You are viewing a plain text version of this content. The canonical link for it is here.

Posted to httpclient-users@hc.apache.org by Thomas Vestergaard <CG...@telenor.dk> on 2012/03/20 13:35:01 UTC

NTLM proxy authentication

Hello,

I am having a problem with getting HttpClient to send requests through a proxy demanding NTLM authentication, which I understand should be possible.

My code for trying to accomplish this:
Credentials credentials;
try {
           credentials = new NTCredentials(proxyUsername, proxyPassword, InetAddress.getLocalHost().getHostName(), proxyDomain);
} catch (Exception e) {
           throw new SessionException("Unable to create NTLM credentials for proxy authentication", e);
}
client.getCredentialsProvider().setCredentials(new AuthScope(proxyHostname, proxyPort), credentials);

HttpHost proxyHost = new HttpHost(proxyHostname, proxyPort);
client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxyHost);

AuthScheme proxyAuthScheme = new NTLMSchemeFactory().newInstance(client.getParams());
authCache.put(proxyHost, proxyAuthScheme);

But I am apparently missing something, since it does not work.

The authCache is later added to the context used in the execute call. Without this, I get an error about missing an ini-file - looks like an attempt to use Kerberos.
The full log of the interaction is pasted below. As can also be seen in the log, I am using HttpClient v. 4.1.3.

 Best regards,
Telenor

Thomas Vestergaard
Ekstern konsulent
Technology
Frederikskaj, DK-1780. København V
Tel: +45 52 18 92 18  // e-mail: cgethve@telenor.dk<ma...@telenor.dk>
Web: http://www.telenor.dk<http://www.telenor.dk/>

DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Get connection for route HttpRoute[{}->http://tmgproxy.telenor.dk:8080->http://hc.apache.org:80]
DEBUG [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.client.protocol.RequestAuthCache] Re-using cached 'ntlm' auth scheme for http://tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 1 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
DEBUG [org.apache.http.headers] << Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 3670
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 2 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM TlRMTVNTUAABAAAANQIIIAwADAA8AAAAHAAcACAAAABYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQAUwBPAE4ARgBPAE4A
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAFgAWADgAAAA1Aoki1+rF8hsocI8AAAAAAAAAALQAtABOAAAABgGxHQAAAA9TAE8ATgBPAEYATwBOAC4ARABPAE0AAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAA
DEBUG [org.apache.http.headers] << Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 0
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 3 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAADgAOAAWAAAAAwADAA4AQAADgAOAEQBAAAcABwAUgEAAAAAAABuAQAANQIIILz16v88ObGIAyJRwplRA1RHf5V7zloNVnfwJnYZbsCj/uvqTyxBJbgBAQAAAAAAADDtlQ+VBs0BR3+Ve85aDVYAAAAAAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAAUwBPAE4ARgBPAE4AYwBnAGUAdABoAHYAZQBYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQA
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
DEBUG [org.apache.http.headers] << Connection: close
DEBUG [org.apache.http.headers] << Proxy-Connection: close
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 3670
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication failed
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Releasing connection org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@a9ae05
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Released connection open but not reusable.
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection shut down

Re: SV: NTLM proxy authentication

Posted by Oleg Kalnichevski <ol...@apache.org>.

On Tue, 2012-03-20 at 15:26 +0000, Thomas Vestergaard wrote:
> Hi,
> 
> Just to follow up, I got NTLM proxy to work - atleast partly by using JCIFS as described on: http://hc.apache.org/httpcomponents-client-ga/ntlm.html
> 

Unfortunately the default NTLM implementation shipped with HttpClient is
not particularly great. As long as you do not mind using LGPL licensed
software JCIFS is the way to go.

Oleg  

> However, I still have a number of use-cases, where my implementation fails. From what I can gather from the logs, it has to do with missing proxy auth of redirects. (See below.)
> 
> I there something I need to set or override to enable authentication on each connection rather than request?
> Or is it possible to prevent the client from closing the connection between the two GET's? (Regardless of this problem, it seems wasteful. But I might be mistaken.)
> 
> Best regards,
> Thomas
> 
> [snip - initial GET resulting in 307 Temporary Redirect]
> DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 307 Temporary Redirect
> DEBUG [org.apache.http.headers] << HTTP/1.1 307 Temporary Redirect
> DEBUG [org.apache.http.headers] << Accept-Ranges: bytes
> DEBUG [org.apache.http.headers] << Age: 0
> DEBUG [org.apache.http.headers] << Content-Type: application/xml
> DEBUG [org.apache.http.headers] << Date: Tue, 20 Mar 2012 14:51:56 GMT
> DEBUG [org.apache.http.headers] << Location: https://partner.com/users/42/info?apiuserid=TNDK
> DEBUG [org.apache.http.headers] << Server: Jetty(8.0.0.M2)
> DEBUG [org.apache.http.headers] << Via: 1.1 varnish
> DEBUG [org.apache.http.headers] << X-Varnish: 1790574415
> DEBUG [org.apache.http.headers] << Content-Length: 0
> DEBUG [org.apache.http.headers] << Connection: keep-alive
> DEBUG [org.apache.http.client.protocol.ResponseAuthCache] Caching 'basic' auth scheme for https://partner.com
> DEBUG [org.apache.http.impl.client.DefaultRedirectStrategy] Redirect requested to location 'https://partner.com/id/users/42/info?apiuserid=TNDK'
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Redirecting to 'https://partner.com/id/users/42/info?apiuserid=TNDK' via HttpRoute[{tls}->http://tmgproxy.telenor.dk:8080->https://partner.com]
> DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection closed
> DEBUG [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to tmgproxy.telenor.dk:8080
> DEBUG [org.apache.http.client.protocol.RequestAuthCache] Re-using cached 'ntlm' auth scheme for http://tmgproxy.telenor.dk:8080
> DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: CONNECT partner.com:443 HTTP/1.1
> DEBUG [org.apache.http.headers] >> CONNECT partner.com:443 HTTP/1.1
> DEBUG [org.apache.http.headers] >> Host: partner.com
> DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
> DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
> DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
> DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
> DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
> DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
> DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
> DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
> DEBUG [org.apache.http.headers] << Connection: close
> DEBUG [org.apache.http.headers] << Proxy-Connection: close
> DEBUG [org.apache.http.headers] << Pragma: no-cache
> DEBUG [org.apache.http.headers] << Cache-Control: no-cache
> DEBUG [org.apache.http.headers] << Content-Type: text/html
> DEBUG [org.apache.http.headers] << Content-Length: 2687  
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication failed
> DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection closed
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] CONNECT refused by proxy: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
> DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Releasing connection org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@1f78040
> 
> 
> 
> -----Oprindelig meddelelse-----
> Fra: Thomas Vestergaard [mailto:CGETHVE@telenor.dk] 
> Sendt: 20. marts 2012 13:35
> Til: httpclient-users@hc.apache.org
> Emne: NTLM proxy authentication
> 
> Hello,
> 
> I am having a problem with getting HttpClient to send requests through a proxy demanding NTLM authentication, which I understand should be possible.
> 
> My code for trying to accomplish this:
> Credentials credentials;
> try {
>            credentials = new NTCredentials(proxyUsername, proxyPassword, InetAddress.getLocalHost().getHostName(), proxyDomain);
> } catch (Exception e) {
>            throw new SessionException("Unable to create NTLM credentials for proxy authentication", e);
> }
> client.getCredentialsProvider().setCredentials(new AuthScope(proxyHostname, proxyPort), credentials);
> 
> HttpHost proxyHost = new HttpHost(proxyHostname, proxyPort);
> client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxyHost);
> 
> AuthScheme proxyAuthScheme = new NTLMSchemeFactory().newInstance(client.getParams());
> authCache.put(proxyHost, proxyAuthScheme);
> 
> But I am apparently missing something, since it does not work.
> 
> The authCache is later added to the context used in the execute call. Without this, I get an error about missing an ini-file - looks like an attempt to use Kerberos.
> The full log of the interaction is pasted below. As can also be seen in the log, I am using HttpClient v. 4.1.3.
> 
>  Best regards,
> Telenor
> 
> Thomas Vestergaard
> Ekstern konsulent
> Technology
> Frederikskaj, DK-1780. København V
> Tel: +45 52 18 92 18  // e-mail: cgethve@telenor.dk<ma...@telenor.dk>
> Web: http://www.telenor.dk<http://www.telenor.dk/>
> 
> DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Get connection for route HttpRoute[{}->http://tmgproxy.telenor.dk:8080->http://hc.apache.org:80]
> DEBUG [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to tmgproxy.telenor.dk:8080
> DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
> DEBUG [org.apache.http.client.protocol.RequestAuthCache] Re-using cached 'ntlm' auth scheme for http://tmgproxy.telenor.dk:8080
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 1 to execute request
> DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
> DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
> DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
> DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
> DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
> DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
> DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
> DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
> DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
> DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
> DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
> DEBUG [org.apache.http.headers] << Connection: Keep-Alive
> DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive
> DEBUG [org.apache.http.headers] << Pragma: no-cache
> DEBUG [org.apache.http.headers] << Cache-Control: no-cache
> DEBUG [org.apache.http.headers] << Content-Type: text/html
> DEBUG [org.apache.http.headers] << Content-Length: 3670
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
> DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 2 to execute request
> DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
> DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
> DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
> DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
> DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
> DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM TlRMTVNTUAABAAAANQIIIAwADAA8AAAAHAAcACAAAABYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQAUwBPAE4ARgBPAE4A
> DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )
> DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )
> DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
> DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAFgAWADgAAAA1Aoki1+rF8hsocI8AAAAAAAAAALQAtABOAAAABgGxHQAAAA9TAE8ATgBPAEYATwBOAC4ARABPAE0AAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAA
> DEBUG [org.apache.http.headers] << Connection: Keep-Alive
> DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive
> DEBUG [org.apache.http.headers] << Pragma: no-cache
> DEBUG [org.apache.http.headers] << Cache-Control: no-cache
> DEBUG [org.apache.http.headers] << Content-Type: text/html
> DEBUG [org.apache.http.headers] << Content-Length: 0
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
> DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 3 to execute request
> DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
> DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
> DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
> DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
> DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
> DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAADgAOAAWAAAAAwADAA4AQAADgAOAEQBAAAcABwAUgEAAAAAAABuAQAANQIIILz16v88ObGIAyJRwplRA1RHf5V7zloNVnfwJnYZbsCj/uvqTyxBJbgBAQAAAAAAADDtlQ+VBs0BR3+Ve85aDVYAAAAAAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAAUwBPAE4ARgBPAE4AYwBnAGUAdABoAHYAZQBYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQA
> DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
> DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
> DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
> DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
> DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
> DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
> DEBUG [org.apache.http.headers] << Connection: close
> DEBUG [org.apache.http.headers] << Proxy-Connection: close
> DEBUG [org.apache.http.headers] << Pragma: no-cache
> DEBUG [org.apache.http.headers] << Cache-Control: no-cache
> DEBUG [org.apache.http.headers] << Content-Type: text/html
> DEBUG [org.apache.http.headers] << Content-Length: 3670
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
> DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication failed
> DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Releasing connection org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@a9ae05
> DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Released connection open but not reusable.
> DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection shut down
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

SV: NTLM proxy authentication

Posted by Thomas Vestergaard <CG...@telenor.dk>.

Hi again,

Updating to version 4.2-beta1 solved the problem.

Best regards,
Thomas

-----Oprindelig meddelelse-----
Fra: Thomas Vestergaard [mailto:CGETHVE@telenor.dk] 
Sendt: 20. marts 2012 16:26
Til: HttpClient User Discussion
Emne: SV: NTLM proxy authentication

Hi,

Just to follow up, I got NTLM proxy to work - atleast partly by using JCIFS as described on: http://hc.apache.org/httpcomponents-client-ga/ntlm.html

However, I still have a number of use-cases, where my implementation fails. From what I can gather from the logs, it has to do with missing proxy auth of redirects. (See below.)

I there something I need to set or override to enable authentication on each connection rather than request?
Or is it possible to prevent the client from closing the connection between the two GET's? (Regardless of this problem, it seems wasteful. But I might be mistaken.)

Best regards,
Thomas

[snip - initial GET resulting in 307 Temporary Redirect]
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 307 Temporary Redirect
DEBUG [org.apache.http.headers] << HTTP/1.1 307 Temporary Redirect
DEBUG [org.apache.http.headers] << Accept-Ranges: bytes
DEBUG [org.apache.http.headers] << Age: 0
DEBUG [org.apache.http.headers] << Content-Type: application/xml
DEBUG [org.apache.http.headers] << Date: Tue, 20 Mar 2012 14:51:56 GMT
DEBUG [org.apache.http.headers] << Location: https://partner.com/users/42/info?apiuserid=TNDK
DEBUG [org.apache.http.headers] << Server: Jetty(8.0.0.M2)
DEBUG [org.apache.http.headers] << Via: 1.1 varnish
DEBUG [org.apache.http.headers] << X-Varnish: 1790574415
DEBUG [org.apache.http.headers] << Content-Length: 0
DEBUG [org.apache.http.headers] << Connection: keep-alive
DEBUG [org.apache.http.client.protocol.ResponseAuthCache] Caching 'basic' auth scheme for https://partner.com
DEBUG [org.apache.http.impl.client.DefaultRedirectStrategy] Redirect requested to location 'https://partner.com/id/users/42/info?apiuserid=TNDK'
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Redirecting to 'https://partner.com/id/users/42/info?apiuserid=TNDK' via HttpRoute[{tls}->http://tmgproxy.telenor.dk:8080->https://partner.com]
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection closed
DEBUG [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAuthCache] Re-using cached 'ntlm' auth scheme for http://tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: CONNECT partner.com:443 HTTP/1.1
DEBUG [org.apache.http.headers] >> CONNECT partner.com:443 HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: partner.com
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
DEBUG [org.apache.http.headers] << Connection: close
DEBUG [org.apache.http.headers] << Proxy-Connection: close
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 2687  
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication failed
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection closed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] CONNECT refused by proxy: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Releasing connection org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@1f78040



-----Oprindelig meddelelse-----
Fra: Thomas Vestergaard [mailto:CGETHVE@telenor.dk] 
Sendt: 20. marts 2012 13:35
Til: httpclient-users@hc.apache.org
Emne: NTLM proxy authentication

Hello,

I am having a problem with getting HttpClient to send requests through a proxy demanding NTLM authentication, which I understand should be possible.

My code for trying to accomplish this:
Credentials credentials;
try {
           credentials = new NTCredentials(proxyUsername, proxyPassword, InetAddress.getLocalHost().getHostName(), proxyDomain);
} catch (Exception e) {
           throw new SessionException("Unable to create NTLM credentials for proxy authentication", e);
}
client.getCredentialsProvider().setCredentials(new AuthScope(proxyHostname, proxyPort), credentials);

HttpHost proxyHost = new HttpHost(proxyHostname, proxyPort);
client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxyHost);

AuthScheme proxyAuthScheme = new NTLMSchemeFactory().newInstance(client.getParams());
authCache.put(proxyHost, proxyAuthScheme);

But I am apparently missing something, since it does not work.

The authCache is later added to the context used in the execute call. Without this, I get an error about missing an ini-file - looks like an attempt to use Kerberos.
The full log of the interaction is pasted below. As can also be seen in the log, I am using HttpClient v. 4.1.3.

 Best regards,
Telenor

Thomas Vestergaard
Ekstern konsulent
Technology
Frederikskaj, DK-1780. København V
Tel: +45 52 18 92 18  // e-mail: cgethve@telenor.dk<ma...@telenor.dk>
Web: http://www.telenor.dk<http://www.telenor.dk/>

DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Get connection for route HttpRoute[{}->http://tmgproxy.telenor.dk:8080->http://hc.apache.org:80]
DEBUG [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.client.protocol.RequestAuthCache] Re-using cached 'ntlm' auth scheme for http://tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 1 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
DEBUG [org.apache.http.headers] << Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 3670
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 2 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM TlRMTVNTUAABAAAANQIIIAwADAA8AAAAHAAcACAAAABYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQAUwBPAE4ARgBPAE4A
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAFgAWADgAAAA1Aoki1+rF8hsocI8AAAAAAAAAALQAtABOAAAABgGxHQAAAA9TAE8ATgBPAEYATwBOAC4ARABPAE0AAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAA
DEBUG [org.apache.http.headers] << Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 0
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 3 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAADgAOAAWAAAAAwADAA4AQAADgAOAEQBAAAcABwAUgEAAAAAAABuAQAANQIIILz16v88ObGIAyJRwplRA1RHf5V7zloNVnfwJnYZbsCj/uvqTyxBJbgBAQAAAAAAADDtlQ+VBs0BR3+Ve85aDVYAAAAAAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAAUwBPAE4ARgBPAE4AYwBnAGUAdABoAHYAZQBYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQA
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
DEBUG [org.apache.http.headers] << Connection: close
DEBUG [org.apache.http.headers] << Proxy-Connection: close
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 3670
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication failed
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Releasing connection org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@a9ae05
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Released connection open but not reusable.
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection shut down


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

SV: NTLM proxy authentication

Posted by Thomas Vestergaard <CG...@telenor.dk>.

Hi,

Just to follow up, I got NTLM proxy to work - atleast partly by using JCIFS as described on: http://hc.apache.org/httpcomponents-client-ga/ntlm.html

However, I still have a number of use-cases, where my implementation fails. From what I can gather from the logs, it has to do with missing proxy auth of redirects. (See below.)

I there something I need to set or override to enable authentication on each connection rather than request?
Or is it possible to prevent the client from closing the connection between the two GET's? (Regardless of this problem, it seems wasteful. But I might be mistaken.)

Best regards,
Thomas

[snip - initial GET resulting in 307 Temporary Redirect]
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 307 Temporary Redirect
DEBUG [org.apache.http.headers] << HTTP/1.1 307 Temporary Redirect
DEBUG [org.apache.http.headers] << Accept-Ranges: bytes
DEBUG [org.apache.http.headers] << Age: 0
DEBUG [org.apache.http.headers] << Content-Type: application/xml
DEBUG [org.apache.http.headers] << Date: Tue, 20 Mar 2012 14:51:56 GMT
DEBUG [org.apache.http.headers] << Location: https://partner.com/users/42/info?apiuserid=TNDK
DEBUG [org.apache.http.headers] << Server: Jetty(8.0.0.M2)
DEBUG [org.apache.http.headers] << Via: 1.1 varnish
DEBUG [org.apache.http.headers] << X-Varnish: 1790574415
DEBUG [org.apache.http.headers] << Content-Length: 0
DEBUG [org.apache.http.headers] << Connection: keep-alive
DEBUG [org.apache.http.client.protocol.ResponseAuthCache] Caching 'basic' auth scheme for https://partner.com
DEBUG [org.apache.http.impl.client.DefaultRedirectStrategy] Redirect requested to location 'https://partner.com/id/users/42/info?apiuserid=TNDK'
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Redirecting to 'https://partner.com/id/users/42/info?apiuserid=TNDK' via HttpRoute[{tls}->http://tmgproxy.telenor.dk:8080->https://partner.com]
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection closed
DEBUG [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAuthCache] Re-using cached 'ntlm' auth scheme for http://tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: CONNECT partner.com:443 HTTP/1.1
DEBUG [org.apache.http.headers] >> CONNECT partner.com:443 HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: partner.com
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
DEBUG [org.apache.http.headers] << Connection: close
DEBUG [org.apache.http.headers] << Proxy-Connection: close
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 2687  
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication failed
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection closed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] CONNECT refused by proxy: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Releasing connection org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@1f78040



-----Oprindelig meddelelse-----
Fra: Thomas Vestergaard [mailto:CGETHVE@telenor.dk] 
Sendt: 20. marts 2012 13:35
Til: httpclient-users@hc.apache.org
Emne: NTLM proxy authentication

Hello,

I am having a problem with getting HttpClient to send requests through a proxy demanding NTLM authentication, which I understand should be possible.

My code for trying to accomplish this:
Credentials credentials;
try {
           credentials = new NTCredentials(proxyUsername, proxyPassword, InetAddress.getLocalHost().getHostName(), proxyDomain);
} catch (Exception e) {
           throw new SessionException("Unable to create NTLM credentials for proxy authentication", e);
}
client.getCredentialsProvider().setCredentials(new AuthScope(proxyHostname, proxyPort), credentials);

HttpHost proxyHost = new HttpHost(proxyHostname, proxyPort);
client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxyHost);

AuthScheme proxyAuthScheme = new NTLMSchemeFactory().newInstance(client.getParams());
authCache.put(proxyHost, proxyAuthScheme);

But I am apparently missing something, since it does not work.

The authCache is later added to the context used in the execute call. Without this, I get an error about missing an ini-file - looks like an attempt to use Kerberos.
The full log of the interaction is pasted below. As can also be seen in the log, I am using HttpClient v. 4.1.3.

 Best regards,
Telenor

Thomas Vestergaard
Ekstern konsulent
Technology
Frederikskaj, DK-1780. København V
Tel: +45 52 18 92 18  // e-mail: cgethve@telenor.dk<ma...@telenor.dk>
Web: http://www.telenor.dk<http://www.telenor.dk/>

DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Get connection for route HttpRoute[{}->http://tmgproxy.telenor.dk:8080->http://hc.apache.org:80]
DEBUG [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.client.protocol.RequestAuthCache] Re-using cached 'ntlm' auth scheme for http://tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 1 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
DEBUG [org.apache.http.headers] << Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 3670
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 2 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM TlRMTVNTUAABAAAANQIIIAwADAA8AAAAHAAcACAAAABYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQAUwBPAE4ARgBPAE4A
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAFgAWADgAAAA1Aoki1+rF8hsocI8AAAAAAAAAALQAtABOAAAABgGxHQAAAA9TAE8ATgBPAEYATwBOAC4ARABPAE0AAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAA
DEBUG [org.apache.http.headers] << Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 0
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 3 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAADgAOAAWAAAAAwADAA4AQAADgAOAEQBAAAcABwAUgEAAAAAAABuAQAANQIIILz16v88ObGIAyJRwplRA1RHf5V7zloNVnfwJnYZbsCj/uvqTyxBJbgBAQAAAAAAADDtlQ+VBs0BR3+Ve85aDVYAAAAAAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAAUwBPAE4ARgBPAE4AYwBnAGUAdABoAHYAZQBYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQA
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
DEBUG [org.apache.http.headers] << Connection: close
DEBUG [org.apache.http.headers] << Proxy-Connection: close
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 3670
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication failed
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Releasing connection org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@a9ae05
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Released connection open but not reusable.
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection shut down


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org