You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Karl Wright (JIRA)" <ji...@apache.org> on 2017/11/16 22:52:01 UTC
[jira] [Comment Edited] (HTTPCLIENT-1881) NTLM authentication
against ntlm.herokuapp.com
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16256091#comment-16256091 ]
Karl Wright edited comment on HTTPCLIENT-1881 at 11/16/17 10:51 PM:
--------------------------------------------------------------------
The exception is being thrown while unpacking one of the NTLM response messages from the server. Here's the code:
{code}
private static int readULong(final byte[] src, final int index) throws NTLMEngineException {
if (src.length < index + 4) {
throw new NTLMEngineException("NTLM authentication - buffer too small for DWORD");
}
return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8)
| ((src[index + 2] & 0xff) << 16) | ((src[index + 3] & 0xff) << 24);
}
private static int readUShort(final byte[] src, final int index) throws NTLMEngineException {
if (src.length < index + 2) {
throw new NTLMEngineException("NTLM authentication - buffer too small for WORD");
}
return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8);
}
private static byte[] readSecurityBuffer(final byte[] src, final int index) throws NTLMEngineException {
final int length = readUShort(src, index);
final int offset = readULong(src, index + 4);
if (src.length < offset + length) {
throw new NTLMEngineException(
"NTLM authentication - buffer too small for data item");
}
final byte[] buffer = new byte[length];
System.arraycopy(src, offset, buffer, 0, length);
return buffer;
}
{code}
Basically, there's a required message field in the server response for which there's no data in the buffer from the server.
It's possible that Microsoft clients silently eat this error and just treat such fields as having a "0" value. That's something that's pretty easy to explore by modifying the above code in NTLMEngineImpl.java to look something like this:
{code}
private static int readULong(final byte[] src, final int index) throws NTLMEngineException {
if (src.length < index + 4) {
return 0;
}
return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8)
| ((src[index + 2] & 0xff) << 16) | ((src[index + 3] & 0xff) << 24);
}
private static int readUShort(final byte[] src, final int index) throws NTLMEngineException {
if (src.length < index + 2) {
return 0;
}
return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8);
}
private static byte[] readSecurityBuffer(final byte[] src, final int index) throws NTLMEngineException {
final int length = readUShort(src, index);
final int offset = readULong(src, index + 4);
if (src.length < offset + length) {
throw new NTLMEngineException(
"NTLM authentication - buffer too small for data item");
}
final byte[] buffer = new byte[length];
System.arraycopy(src, offset, buffer, 0, length);
return buffer;
}
{code}
If you would be so kind as to check out the appropriate sources and make this change to see whether it works, that would be very helpful, and I'd be glad to commit it if it works. If you don't have time, I may be able to get to it myself this weekend but not before.
Thanks!
was (Author: kwright@metacarta.com):
The exception is being thrown while unpacking one of the NTLM response messages from the server. Here's the code:
{code}
private static int readULong(final byte[] src, final int index) throws NTLMEngineException {
if (src.length < index + 4) {
throw new NTLMEngineException("NTLM authentication - buffer too small for DWORD");
}
return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8)
| ((src[index + 2] & 0xff) << 16) | ((src[index + 3] & 0xff) << 24);
}
private static int readUShort(final byte[] src, final int index) throws NTLMEngineException {
if (src.length < index + 2) {
throw new NTLMEngineException("NTLM authentication - buffer too small for WORD");
}
return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8);
}
private static byte[] readSecurityBuffer(final byte[] src, final int index) throws NTLMEngineException {
final int length = readUShort(src, index);
final int offset = readULong(src, index + 4);
if (src.length < offset + length) {
throw new NTLMEngineException(
"NTLM authentication - buffer too small for data item");
}
final byte[] buffer = new byte[length];
System.arraycopy(src, offset, buffer, 0, length);
return buffer;
}
{code}
Basically, there's a required message field in the server response for which there's no data in the buffer from the client.
It's possible that Microsoft clients silently eat this error and just treat such fields as having a "0" value. That's something that's pretty easy to explore by modifying the above code in NTLMEngineImpl.java to look something like this:
{code}
private static int readULong(final byte[] src, final int index) throws NTLMEngineException {
if (src.length < index + 4) {
return 0;
}
return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8)
| ((src[index + 2] & 0xff) << 16) | ((src[index + 3] & 0xff) << 24);
}
private static int readUShort(final byte[] src, final int index) throws NTLMEngineException {
if (src.length < index + 2) {
return 0;
}
return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8);
}
private static byte[] readSecurityBuffer(final byte[] src, final int index) throws NTLMEngineException {
final int length = readUShort(src, index);
final int offset = readULong(src, index + 4);
if (src.length < offset + length) {
throw new NTLMEngineException(
"NTLM authentication - buffer too small for data item");
}
final byte[] buffer = new byte[length];
System.arraycopy(src, offset, buffer, 0, length);
return buffer;
}
{code}
If you would be so kind as to check out the appropriate sources and make this change to see whether it works, that would be very helpful, and I'd be glad to commit it if it works. If you don't have time, I may be able to get to it myself this weekend but not before.
Thanks!
> NTLM authentication against ntlm.herokuapp.com
> ----------------------------------------------
>
> Key: HTTPCLIENT-1881
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1881
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.3
> Reporter: Marcel Stör
> Assignee: Karl Wright
> Labels: authentication, ntlm
> Attachments: msr-ntlm-prototype.zip
>
>
> I'm prototyping NTLM authentication with your 4.5 HTTP client and Spring RestTemplate. This currently fails with a {{org.apache.http.impl.auth.NTLMEngineException}} "NTLM authentication error: NTLM authentication - buffer too small for data item".
> The code, wire log (below) and a simple standalone test application (attached) are included.
> h2. Code
> {code:java}
> RestTemplate restTemplate = new RestTemplate();
> restTemplate.setRequestFactory(buildHttpComponentsClientHttpRequestFactory(args));
> private static HttpComponentsClientHttpRequestFactory
> buildHttpComponentsClientHttpRequestFactory(String[] args) {
> PoolingHttpClientConnectionManager cm = new
> PoolingHttpClientConnectionManager();
> cm.setMaxTotal(128);
> cm.setDefaultMaxPerRoute(24);
> RequestConfig.Builder requestBuilder =
> RequestConfig.custom().setConnectTimeout(5000).setSocketTimeout(10000);
> Registry<AuthSchemeProvider> authSchemeRegistry =
> RegistryBuilder.<AuthSchemeProvider>create()
> .register(AuthSchemes.NTLM, new NTLMSchemeFactory())
> .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory()).build();
> CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
> credentialsProvider.setCredentials(AuthScope.ANY, new
> NTCredentials(args[1], args[2], null, args[3]));
> HttpClientBuilder builder = HttpClientBuilder.create()
> .setConnectionManager(cm)
> .setDefaultRequestConfig(requestBuilder.build())
> .setDefaultAuthSchemeRegistry(authSchemeRegistry)
> .setDefaultCredentialsProvider(credentialsProvider);
> return new HttpComponentsClientHttpRequestFactory(builder.build());
> }
> {code}
> h2. Wire log
> {noformat}
> 23:21:22,983 | RestTemplate | Created GET request for "https://ntlm.herokuapp.com"
> 23:21:22,987 | RestTemplate | Setting request Accept header to [text/plain, */*]
> 23:21:22,997 | RequestAddCookies | CookieSpec selected: default
> 23:21:23,006 | RequestAuthCache | Auth cache not set in the context
> 23:21:23,007 | PoolingHttpClientConnectionManager | Connection request: [route: {s}->https://ntlm.herokuapp.com:443][total kept alive: 0; route allocated: 0 of 24; total allocated: 0 of 128]
> 23:21:23,029 | PoolingHttpClientConnectionManager | Connection leased: [id: 0][route: {s}->https://ntlm.herokuapp.com:443][total kept alive: 0; route allocated: 1 of 24; total allocated: 1 of 128]
> 23:21:23,031 | MainClientExec | Opening connection {s}->https://ntlm.herokuapp.com:443
> 23:21:23,299 | DefaultHttpClientConnectionOperator | Connecting to ntlm.herokuapp.com/54.235.146.123:443
> 23:21:23,299 | SSLConnectionSocketFactory | Connecting socket to ntlm.herokuapp.com/54.235.146.123:443 with timeout 5000
> 23:21:23,581 | SSLConnectionSocketFactory | Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
> 23:21:23,582 | SSLConnectionSocketFactory | Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> 23:21:23,582 | SSLConnectionSocketFactory | Starting handshake
> 23:21:23,989 | SSLConnectionSocketFactory | Secure session established
> 23:21:23,989 | SSLConnectionSocketFactory | negotiated protocol: TLSv1.2
> 23:21:23,989 | SSLConnectionSocketFactory | negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> 23:21:23,990 | SSLConnectionSocketFactory | peer principal: CN=*.herokuapp.com, O="Heroku, Inc.", L=San Francisco, ST=California, C=US
> 23:21:23,990 | SSLConnectionSocketFactory | peer alternative names: [*.herokuapp.com, herokuapp.com]
> 23:21:23,990 | SSLConnectionSocketFactory | issuer principal: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
> 23:21:23,994 | DefaultHttpClientConnectionOperator | Connection established 172.19.1.229:63526<->54.235.146.123:443
> 23:21:23,994 | DefaultManagedHttpClientConnection | http-outgoing-0: set socket timeout to 10000
> 23:21:23,994 | MainClientExec | Executing request GET / HTTP/1.1
> 23:21:23,995 | MainClientExec | Target auth state: UNCHALLENGED
> 23:21:23,995 | MainClientExec | Proxy auth state: UNCHALLENGED
> 23:21:23,996 | headers | http-outgoing-0 >> GET / HTTP/1.1
> 23:21:23,996 | headers | http-outgoing-0 >> Accept: text/plain, */*
> 23:21:23,996 | headers | http-outgoing-0 >> Host: ntlm.herokuapp.com
> 23:21:23,996 | headers | http-outgoing-0 >> Connection: Keep-Alive
> 23:21:23,996 | headers | http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_66)
> 23:21:23,996 | headers | http-outgoing-0 >> Accept-Encoding: gzip,deflate
> 23:21:23,996 | wire | http-outgoing-0 >> "GET / HTTP/1.1[\r][\n]"
> 23:21:23,996 | wire | http-outgoing-0 >> "Accept: text/plain, */*[\r][\n]"
> 23:21:23,997 | wire | http-outgoing-0 >> "Host: ntlm.herokuapp.com[\r][\n]"
> 23:21:23,997 | wire | http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
> 23:21:23,997 | wire | http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_66)[\r][\n]"
> 23:21:23,997 | wire | http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
> 23:21:23,997 | wire | http-outgoing-0 >> "[\r][\n]"
> 23:21:24,174 | wire | http-outgoing-0 << "HTTP/1.1 401 Unauthorized [\r][\n]"
> 23:21:24,174 | wire | http-outgoing-0 << "Connection: keep-alive[\r][\n]"
> 23:21:24,174 | wire | http-outgoing-0 << "Www-Authenticate: NTLM[\r][\n]"
> 23:21:24,174 | wire | http-outgoing-0 << "Server: WEBrick/1.3.1 (Ruby/2.0.0/2014-09-19)[\r][\n]"
> 23:21:24,174 | wire | http-outgoing-0 << "Date: Thu, 16 Nov 2017 22:20:57 GMT[\r][\n]"
> 23:21:24,174 | wire | http-outgoing-0 << "Content-Length: 0[\r][\n]"
> 23:21:24,174 | wire | http-outgoing-0 << "Via: 1.1 vegur[\r][\n]"
> 23:21:24,174 | wire | http-outgoing-0 << "[\r][\n]"
> 23:21:24,177 | headers | http-outgoing-0 << HTTP/1.1 401 Unauthorized
> 23:21:24,177 | headers | http-outgoing-0 << Connection: keep-alive
> 23:21:24,178 | headers | http-outgoing-0 << Www-Authenticate: NTLM
> 23:21:24,178 | headers | http-outgoing-0 << Server: WEBrick/1.3.1 (Ruby/2.0.0/2014-09-19)
> 23:21:24,178 | headers | http-outgoing-0 << Date: Thu, 16 Nov 2017 22:20:57 GMT
> 23:21:24,178 | headers | http-outgoing-0 << Content-Length: 0
> 23:21:24,178 | headers | http-outgoing-0 << Via: 1.1 vegur
> 23:21:24,181 | MainClientExec | Connection can be kept alive indefinitely
> 23:21:24,181 | HttpAuthenticator | Authentication required
> 23:21:24,183 | HttpAuthenticator | ntlm.herokuapp.com:443 requested authentication
> 23:21:24,184 | TargetAuthenticationStrategy | Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, Digest, Basic]
> 23:21:24,184 | TargetAuthenticationStrategy | Challenge for Negotiate authentication scheme not available
> 23:21:24,184 | TargetAuthenticationStrategy | Challenge for Kerberos authentication scheme not available
> 23:21:24,191 | TargetAuthenticationStrategy | Challenge for Digest authentication scheme not available
> 23:21:24,191 | TargetAuthenticationStrategy | Challenge for Basic authentication scheme not available
> 23:21:24,191 | HttpAuthenticator | Selected authentication options: [NTLM]
> 23:21:24,192 | DefaultManagedHttpClientConnection | http-outgoing-0: set socket timeout to 10000
> 23:21:24,192 | MainClientExec | Executing request GET / HTTP/1.1
> 23:21:24,192 | MainClientExec | Target auth state: CHALLENGED
> 23:21:24,192 | HttpAuthenticator | Generating response to an authentication challenge using ntlm scheme
> 23:21:24,192 | MainClientExec | Proxy auth state: UNCHALLENGED
> 23:21:24,192 | headers | http-outgoing-0 >> GET / HTTP/1.1
> 23:21:24,192 | headers | http-outgoing-0 >> Accept: text/plain, */*
> 23:21:24,192 | headers | http-outgoing-0 >> Host: ntlm.herokuapp.com
> 23:21:24,192 | headers | http-outgoing-0 >> Connection: Keep-Alive
> 23:21:24,192 | headers | http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_66)
> 23:21:24,192 | headers | http-outgoing-0 >> Accept-Encoding: gzip,deflate
> 23:21:24,192 | headers | http-outgoing-0 >> Authorization: NTLM TlRMTVNTUAABAAAAAYIIogAAAAAoAAAAAAAAACgAAAAFASgKAAAADw==
> 23:21:24,193 | wire | http-outgoing-0 >> "GET / HTTP/1.1[\r][\n]"
> 23:21:24,193 | wire | http-outgoing-0 >> "Accept: text/plain, */*[\r][\n]"
> 23:21:24,193 | wire | http-outgoing-0 >> "Host: ntlm.herokuapp.com[\r][\n]"
> 23:21:24,193 | wire | http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
> 23:21:24,193 | wire | http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_66)[\r][\n]"
> 23:21:24,193 | wire | http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
> 23:21:24,193 | wire | http-outgoing-0 >> "Authorization: NTLM TlRMTVNTUAABAAAAAYIIogAAAAAoAAAAAAAAACgAAAAFASgKAAAADw==[\r][\n]"
> 23:21:24,193 | wire | http-outgoing-0 >> "[\r][\n]"
> 23:21:24,367 | wire | http-outgoing-0 << "HTTP/1.1 401 Unauthorized [\r][\n]"
> 23:21:24,367 | wire | http-outgoing-0 << "Connection: keep-alive[\r][\n]"
> 23:21:24,368 | wire | http-outgoing-0 << "Www-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABAAAAAAAAAAAAAAA=[\r][\n]"
> 23:21:24,368 | wire | http-outgoing-0 << "Server: WEBrick/1.3.1 (Ruby/2.0.0/2014-09-19)[\r][\n]"
> 23:21:24,368 | wire | http-outgoing-0 << "Date: Thu, 16 Nov 2017 22:20:58 GMT[\r][\n]"
> 23:21:24,368 | wire | http-outgoing-0 << "Content-Length: 0[\r][\n]"
> 23:21:24,368 | wire | http-outgoing-0 << "Via: 1.1 vegur[\r][\n]"
> 23:21:24,368 | wire | http-outgoing-0 << "[\r][\n]"
> 23:21:24,368 | headers | http-outgoing-0 << HTTP/1.1 401 Unauthorized
> 23:21:24,368 | headers | http-outgoing-0 << Connection: keep-alive
> 23:21:24,368 | headers | http-outgoing-0 << Www-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABAAAAAAAAAAAAAAA=
> 23:21:24,368 | headers | http-outgoing-0 << Server: WEBrick/1.3.1 (Ruby/2.0.0/2014-09-19)
> 23:21:24,368 | headers | http-outgoing-0 << Date: Thu, 16 Nov 2017 22:20:58 GMT
> 23:21:24,368 | headers | http-outgoing-0 << Content-Length: 0
> 23:21:24,369 | headers | http-outgoing-0 << Via: 1.1 vegur
> 23:21:24,369 | MainClientExec | Connection can be kept alive indefinitely
> 23:21:24,369 | HttpAuthenticator | Authentication required
> 23:21:24,369 | HttpAuthenticator | ntlm.herokuapp.com:443 requested authentication
> 23:21:24,369 | HttpAuthenticator | Authorization challenge processed
> 23:21:24,369 | DefaultManagedHttpClientConnection | http-outgoing-0: set socket timeout to 10000
> 23:21:24,369 | MainClientExec | Executing request GET / HTTP/1.1
> 23:21:24,369 | MainClientExec | Target auth state: HANDSHAKE
> 23:21:24,370 | HttpAuthenticator | NTLM authentication error: NTLM authentication - buffer too small for data item
> 23:21:24,370 | MainClientExec | Proxy auth state: UNCHALLENGED
> 23:21:24,371 | headers | http-outgoing-0 >> GET / HTTP/1.1
> 23:21:24,371 | headers | http-outgoing-0 >> Accept: text/plain, */*
> 23:21:24,371 | headers | http-outgoing-0 >> Host: ntlm.herokuapp.com
> 23:21:24,371 | headers | http-outgoing-0 >> Connection: Keep-Alive
> 23:21:24,371 | headers | http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_66)
> 23:21:24,371 | headers | http-outgoing-0 >> Accept-Encoding: gzip,deflate
> 23:21:24,371 | wire | http-outgoing-0 >> "GET / HTTP/1.1[\r][\n]"
> 23:21:24,371 | wire | http-outgoing-0 >> "Accept: text/plain, */*[\r][\n]"
> 23:21:24,371 | wire | http-outgoing-0 >> "Host: ntlm.herokuapp.com[\r][\n]"
> 23:21:24,371 | wire | http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
> 23:21:24,371 | wire | http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_66)[\r][\n]"
> 23:21:24,371 | wire | http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
> 23:21:24,371 | wire | http-outgoing-0 >> "[\r][\n]"
> 23:21:24,562 | wire | http-outgoing-0 << "HTTP/1.1 401 Unauthorized [\r][\n]"
> 23:21:24,562 | wire | http-outgoing-0 << "Connection: keep-alive[\r][\n]"
> 23:21:24,562 | wire | http-outgoing-0 << "Www-Authenticate: NTLM[\r][\n]"
> 23:21:24,562 | wire | http-outgoing-0 << "Server: WEBrick/1.3.1 (Ruby/2.0.0/2014-09-19)[\r][\n]"
> 23:21:24,562 | wire | http-outgoing-0 << "Date: Thu, 16 Nov 2017 22:20:58 GMT[\r][\n]"
> 23:21:24,562 | wire | http-outgoing-0 << "Content-Length: 0[\r][\n]"
> 23:21:24,562 | wire | http-outgoing-0 << "Via: 1.1 vegur[\r][\n]"
> 23:21:24,562 | wire | http-outgoing-0 << "[\r][\n]"
> 23:21:24,562 | headers | http-outgoing-0 << HTTP/1.1 401 Unauthorized
> 23:21:24,562 | headers | http-outgoing-0 << Connection: keep-alive
> 23:21:24,563 | headers | http-outgoing-0 << Www-Authenticate: NTLM
> 23:21:24,563 | headers | http-outgoing-0 << Server: WEBrick/1.3.1 (Ruby/2.0.0/2014-09-19)
> 23:21:24,563 | headers | http-outgoing-0 << Date: Thu, 16 Nov 2017 22:20:58 GMT
> 23:21:24,563 | headers | http-outgoing-0 << Content-Length: 0
> 23:21:24,563 | headers | http-outgoing-0 << Via: 1.1 vegur
> 23:21:24,563 | MainClientExec | Connection can be kept alive indefinitely
> 23:21:24,563 | HttpAuthenticator | Authentication required
> 23:21:24,563 | HttpAuthenticator | ntlm.herokuapp.com:443 requested authentication
> 23:21:24,563 | HttpAuthenticator | Authorization challenge processed
> 23:21:24,563 | HttpAuthenticator | Authentication failed
> 23:21:24,563 | PoolingHttpClientConnectionManager | Connection [id: 0][route: {s}->https://ntlm.herokuapp.com:443] can be kept alive indefinitely
> 23:21:24,563 | PoolingHttpClientConnectionManager | Connection released: [id: 0][route: {s}->https://ntlm.herokuapp.com:443][total kept alive: 1; route allocated: 1 of 24; total allocated: 1 of 128]
> 23:21:24,568 | RestTemplate | GET request for "https://ntlm.herokuapp.com" resulted in 401 (Unauthorized); invoking error handler
> 23:21:24,571 | NtlmPrototype | Request failed
> org.springframework.web.client.HttpClientErrorException: 401 Unauthorized
> at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:63) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
> at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
> at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
> at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:613) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
> at org.springframework.web.client.RestTemplate.getForEntity(RestTemplate.java:312) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
> at NtlmPrototype.issueGetRequest(NtlmPrototype.java:50) [classes/:?]
> at NtlmPrototype.main(NtlmPrototype.java:32) [classes/:?]
> {noformat}
> h3. Test application
> - use attached ZIP or download from https://frightanic.com/misc/msr-ntlm-prototype.zip (26.7KB)
> - unzip
> - $ mvn package
> - $ java -jar target/ntlm-prototype-1.0-SNAPSHOT.jar https://ntlm.herokuapp.com user pass domain
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org