You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Steve Vaughan <sn...@yahoo.com> on 2003/12/31 17:13:40 UTC
Re: authentication ...
We ran into the same problem (and used the same temporary workaround). It
seems to me that HttpAuthenticator.selectAuthScheme should take into account
the credentials that are available, skipping authentications schemes without
credentials. In your case, since you only provided
UsernamePasswordCredentials, NTLM couldn't possibly work so it shouldn't have
been selected by the code.
-Steve
On Wednesday 31 December 2003 10:42 am, Blanc, Isabelle wrote:
> Hi everybody :)
>
> and first of all, I wish you all an happy new year :))
>
> and now is my question/remark (i don't know if it's better to post it here,
> or in the user mailing list, or as a comment in bugzilla, but I don't want
> to cross post, so for now I post it only here - let me know if I should
> cross post or add a comment in bugzilla) :
>
> - the proxy I had to go though was using NTLM, and I checkouted the
> HTTPCLIENT_2_0_BRANCH tag sources from cvs. - then the sysadmin decided to
> open a door for me in the proxy that would use only basic authentication.
> So i though that replacing the NTCredentials with
> UsernamePasswordCredentials would be enough - and it wasn't. The code was
> still returning a 407 - which is weird with basic auth. - I finally found
> out where the "error" was (and now it works fine - only for me tho), but I
> can't decide if it's because of the proxy (that returns a "wrong" answer)
> or because of commons/httpclient code : * the proxy returns these
> challenges, in this order : ntlm - basic - kerberos - negotiate * in
> HttpAuthenticator.selectAuthScheme, after having built the challengemap,
> you go like : ...
> challenge = (String) challengemap.get("ntlm");
> if (challenge != null) {
> return new NTLMScheme(challenge);
> }
> challenge = (String) challengemap.get("digest");
> if (challenge != null) {
> return new DigestScheme(challenge);
> }
> challenge = (String) challengemap.get("basic");
> if (challenge != null) {
> return new BasicScheme(challenge);
> }
> ...
>
> I only commented out the 4 lines about NTLM (i know it's quick & dirty but
> .. i had to make it work before 2004 ;] !) Anyway, does it mean that the
> proxy should NOT return any ntlm challenge if it expects a basic auth, even
> if it's for one single realm (all other realms (domains for ntlm) use NTLM
> auth) ? Or does it mean there's something here in the code that needs to be
> twisted (like, the only challenge that actually has a "value" is the basic
> one : if i print the challenge map i get ntlm--NTLM
> basic--Basic realm="hidden-sorry"
> kerberos--Kerberos
> negotiate--Negotiate
> ) ??
>
> that was my 2 cents ....
> hope you'll all have a nice nice new year's eve tonight :o) !
>
> Isa
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> commons-httpclient-dev-unsubscribe@jakarta.apache.org For additional
> commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org