You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Peter Dunphy (JIRA)" <ji...@apache.org> on 2012/04/26 20:30:25 UTC
[jira] [Commented] (AXIS2-4595) No Credentials provider found when
authenticating with NTLM
[ https://issues.apache.org/jira/browse/AXIS2-4595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13262833#comment-13262833 ]
Peter Dunphy commented on AXIS2-4595:
-------------------------------------
I think there is some confusion in the authenticator credential look-up stuff for AXIS2 where the "host" is confused with the "workstation" when it comes to retrieving the credentials.
When sending out the TYPE 1 and type 3 NTLM messages in AXIS2, If you do a wireshark trace and reverse engineer the NTLM data sent it uses the "authenticator.setHost(this.host)" as the WORKSTATION field in the NTLM protocol as you might expect.
However who ever wrote the piece that retrieves the credentials prior to sending out and generates the error message "No credentials available for NTLM <any realm>@host:port" has mistaken the "authenticator.setHost(this.host)" as the remote host (not the client workstation). If there is is no entry made for the remote host via "authenticator.setHost(this.host)" then you get this error. Really there should be two methods "authenticator.setWorkstation()" and "authenticator.setRemoteHost()".
In the end this means the NTLM stuff is essentially broken.
> No Credentials provider found when authenticating with NTLM
> -----------------------------------------------------------
>
> Key: AXIS2-4595
> URL: https://issues.apache.org/jira/browse/AXIS2-4595
> Project: Axis2
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.5.1
> Environment: windows, NTLM authentication against Exchange WS 2007
> Reporter: Dominique Jean-Prost
>
> I'm meeting a problem I really can't resolve and after reading many lines of code in axis2, here where I am :
> - I'm trying to call a ms exchange 2007 WS
> - I setup I think my authentication code using this kind of code :
> final Options options = this.serviceExchange._getServiceClient().getOptions();
> final Authenticator authenticator = new Authenticator();
>
> // Cf. http://ws.apache.org/axis2/1_5_1/http-transport.html#preemptive_auth
> final List<String> authScheme = new ArrayList<String>();
> authScheme.add(Authenticator.NTLM);
> authScheme.add(Authenticator.BASIC);
>
> authenticator.setAuthSchemes(authScheme);
> authenticator.setUsername(this.username);
> authenticator.setPassword(this.password);
> authenticator.setHost(this.host);
> authenticator.setDomain(this.domain);
> authenticator.setPort(this.port);
>
> options.setTimeOutInMilliSeconds(this.timeout);
> options.setProperty(HTTPConstants.CHUNKED, "false");
> options.setProperty(HTTPConstants.REUSE_HTTP_CLIENT, "true");
> options.setProperty(HTTPConstants.AUTHENTICATE, authenticator);
>
> this.serviceExchange._getServiceClient().setOptions(options);
> I then get the following execution logs where you can see that there is no credential providers found.
> So I searched the net, and found this http://markmail.org/search/list:org%2Eapache%2Ews%2Eaxis-dev+CredentialsProvider where you can see that the credential providers was first added and the deleted in org/apache/axis2/transport/http/AbstractHTTPSender.java
> Execution log:
> HttpMethodDirector.java:843) - Authorization required
> 2009-12-21 12:01:11,447 DEBUG org.apache.commons.httpclient.HttpMethodDirector ( HttpMethodDirector.java:662) - enter HttpMethodBase.processAuthenticationResponse(HttpState, HttpConnection)
> 2009-12-21 12:01:11,447 DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor ( AuthChallengeProcessor.java:90) - Supported authentication schemes in the order of preference: [NTLM, Basic]
> 2009-12-21 12:01:11,447 INFO org.apache.commons.httpclient.auth.AuthChallengeProcessor ( AuthChallengeProcessor.java:101) - NTLM authentication scheme selected
> 2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor ( AuthChallengeProcessor.java:155) - Using authentication scheme: ntlm
> 2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor ( AuthChallengeProcessor.java:163) - Authorization challenge processed
> 2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.HttpMethodDirector ( HttpMethodDirector.java:714) - Authentication scope: NTLM <any realm>@mercure:443
> 2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.HttpState ( HttpState.java:436) - enter HttpState.getCredentials(AuthScope)
> 2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.HttpMethodDirector ( HttpMethodDirector.java:861) - Credentials required
> 2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.HttpMethodDirector ( HttpMethodDirector.java:879) - Credentials provider not available
> 2009-12-21 12:01:11,463 INFO org.apache.commons.httpclient.HttpMethodDirector ( HttpMethodDirector.java:737) - No credentials available for NTLM <any realm>@mercure:443
> 2009-12-21 12:01:11,463 DEBUG org.apache.axis2.transport.http.HTTPSender ( HTTPSender.java:278) - Handling response - 401
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org