << "Server:
> Microsoft-IIS/5.0[\r][\
> n]"
> 2004/09/29 15:53:46:328 CDT [DEBUG] header - << "Date: Wed, 29 Sep 2004
> 20:53:50
> GMT[\r][\n]"
> 2004/09/29 15:53:46:328 CDT [DEBUG] header - << "WWW-Authenticate: NTLM
> TlRMTVNT
> UAACAAAAAwADADAAAAAGAoEAi30aMw030nIAAAAAAAAAADoAOgAzAAAAQVRTAgAGAEEAVABT
> AAEAEgBJ
> AEIAQQBOAEsAVwBFAEIAMQADABIAaQBiAGEAbgBrAHcAZQBiADEAAAAAAA==[\r][\n]"
> 2004/09/29 15:53:46:328 CDT [DEBUG] header - << "Content-Length:
> 4033[\r][\n]"
> 2004/09/29 15:53:46:328 CDT [DEBUG] header - << "Content-Type:
> text/html[\r][\n]
> "
> 2004/09/29 15:53:46:328 CDT [DEBUG] HttpMethodBase - Authorization
> required
> 2004/09/29 15:53:46:328 CDT [DEBUG] HttpAuthenticator - Authenticating
> with the
> default authentication realm at keystone.ibanksystems.com
> 2004/09/29 15:53:46:628 CDT [DEBUG] HttpMethodBase -
> HttpMethodBase.execute(): S
> erver demanded authentication credentials, will try again.
> 2004/09/29 15:53:46:628 CDT [DEBUG] HttpMethodBase - Resorting to
> protocol versi
> on default close connection policy
> 2004/09/29 15:53:46:628 CDT [DEBUG] HttpMethodBase - Should NOT close
> connection
> , using HTTP/1.1.
> 2004/09/29 15:53:46:628 CDT [DEBUG] HttpMethodBase - Execute loop try 3
> 2004/09/29 15:53:46:628 CDT [DEBUG] header - >> "POST
> /carlsontest/siteman.asp?u
> =Y&d=c:\im\ HTTP/1.1[\r][\n]"
> 2004/09/29 15:53:46:638 CDT [DEBUG] HttpMethodBase - Request to add Host
> header
> ignored: header already added
> 2004/09/29 15:53:46:638 CDT [DEBUG] header - >> "User-Agent: Jakarta
> Commons-Htt
> pClient/2.0.1[\r][\n]"
> 2004/09/29 15:53:46:638 CDT [DEBUG] header - >> "Host:
> keystone.ibanksystems.com
> [\r][\n]"
> 2004/09/29 15:53:46:638 CDT [DEBUG] header - >> "Content-Length:
> 965[\r][\n]"
> 2004/09/29 15:53:46:638 CDT [DEBUG] header - >> "Authorization: NTLM
> TlRMTVNTUAA
> DAAAAGAAYAHAAAAAAAAAAiAAAAAwADABAAAAACwALAEwAAAAZABkAVwAAAAAAAACIAAAABlI
> AAElCQU5
> LU1lTVEVNU0pXSUxMSUFNU09OS0VZU1RPTkUuSUJBTktTWVNURU1TLkNPTdQW3Tg5H/LspBn
> 2RSOZkzf
> ILnVSU4p+Ow==[\r][\n]"
> 2004/09/29 15:53:46:638 CDT [DEBUG] header - >> "Content-Type:
> multipart/form-da
> ta; boundary=----------------314159265358979323846[\r][\n]"
> 2004/09/29 15:53:46:648 CDT [DEBUG] header - >> "[\r][\n]"
> 2004/09/29 15:53:46:698 CDT [DEBUG] header - << "HTTP/1.1 100
> Continue[\r][\n]"
> 2004/09/29 15:53:46:698 CDT [DEBUG] header - << "Server:
> Microsoft-IIS/5.0[\r][\
> n]"
> 2004/09/29 15:53:46:698 CDT [DEBUG] header - << "Date: Wed, 29 Sep 2004
> 20:53:50
> GMT[\r][\n]"
> 2004/09/29 15:53:46:698 CDT [DEBUG] header - << "IISExport: This web
> site was ex
> ported using IIS Export v3.0[\r][\n]"
> 2004/09/29 15:53:46:698 CDT [INFO] HttpMethodBase - Discarding
> unexpected respon
> se: HTTP/1.1 100 Continue
> 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "HTTP/1.1 200
> OK[\r][\n]"
> 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "Server:
> Microsoft-IIS/5.0[\r][\
> n]"
> 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "Date: Wed, 29 Sep 2004
> 20:53:50
> GMT[\r][\n]"
> 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "IISExport: This web
> site was ex
> ported using IIS Export v3.0[\r][\n]"
> 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "Content-Length:
> 2873[\r][\n]"
> 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "Content-Type:
> text/html[\r][\n]
> "
> 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "Set-Cookie:
> ASPSESSIONIDAQQBDAB
> R=LMNNMHNALPPKIBENMNNANHGP; path=/[\r][\n]"
> 2004/09/29 15:53:46:708 CDT [DEBUG] header - << "Cache-control:
> private[\r][\n]"
>
> 2004/09/29 15:53:46:738 CDT [DEBUG] HttpMethodBase - Cookie accepted:
> "$Version=
> 0; ASPSESSIONIDAQQBDABR=LMNNMHNALPPKIBENMNNANHGP; $Path=/"
> Status Line: HTTP/1.1 200 OK
> Status Code: 200
> Press any key to continue . . .
>
> Any help/advice would be greatly appreciated.
>
> Best regards,
>
> Chris
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org