You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "MacDonald, Rindress" <RM...@enterasys.com> on 2004/10/28 17:20:16 UTC
[HttpClient 3.0alpha2] Trouble with Basic authentication over SSL through a proxy.
Hi,
I am having a problem trying to retrieve a file over SSL through a proxy
server. The proxy server does not need authentication and the end web
server is using Basic authentication. I've attached the
InteractiveAuthenticationExample.java and a wire trace of the problem.
If I connect to the end server and supply valid credentials then
everything works fine. However; if I specify invalid username and/or
password I see the 401 coming back from the server but I never get
prompted to enter the credentials again.
Any help would be greatly appreciated.
Thanks in advance,
Rindress MacDonald
Re: [HttpClient 3.0alpha2] Trouble with Basic authentication over
SSL through a proxy.
Posted by Oleg Kalnichevski <ol...@apache.org>.
Rindress,
This is clearly a bug in HttpClient 3.0. I'll see if I can reproduce the
problem locally and get it fixed. Meanwhile, could you please test the
same code in a non-interactive mode (that is, using HttpState)?
Oleg
On Thu, 2004-10-28 at 17:20, MacDonald, Rindress wrote:
> Hi,
> I am having a problem trying to retrieve a file over SSL through a proxy
> server. The proxy server does not need authentication and the end web
> server is using Basic authentication. I've attached the
> InteractiveAuthenticationExample.java and a wire trace of the problem.
>
> If I connect to the end server and supply valid credentials then
> everything works fine. However; if I specify invalid username and/or
> password I see the 401 coming back from the server but I never get
> prompted to enter the credentials again.
>
> Any help would be greatly appreciated.
>
> Thanks in advance,
> Rindress MacDonald
>
>
>
>
> ______________________________________________________________________
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
Re: [HttpClient 3.0alpha2] Trouble with Basic authentication over
SSL through a proxy.
Posted by Oleg Kalnichevski <ol...@apache.org>.
Rindress,
I am unable to reproduce the problem. As far as I can tell, CVS HEAD
(which is virtually identical to 3.0a2) works just fine with the
interactive authentication (both successful and unsuccessful). See the
wirelog below. I use Squid/2.5.STABLE5 as a proxy and Apache HTTPD
2.0.51 with mod_ssl (both running locally)
I suspect something is fishy about your setup. What kind of proxy are
you using? Could you also post the course code of your test app?
Oleg
[DEBUG] HttpClient - -Java version: 1.4.2
[DEBUG] HttpClient - -Java vendor: Sun Microsystems Inc.
[DEBUG] HttpClient - -Java class path:
/home/oleg/src/eclipse-workspace/Jakarta Commons HTTP client
test/bin:/opt/eclipse/plugins/org.junit_3.8.1/junit.jar:/opt/javalib/jakarta-commons/lib/commons-logging.jar:/home/oleg/src/jakarta/httpclient/bin:/opt/javalib/jakarta-commons/lib/commons-codec.jar
[DEBUG] HttpClient - -Operating system name: Linux
[DEBUG] HttpClient - -Operating system architecture: i386
[DEBUG] HttpClient - -Operating system version: 2.6.8-1.521smp
[DEBUG] HttpClient - -SUN 1.42: SUN (DSA key/parameter generation; DSA
signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS
keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection
CertStores)
[DEBUG] HttpClient - -SunJSSE 1.42: Sun JSSE provider(implements RSA
Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
[DEBUG] HttpClient - -SunRsaSign 1.42: SUN's provider for RSA signatures
[DEBUG] HttpClient - -SunJCE 1.42: SunJCE Provider (implements DES,
Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
[DEBUG] HttpClient - -SunJGSS 1.0: Sun (Kerberos v5)
[DEBUG] DefaultHttpParams - -Set parameter http.useragent = Jakarta
Commons-HttpClient/3.0-alpha2
[DEBUG] DefaultHttpParams - -Set parameter http.protocol.version =
HTTP/1.1
[DEBUG] DefaultHttpParams - -Set parameter http.connection-manager.class
= class org.apache.commons.httpclient.SimpleHttpConnectionManager
[DEBUG] DefaultHttpParams - -Set parameter http.protocol.cookie-policy =
rfc2109
[DEBUG] DefaultHttpParams - -Set parameter http.protocol.element-charset
= US-ASCII
[DEBUG] DefaultHttpParams - -Set parameter http.protocol.content-charset
= ISO-8859-1
[DEBUG] DefaultHttpParams - -Set parameter http.method.retry-handler =
org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@913fe2
[DEBUG] DefaultHttpParams - -Set parameter http.dateparser.patterns =
[EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d
HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z,
EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy
HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd
MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z,
EEE, dd-MM-yyyy HH:mm:ss z]
[DEBUG] DefaultHttpParams - -Set parameter
http.authentication.credential-provider = ConsoleAuthPrompter@121cc40
[DEBUG] header - ->> "CONNECT testhost:443 HTTP/1.1"
[DEBUG] HttpMethodBase - -Adding Host request header
[DEBUG] header - ->> "User-Agent: Jakarta
Commons-HttpClient/3.0-alpha2[\r][\n]"
[DEBUG] header - ->> "Host: testhost[\r][\n]"
[DEBUG] header - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - ->> "[\r][\n]"
[DEBUG] header - -<< "HTTP/1.0 407 Proxy Authentication
Required[\r][\n]"
[DEBUG] header - -<< "Server: squid/2.5.STABLE5[\r][\n]"
[DEBUG] header - -<< "Mime-Version: 1.0[\r][\n]"
[DEBUG] header - -<< "Date: Thu, 28 Oct 2004 19:48:46 GMT[\r][\n]"
[DEBUG] header - -<< "Content-Type: text/html[\r][\n]"
[DEBUG] header - -<< "Content-Length: 1288[\r][\n]"
[DEBUG] header - -<< "Expires: Thu, 28 Oct 2004 19:48:46 GMT[\r][\n]"
[DEBUG] header - -<< "X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0[\r][\n]"
[DEBUG] header - -<< "Proxy-Authenticate: Basic realm="squid"[\r][\n]"
[DEBUG] header - -<< "X-Cache: MISS from localhost.localdomain[\r][\n]"
[DEBUG] header - -<< "Proxy-Connection: keep-alive[\r][\n]"
[DEBUG] ConnectMethod - -CONNECT status code 407
[DEBUG] AuthChallengeProcessor - -Supported authentication schemes in
the order of preference: [ntlm, digest, basic]
[DEBUG] AuthChallengeProcessor - -Challenge for ntlm authentication
scheme not available
[DEBUG] AuthChallengeProcessor - -Challenge for digest authentication
scheme not available
[INFO] AuthChallengeProcessor - -basic authentication scheme selected
[DEBUG] AuthChallengeProcessor - -Using authentication scheme: basic
localhost:8888 requires authentication with the realm 'squid'
Enter username: crap
Enter password: crap
[DEBUG] HttpMethodDirector - -BASIC 'squid'@localhost:8888 new
credentials given
[DEBUG] HttpMethodBase - -Should NOT close connection in response to
Proxy-Connection: keep-alive
[DEBUG] HttpConnection - -Connection is locked. Call to
releaseConnection() ignored.
[DEBUG] HttpMethodDirector - -Authenticating with BASIC
'squid'@localhost:8888
[DEBUG] HttpMethodParams - -Credential charset not configured, using
HTTP element charset
[DEBUG] header - ->> "CONNECT testhost:443 HTTP/1.1"
[DEBUG] HttpMethodBase - -Adding Host request header
[DEBUG] header - ->> "User-Agent: Jakarta
Commons-HttpClient/3.0-alpha2[\r][\n]"
[DEBUG] header - ->> "Proxy-Authorization: Basic Y3JhcDpjcmFw[\r][\n]"
[DEBUG] header - ->> "Host: testhost[\r][\n]"
[DEBUG] header - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - ->> "[\r][\n]"
[DEBUG] header - -<< "HTTP/1.0 407 Proxy Authentication
Required[\r][\n]"
[DEBUG] header - -<< "Server: squid/2.5.STABLE5[\r][\n]"
[DEBUG] header - -<< "Mime-Version: 1.0[\r][\n]"
[DEBUG] header - -<< "Date: Thu, 28 Oct 2004 19:48:55 GMT[\r][\n]"
[DEBUG] header - -<< "Content-Type: text/html[\r][\n]"
[DEBUG] header - -<< "Content-Length: 1288[\r][\n]"
[DEBUG] header - -<< "Expires: Thu, 28 Oct 2004 19:48:55 GMT[\r][\n]"
[DEBUG] header - -<< "X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0[\r][\n]"
[DEBUG] header - -<< "Proxy-Authenticate: Basic realm="squid"[\r][\n]"
[DEBUG] header - -<< "X-Cache: MISS from localhost.localdomain[\r][\n]"
[DEBUG] header - -<< "Proxy-Connection: keep-alive[\r][\n]"
[DEBUG] ConnectMethod - -CONNECT status code 407
[DEBUG] AuthChallengeProcessor - -Using authentication scheme: basic
localhost:8888 requires authentication with the realm 'squid'
Enter username: squid
Enter password: squid
[DEBUG] HttpMethodDirector - -BASIC 'squid'@localhost:8888 new
credentials given
[DEBUG] HttpMethodBase - -Should NOT close connection in response to
Proxy-Connection: keep-alive
[DEBUG] HttpConnection - -Connection is locked. Call to
releaseConnection() ignored.
[DEBUG] HttpMethodDirector - -Authenticating with BASIC
'squid'@localhost:8888
[DEBUG] HttpMethodParams - -Credential charset not configured, using
HTTP element charset
[DEBUG] header - ->> "CONNECT testhost:443 HTTP/1.1"
[DEBUG] HttpMethodBase - -Adding Host request header
[DEBUG] header - ->> "User-Agent: Jakarta
Commons-HttpClient/3.0-alpha2[\r][\n]"
[DEBUG] header - ->> "Proxy-Authorization: Basic
c3F1aWQ6c3F1aWQ=[\r][\n]"
[DEBUG] header - ->> "Host: testhost[\r][\n]"
[DEBUG] header - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] header - ->> "[\r][\n]"
[DEBUG] header - -<< "HTTP/1.0 200 Connection established[\r][\n]"
[DEBUG] ConnectMethod - -CONNECT status code 200
[DEBUG] HttpConnection - -Secure tunnel created
[DEBUG] header - ->> "GET /transfer/ HTTP/1.1[\r][\n]"
[DEBUG] HttpMethodBase - -Adding Host request header
[DEBUG] header - ->> "User-Agent: Jakarta
Commons-HttpClient/3.0-alpha2[\r][\n]"
[DEBUG] header - ->> "Host: testhost[\r][\n]"
[DEBUG] EasyX509TrustManager - -Server certificate chain:
...
[DEBUG] header - ->> "[\r][\n]"
[DEBUG] header - -<< "HTTP/1.1 401 Authorization Required[\r][\n]"
[DEBUG] header - -<< "Date: Thu, 28 Oct 2004 19:49:01 GMT[\r][\n]"
[DEBUG] header - -<< "Server: Apache/2.0.51 (Fedora)[\r][\n]"
[DEBUG] header - -<< "WWW-Authenticate: Digest realm="transfer",
nonce="wuXfO4fnAwA=7a3d1fbb7aa04ff5fc0dffef83f0ea814a9897bb",
algorithm=MD5, qop="auth"[\r][\n]"
[DEBUG] header - -<< "Content-Length: 478[\r][\n]"
[DEBUG] header - -<< "Content-Type: text/html;
charset=iso-8859-1[\r][\n]"
[DEBUG] HttpMethodDirector - -Authorization required
[DEBUG] AuthChallengeProcessor - -Supported authentication schemes in
the order of preference: [ntlm, digest, basic]
[DEBUG] AuthChallengeProcessor - -Challenge for ntlm authentication
scheme not available
[INFO] AuthChallengeProcessor - -digest authentication scheme selected
[DEBUG] AuthChallengeProcessor - -Using authentication scheme: digest
testhost:443 requires authentication with the realm 'transfer'
Enter username: crap
Enter password: crap
[DEBUG] HttpMethodDirector - -DIGEST 'transfer'@testhost:443 new
credentials given
[DEBUG] HttpMethodBase - -Resorting to protocol version default close
connection policy
[DEBUG] HttpMethodBase - -Should NOT close connection, using HTTP/1.1
[DEBUG] HttpConnection - -Connection is locked. Call to
releaseConnection() ignored.
[DEBUG] HttpMethodDirector - -Authenticating with DIGEST
'transfer'@testhost:443
[DEBUG] HttpMethodParams - -Credential charset not configured, using
HTTP element charset
[DEBUG] DigestScheme - -Using qop method auth
[DEBUG] header - ->> "GET /transfer/ HTTP/1.1[\r][\n]"
[DEBUG] HttpMethodBase - -Adding Host request header
[DEBUG] header - ->> "User-Agent: Jakarta
Commons-HttpClient/3.0-alpha2[\r][\n]"
[DEBUG] header - ->> "Authorization: Digest username="crap",
realm="transfer",
nonce="wuXfO4fnAwA=7a3d1fbb7aa04ff5fc0dffef83f0ea814a9897bb",
uri="/transfer/", response="e1fb3355f2533778d483c2f6a6b84433",
qop="auth", nc=00000001, cnonce="2d2b5a904b3039671e932080b275708e",
algorithm="MD5"[\r][\n]"
[DEBUG] header - ->> "Host: testhost[\r][\n]"
[DEBUG] header - ->> "[\r][\n]"
[DEBUG] header - -<< "HTTP/1.1 401 Authorization Required[\r][\n]"
[DEBUG] header - -<< "Date: Thu, 28 Oct 2004 19:49:05 GMT[\r][\n]"
[DEBUG] header - -<< "Server: Apache/2.0.51 (Fedora)[\r][\n]"
[DEBUG] header - -<< "WWW-Authenticate: Digest realm="transfer",
nonce="2fUgPIfnAwA=b443e15231ef55e6ea464225090430ae69cf1c6d",
algorithm=MD5, qop="auth"[\r][\n]"
[DEBUG] header - -<< "Content-Length: 478[\r][\n]"
[DEBUG] header - -<< "Content-Type: text/html;
charset=iso-8859-1[\r][\n]"
[DEBUG] HttpMethodDirector - -Authorization required
[DEBUG] AuthChallengeProcessor - -Using authentication scheme: digest
testhost:443 requires authentication with the realm 'transfer'
Enter username: transfer
Enter password: transfer
[DEBUG] HttpMethodDirector - -DIGEST 'transfer'@testhost:443 new
credentials given
[DEBUG] HttpMethodBase - -Resorting to protocol version default close
connection policy
[DEBUG] HttpMethodBase - -Should NOT close connection, using HTTP/1.1
[DEBUG] HttpConnection - -Connection is locked. Call to
releaseConnection() ignored.
[DEBUG] HttpMethodDirector - -Authenticating with DIGEST
'transfer'@testhost:443
[DEBUG] HttpMethodParams - -Credential charset not configured, using
HTTP element charset
[DEBUG] DigestScheme - -Using qop method auth
[DEBUG] header - ->> "GET /transfer/ HTTP/1.1[\r][\n]"
[DEBUG] HttpMethodBase - -Adding Host request header
[DEBUG] header - ->> "User-Agent: Jakarta
Commons-HttpClient/3.0-alpha2[\r][\n]"
[DEBUG] header - ->> "Authorization: Digest username="transfer",
realm="transfer",
nonce="2fUgPIfnAwA=b443e15231ef55e6ea464225090430ae69cf1c6d",
uri="/transfer/", response="918208d90b2a71e0549029057fb5a513",
qop="auth", nc=00000001, cnonce="568dd36f22bbb9f0c40cc84bc46ef8df",
algorithm="MD5"[\r][\n]"
[DEBUG] header - ->> "Host: testhost[\r][\n]"
[DEBUG] header - ->> "[\r][\n]"
[DEBUG] header - -<< "HTTP/1.1 200 OK[\r][\n]"
[DEBUG] header - -<< "Date: Thu, 28 Oct 2004 19:49:10 GMT[\r][\n]"
[DEBUG] header - -<< "Server: Apache/2.0.51 (Fedora)[\r][\n]"
[DEBUG] header - -<< "Authentication-Info:
rspauth="e78ea83c5659ac80ab9830aebc9833e3",
cnonce="568dd36f22bbb9f0c40cc84bc46ef8df", nc=00000001,
qop=auth[\r][\n]"
[DEBUG] header - -<< "Content-Length: 556[\r][\n]"
[DEBUG] header - -<< "Content-Type: text/html; charset=UTF-8[\r][\n]"
HTTP/1.1 200 OK
[DEBUG] HttpMethodBase - -Buffering response body
[DEBUG] HttpMethodBase - -Resorting to protocol version default close
connection policy
[DEBUG] HttpMethodBase - -Should NOT close connection, using HTTP/1.1
[DEBUG] HttpConnection - -Releasing connection back to connection
manager.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /transfer</title>
</head>
<body>
<h1>Index of /transfer</h1>
<pre><img src="/icons/blank.gif" alt="Icon "> <a
href="?C=N;O=D">Name</a> <a href="?C=M;O=A">Last
modified</a> <a href="?C=S;O=A">Size</a> <a
href="?C=D;O=A">Description</a><hr><img src="/icons/back.gif"
alt="[DIR]"> <a href="/">Parent
Directory</a> -
<hr></pre>
<address>Apache/2.0.51 (Fedora) Server at testhost Port 443</address>
</body></html>
On Thu, 2004-10-28 at 17:20, MacDonald, Rindress wrote:
> Hi,
> I am having a problem trying to retrieve a file over SSL through a proxy
> server. The proxy server does not need authentication and the end web
> server is using Basic authentication. I've attached the
> InteractiveAuthenticationExample.java and a wire trace of the problem.
>
> If I connect to the end server and supply valid credentials then
> everything works fine. However; if I specify invalid username and/or
> password I see the 401 coming back from the server but I never get
> prompted to enter the credentials again.
>
> Any help would be greatly appreciated.
>
> Thanks in advance,
> Rindress MacDonald
>
>
>
>
> ______________________________________________________________________
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org