You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Mat Gessel (JIRA)" <ji...@apache.org> on 2014/02/07 00:55:19 UTC
[jira] [Created] (HTTPCLIENT-1457)
HttpClientBuilder.useSystemProperties() is incompatible with NTLM scheme
Mat Gessel created HTTPCLIENT-1457:
--------------------------------------
Summary: HttpClientBuilder.useSystemProperties() is incompatible with NTLM scheme
Key: HTTPCLIENT-1457
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1457
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpAuth, HttpClient
Affects Versions: 4.3.2
Environment: Client: JRE 5 - JRE 7
Proxy: Squid with Winbind & NTLM authentication
Auth server: Windows server 2003 / 2008
Reporter: Mat Gessel
I ran into this with NTLM proxy authentication.
Summary:
HttpClientBuilder.useSystemProperties() results in SystemDefaultCredentialsProvider being specified. SystemDefaultCredentialsProvider delegates authentication to java.net.Authenticator and always returns credentials as UsernamePasswordCredentials. NTLMScheme expects credentials to be an instance of NTCredentials.
Note: This works in "plain old Java". That is: URL connections work through an NTLM authenticating proxy if the default java.net.Authenticator is set.
NTLMScheme casts provided credentials to NTCredentials, generating an exception. The end result (for proxy auth) is a HTTP 407 status and the following log message:
WARN org.apache.http.impl.auth.HttpAuthenticator - NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials
Nitpick: NTLMScheme.authenticate() should guard the argument with an "instanceof" instead of catching a ClassCastException.
The code boils down to this:
java.net.Authenticator.setDefault(new Authenticator()
{
@Override
protected PasswordAuthentication getPasswordAuthentication()
{
if (getRequestorType() == RequestorType.PROXY)
{
String prot = getRequestingProtocol().toLowerCase();
String host = System.getProperty(prot + ".proxyHost", "");
String port = System.getProperty(prot + ".proxyPort", "80");
String user = System.getProperty(prot + ".proxyUser", "");
String password = System.getProperty(prot + ".proxyPassword", "");
if (getRequestingHost().equalsIgnoreCase(host))
{
if (port != null && port.equals(Integer.toString(getRequestingPort())))
{
return new PasswordAuthentication(user, password.toCharArray());
}
}
}
return null;
}
});
HttpClients.custom().useSystemProperties().build().execute(new HttpGet("http://example.com"));
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org