You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Srivatsan <sa...@gmail.com> on 2011/11/10 15:40:59 UTC
Re: Issues accessing NTLM server using HTTPClient 4.1
Have a similar issue. With the code below - authentication is unsuccessful
when using the credentials of a local user. By local user, the domain name /
realm is the host itself. However, authentication is successful with the
same credentials when accessed from browser.
DefaultHttpClient httpclient = new DefaultHttpClient();
List<String> authpref = new ArrayList<String>();
authpref.add(AuthPolicy.NTLM);
httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,
authpref);
NTCredentials creds = new NTCredentials("uid", "pwd", "ip", "domain");
httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);
HttpHost target = new HttpHost(<IP>, 80, "http");
// Make sure the same context is used to execute logically related
requests
HttpContext localContext = new BasicHttpContext();
// Execute a cheap method first. This will trigger NTLM authentication
HttpGet httpget = new HttpGet(<URL>);
HttpResponse response;
try {
response = httpclient.execute(target, httpget, localContext);
System.out.println("Status Code:" +
response1.getStatusLine().getStatusCode());
BufferedReader isr = new BufferedReader (new
InputStreamReader(response.getEntity().getContent()));
while (isr.readLine() != null) {
System.out.println("Content is: ********" + isr.readLine());
}
HttpEntity entity = response1.getEntity();
EntityUtils.consume(entity);
} catch (ClientProtocolException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Added the HTTP wire log.
http://old.nabble.com/file/p32819071/localuser-nabble.txt
localuser-nabble.txt
Any pointers, please?
Thanks,
Srivatsan
olegk wrote:
>
> On Sun, 2011-04-17 at 20:03 +0530, Dilshan Edirisuriya wrote:
>> Hi ,
>>
>> I have a web page that need to access with NTLM authentication on my
>> local
>> machine and i can see the expected behavior with Web browsers. But when I
>> try to access same page using HTTPClient 4.1 I'm getting following
>> exception.
>>
>>
>> Apr 17, 2011 7:18:23 PM
>> org.apache.http.client.protocol.RequestTargetAuthentication process
>> SEVERE: Authentication error: Invalid name provided (Mechanism level:
>> Could
>> not load configuration file C:\Windows\krb5.ini (The system cannot find
>> the
>> file specified))
>> Status :: HTTP/1.1 401 Unauthorized
>>
>>
>
> Dilshan
>
> HttpClient chooses SPNEGO/kerberos auth scheme over NTLM per default in
> case the server supports both, as SPNEGO/kerberos is considered somewhat
> more secure than NTLM.
>
> You can alter the order of preferred auth schemes by using
> 'http.auth.target-scheme-pref' or 'http.auth.proxy-scheme-pref'
> parameters:
>
> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#d4e869
>
> Just a general remark: when troubleshooting problems with HttpClient a
> wire / context log of the HTTP session exhibiting the problem helps a
> great deal.
>
> Oleg
>
>
>> This is my sample code and it exactly same as example given in here
>> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#ntlm
>>
>> DefaultHttpClient httpclient = new DefaultHttpClient();
>>
>> NTCredentials creds = new NTCredentials("user", "pwd", "machin-name",
>> "machin-name");
>> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY,
>> creds);
>>
>> Host target = new HttpHost("localhost", 9090, "http");
>> HttpContext localContext = new BasicHttpContext();
>>
>> // Execute a cheap method first. This will trigger NTLM authentication
>> HttpGet httpget = new HttpGet("/hello1");
>> HttpResponse response = httpclient.execute(target, httpget,
>> localContext);
>> HttpEntity entity = response.getEntity();
>> System.out.println(" Status :: "+ response.getStatusLine());
>>
>>
>> Further analyzing i found there is no 'Authorization:" header in
>> outgoing
>> messages where this header is available with browser access. Please note
>> that I used same name/password/Domain for browser access too.
>>
>> Appreciate for any help to resolve this ?
>>
>> Thank you ,
>>
>> Dilshan
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
>
--
View this message in context: http://old.nabble.com/Issues-accessing-NTLM-server-using-HTTPClient-4.1-tp31417743p32819071.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Issues accessing NTLM server using HTTPClient 4.1
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2011-11-16 at 13:35 -0500, Milind Kadam wrote:
>
> Hi Srivatsan,
>
> Don't whether this is helpful or not. The Web server has been setup on
> Windows 2003 SP 2.
>
> I was reading at http://oaklandsoftware.com/papers/ntlm.html and came
> across following quote; is this true?
>
> "As mentioned in the above KB article, the default configuration for
> Windows Server 2003 is to require the use of NTLM V2 only.
> If you are getting a HTTP 500 Response code, accompanied by the
> message: "-2146893054 (0x80090302)" (which may manifest in a browser
> as "The function requested is not supported" if 'friendly errors' is
> turned on at the browser). this means that IIS is expecting an NTLM V2
> authentication and not getting it. Normally when NTLM authentication
> fails, you will get a 401 response, however this case appears to be
> handled differently by IIS. If you are getting this response with a
> Java HTTP implementation, make sure the implementation correctly
> supports NTLM V2."
>
> Also I have attached my code; you need to modify for your URL, host
> and domain.
>
> Any help from you is appreciated as I am stuck on this problem for
> almost two weeks now.
>
> Thanks a lot.
> Milind
>
>
Try using JCIFS as an NTLN engine instead of the one shipped with
HttpClient as described here:
http://hc.apache.org/httpcomponents-client-ga/ntlm.html
Oleg
>
> On Wed, Nov 16, 2011 at 11:01 AM, Srivatsan
> <sa...@gmail.com> wrote:
>
> Milind - I am yet to try the option suggested by Oleg.
> However, got it
> working with the code given in the link -
> http://www.muneebahmad.com/index.php/archives/127
>
> Regards,
> Srivatsan
>
>
> mkjee wrote:
> >
> >
> > Hi Srivatsan,
> >
> > I have a similar issue where URL works fine via browser but
> fails from
> > JAVA client when web server is IIS with NTLM authentication.
> Did you find
> > any solution for this problem?
> >
> > Thanks in advance,
> > Milind
> >
> >
> >
> >
> > Srivatsan wrote:
> >>
> >> Have a similar issue. With the code below - authentication
> is
> >> unsuccessful when using the credentials of a local user. By
> local user,
> >> the domain name / realm is the host itself. However,
> authentication is
> >> successful with the same credentials when accessed from
> browser.
> >>
> >> DefaultHttpClient httpclient = new
> DefaultHttpClient();
> >> List<String> authpref = new
> ArrayList<String>();
> >> authpref.add(AuthPolicy.NTLM);
> >>
> httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,
> >> authpref);
> >> NTCredentials creds = new NTCredentials("uid",
> "pwd", "ip", "domain");
> >>
> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY,
> >> creds);
> >> HttpHost target = new HttpHost(<IP>, 80,
> "http");
> >> // Make sure the same context is used to
> execute logically related
> >> requests
> >> HttpContext localContext = new
> BasicHttpContext();
> >> // Execute a cheap method first. This will
> trigger NTLM authentication
> >> HttpGet httpget = new HttpGet(<URL>);
> >> HttpResponse response;
> >> try {
> >> response = httpclient.execute(target,
> httpget, localContext);
> >> System.out.println("Status Code:" +
> >> response1.getStatusLine().getStatusCode());
> >> BufferedReader isr = new
> BufferedReader (new
> >> InputStreamReader(response.getEntity().getContent()));
> >> while (isr.readLine() != null) {
> >> System.out.println("Content
> is: ********" + isr.readLine());
> >> }
> >> HttpEntity entity =
> response1.getEntity();
> >> EntityUtils.consume(entity);
> >> } catch (ClientProtocolException e) {
> >> // TODO Auto-generated catch block
> >> e.printStackTrace();
> >> } catch (IOException e) {
> >> // TODO Auto-generated catch block
> >> e.printStackTrace();
> >> }
> >>
> >> Added the HTTP wire log.
> >> http://old.nabble.com/file/p32819071/localuser-nabble.txt
> >> localuser-nabble.txt
> >>
> >> Any pointers, please?
> >>
> >> Thanks,
> >> Srivatsan
> >>
> >>
> >> olegk wrote:
> >>>
> >>> On Sun, 2011-04-17 at 20:03 +0530, Dilshan Edirisuriya
> wrote:
> >>>> Hi ,
> >>>>
> >>>> I have a web page that need to access with NTLM
> authentication on my
> >>>> local
> >>>> machine and i can see the expected behavior with Web
> browsers. But when
> >>>> I
> >>>> try to access same page using HTTPClient 4.1 I'm getting
> following
> >>>> exception.
> >>>>
> >>>>
> >>>> Apr 17, 2011 7:18:23 PM
> >>>>
> org.apache.http.client.protocol.RequestTargetAuthentication
> process
> >>>> SEVERE: Authentication error: Invalid name provided
> (Mechanism level:
> >>>> Could
> >>>> not load configuration file C:\Windows\krb5.ini (The
> system cannot find
> >>>> the
> >>>> file specified))
> >>>> Status :: HTTP/1.1 401 Unauthorized
> >>>>
> >>>>
> >>>
> >>> Dilshan
> >>>
> >>> HttpClient chooses SPNEGO/kerberos auth scheme over NTLM
> per default in
> >>> case the server supports both, as SPNEGO/kerberos is
> considered somewhat
> >>> more secure than NTLM.
> >>>
> >>> You can alter the order of preferred auth schemes by using
> >>> 'http.auth.target-scheme-pref' or
> 'http.auth.proxy-scheme-pref'
> >>> parameters:
> >>>
> >>>
> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#d4e869
> >>>
> >>> Just a general remark: when troubleshooting problems with
> HttpClient a
> >>> wire / context log of the HTTP session exhibiting the
> problem helps a
> >>> great deal.
> >>>
> >>> Oleg
> >>>
> >>>
> >>>> This is my sample code and it exactly same as example
> given in here
> >>>>
> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#ntlm
> >>>>
> >>>> DefaultHttpClient httpclient = new DefaultHttpClient();
> >>>>
> >>>> NTCredentials creds = new NTCredentials("user", "pwd",
> "machin-name",
> >>>> "machin-name");
> >>>>
> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY,
> >>>> creds);
> >>>>
> >>>> Host target = new HttpHost("localhost", 9090, "http");
> >>>> HttpContext localContext = new BasicHttpContext();
> >>>>
> >>>> // Execute a cheap method first. This will trigger NTLM
> authentication
> >>>> HttpGet httpget = new HttpGet("/hello1");
> >>>> HttpResponse response = httpclient.execute(target,
> httpget,
> >>>> localContext);
> >>>> HttpEntity entity = response.getEntity();
> >>>> System.out.println(" Status :: "+
> response.getStatusLine());
> >>>>
> >>>>
> >>>> Further analyzing i found there is no 'Authorization:"
> header in
> >>>> outgoing
> >>>> messages where this header is available with browser
> access. Please
> >>>> note
> >>>> that I used same name/password/Domain for browser access
> too.
> >>>>
> >>>> Appreciate for any help to resolve this ?
> >>>>
> >>>> Thank you ,
> >>>>
> >>>> Dilshan
> >>>
> >>>
> >>>
> >>>
> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail:
> httpclient-users-unsubscribe@hc.apache.org
> >>> For additional commands, e-mail:
> httpclient-users-help@hc.apache.org
> >>>
> >>>
> >>>
> >>
> >>
> >
> >
>
> --
>
> View this message in context:
> http://old.nabble.com/Issues-accessing-NTLM-server-using-HTTPClient-4.1-tp31417743p32855631.html
> Sent from the HttpClient-User mailing list archive at
> Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail:
> httpclient-users-help@hc.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Issues accessing NTLM server using HTTPClient 4.1
Posted by Milind Kadam <ka...@gmail.com>.
Hi Srivatsan,
Don't whether this is helpful or not. The Web server has been setup on
Windows 2003 SP 2.
I was reading at http://oaklandsoftware.com/papers/ntlm.html and came
across following quote; is this true?
"As mentioned in the above KB article, the default configuration for
Windows Server 2003 is to require the use of NTLM V2 only.
If you are getting a HTTP 500 Response code, accompanied by the message: "-
2146893054 (0x80090302)" (which may manifest in a browser as "The function
requested is not supported" if 'friendly errors' is turned on at the
browser). this means that IIS is expecting an NTLM V2 authentication and
not getting it. Normally when NTLM authentication fails, you will get a 401
response, however this case appears to be handled differently by IIS. If
you are getting this response with a Java HTTP implementation, make sure
the implementation correctly supports NTLM V2."
Also I have attached my code; you need to modify for your URL, host and
domain.
Any help from you is appreciated as I am stuck on this problem for almost
two weeks now.
Thanks a lot.
Milind
On Wed, Nov 16, 2011 at 11:01 AM, Srivatsan <sa...@gmail.com>wrote:
>
> Milind - I am yet to try the option suggested by Oleg. However, got it
> working with the code given in the link -
> http://www.muneebahmad.com/index.php/archives/127
>
> Regards,
> Srivatsan
>
>
> mkjee wrote:
> >
> >
> > Hi Srivatsan,
> >
> > I have a similar issue where URL works fine via browser but fails from
> > JAVA client when web server is IIS with NTLM authentication. Did you find
> > any solution for this problem?
> >
> > Thanks in advance,
> > Milind
> >
> >
> >
> >
> > Srivatsan wrote:
> >>
> >> Have a similar issue. With the code below - authentication is
> >> unsuccessful when using the credentials of a local user. By local user,
> >> the domain name / realm is the host itself. However, authentication is
> >> successful with the same credentials when accessed from browser.
> >>
> >> DefaultHttpClient httpclient = new DefaultHttpClient();
> >> List<String> authpref = new ArrayList<String>();
> >> authpref.add(AuthPolicy.NTLM);
> >>
> httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,
> >> authpref);
> >> NTCredentials creds = new NTCredentials("uid", "pwd",
> "ip", "domain");
> >>
> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY,
> >> creds);
> >> HttpHost target = new HttpHost(<IP>, 80, "http");
> >> // Make sure the same context is used to execute logically
> related
> >> requests
> >> HttpContext localContext = new BasicHttpContext();
> >> // Execute a cheap method first. This will trigger NTLM
> authentication
> >> HttpGet httpget = new HttpGet(<URL>);
> >> HttpResponse response;
> >> try {
> >> response = httpclient.execute(target, httpget,
> localContext);
> >> System.out.println("Status Code:" +
> >> response1.getStatusLine().getStatusCode());
> >> BufferedReader isr = new BufferedReader (new
> >> InputStreamReader(response.getEntity().getContent()));
> >> while (isr.readLine() != null) {
> >> System.out.println("Content is: ********"
> + isr.readLine());
> >> }
> >> HttpEntity entity = response1.getEntity();
> >> EntityUtils.consume(entity);
> >> } catch (ClientProtocolException e) {
> >> // TODO Auto-generated catch block
> >> e.printStackTrace();
> >> } catch (IOException e) {
> >> // TODO Auto-generated catch block
> >> e.printStackTrace();
> >> }
> >>
> >> Added the HTTP wire log.
> >> http://old.nabble.com/file/p32819071/localuser-nabble.txt
> >> localuser-nabble.txt
> >>
> >> Any pointers, please?
> >>
> >> Thanks,
> >> Srivatsan
> >>
> >>
> >> olegk wrote:
> >>>
> >>> On Sun, 2011-04-17 at 20:03 +0530, Dilshan Edirisuriya wrote:
> >>>> Hi ,
> >>>>
> >>>> I have a web page that need to access with NTLM authentication on my
> >>>> local
> >>>> machine and i can see the expected behavior with Web browsers. But
> when
> >>>> I
> >>>> try to access same page using HTTPClient 4.1 I'm getting following
> >>>> exception.
> >>>>
> >>>>
> >>>> Apr 17, 2011 7:18:23 PM
> >>>> org.apache.http.client.protocol.RequestTargetAuthentication process
> >>>> SEVERE: Authentication error: Invalid name provided (Mechanism level:
> >>>> Could
> >>>> not load configuration file C:\Windows\krb5.ini (The system cannot
> find
> >>>> the
> >>>> file specified))
> >>>> Status :: HTTP/1.1 401 Unauthorized
> >>>>
> >>>>
> >>>
> >>> Dilshan
> >>>
> >>> HttpClient chooses SPNEGO/kerberos auth scheme over NTLM per default in
> >>> case the server supports both, as SPNEGO/kerberos is considered
> somewhat
> >>> more secure than NTLM.
> >>>
> >>> You can alter the order of preferred auth schemes by using
> >>> 'http.auth.target-scheme-pref' or 'http.auth.proxy-scheme-pref'
> >>> parameters:
> >>>
> >>>
> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#d4e869
> >>>
> >>> Just a general remark: when troubleshooting problems with HttpClient a
> >>> wire / context log of the HTTP session exhibiting the problem helps a
> >>> great deal.
> >>>
> >>> Oleg
> >>>
> >>>
> >>>> This is my sample code and it exactly same as example given in here
> >>>>
> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#ntlm
> >>>>
> >>>> DefaultHttpClient httpclient = new DefaultHttpClient();
> >>>>
> >>>> NTCredentials creds = new NTCredentials("user", "pwd",
> "machin-name",
> >>>> "machin-name");
> >>>> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY,
> >>>> creds);
> >>>>
> >>>> Host target = new HttpHost("localhost", 9090, "http");
> >>>> HttpContext localContext = new BasicHttpContext();
> >>>>
> >>>> // Execute a cheap method first. This will trigger NTLM authentication
> >>>> HttpGet httpget = new HttpGet("/hello1");
> >>>> HttpResponse response = httpclient.execute(target, httpget,
> >>>> localContext);
> >>>> HttpEntity entity = response.getEntity();
> >>>> System.out.println(" Status :: "+ response.getStatusLine());
> >>>>
> >>>>
> >>>> Further analyzing i found there is no 'Authorization:" header in
> >>>> outgoing
> >>>> messages where this header is available with browser access. Please
> >>>> note
> >>>> that I used same name/password/Domain for browser access too.
> >>>>
> >>>> Appreciate for any help to resolve this ?
> >>>>
> >>>> Thank you ,
> >>>>
> >>>> Dilshan
> >>>
> >>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>>
> >>>
> >>>
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://old.nabble.com/Issues-accessing-NTLM-server-using-HTTPClient-4.1-tp31417743p32855631.html
> Sent from the HttpClient-User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
Re: Issues accessing NTLM server using HTTPClient 4.1
Posted by Milind Kadam <ka...@gmail.com>.
Thanks a lot Srivatsan.
I already tried suggested code and get following exception.
Exception in thread "main" java.io.IOException: Server returned HTTP
response code: 500 for URL:
https://wkqasv0304/cw_common/servlet/PingCaSServlet?request=init
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1313)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at
ntlmtest01.NtlmTest01.getAuthenticatedResponse(NtlmTest01.java:51)
at ntlmtest01.NtlmTest01.main(NtlmTest01.java:29)
Note that I am using IIS 6/Tomcat 6 as Web Server. IIS is set for
"Integrated Windows Authentication". Everything works fine if I change to
"Basic Windows authentication".
I tried using Apache HttpClient samples too and same result (Error 500).
Don't know how to debug. If I use same URL in browsers; works fine.
Thanks again.
Milind Kadam
On Wed, Nov 16, 2011 at 11:01 AM, Srivatsan <sa...@gmail.com>wrote:
>
> Milind - I am yet to try the option suggested by Oleg. However, got it
> working with the code given in the link -
> http://www.muneebahmad.com/index.php/archives/127
>
> Regards,
> Srivatsan
>
>
> mkjee wrote:
> >
> >
> > Hi Srivatsan,
> >
> > I have a similar issue where URL works fine via browser but fails from
> > JAVA client when web server is IIS with NTLM authentication. Did you find
> > any solution for this problem?
> >
> > Thanks in advance,
> > Milind
> >
> >
> >
> >
> > Srivatsan wrote:
> >>
> >> Have a similar issue. With the code below - authentication is
> >> unsuccessful when using the credentials of a local user. By local user,
> >> the domain name / realm is the host itself. However, authentication is
> >> successful with the same credentials when accessed from browser.
> >>
> >> DefaultHttpClient httpclient = new DefaultHttpClient();
> >> List<String> authpref = new ArrayList<String>();
> >> authpref.add(AuthPolicy.NTLM);
> >>
> httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,
> >> authpref);
> >> NTCredentials creds = new NTCredentials("uid", "pwd",
> "ip", "domain");
> >>
> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY,
> >> creds);
> >> HttpHost target = new HttpHost(<IP>, 80, "http");
> >> // Make sure the same context is used to execute logically
> related
> >> requests
> >> HttpContext localContext = new BasicHttpContext();
> >> // Execute a cheap method first. This will trigger NTLM
> authentication
> >> HttpGet httpget = new HttpGet(<URL>);
> >> HttpResponse response;
> >> try {
> >> response = httpclient.execute(target, httpget,
> localContext);
> >> System.out.println("Status Code:" +
> >> response1.getStatusLine().getStatusCode());
> >> BufferedReader isr = new BufferedReader (new
> >> InputStreamReader(response.getEntity().getContent()));
> >> while (isr.readLine() != null) {
> >> System.out.println("Content is: ********"
> + isr.readLine());
> >> }
> >> HttpEntity entity = response1.getEntity();
> >> EntityUtils.consume(entity);
> >> } catch (ClientProtocolException e) {
> >> // TODO Auto-generated catch block
> >> e.printStackTrace();
> >> } catch (IOException e) {
> >> // TODO Auto-generated catch block
> >> e.printStackTrace();
> >> }
> >>
> >> Added the HTTP wire log.
> >> http://old.nabble.com/file/p32819071/localuser-nabble.txt
> >> localuser-nabble.txt
> >>
> >> Any pointers, please?
> >>
> >> Thanks,
> >> Srivatsan
> >>
> >>
> >> olegk wrote:
> >>>
> >>> On Sun, 2011-04-17 at 20:03 +0530, Dilshan Edirisuriya wrote:
> >>>> Hi ,
> >>>>
> >>>> I have a web page that need to access with NTLM authentication on my
> >>>> local
> >>>> machine and i can see the expected behavior with Web browsers. But
> when
> >>>> I
> >>>> try to access same page using HTTPClient 4.1 I'm getting following
> >>>> exception.
> >>>>
> >>>>
> >>>> Apr 17, 2011 7:18:23 PM
> >>>> org.apache.http.client.protocol.RequestTargetAuthentication process
> >>>> SEVERE: Authentication error: Invalid name provided (Mechanism level:
> >>>> Could
> >>>> not load configuration file C:\Windows\krb5.ini (The system cannot
> find
> >>>> the
> >>>> file specified))
> >>>> Status :: HTTP/1.1 401 Unauthorized
> >>>>
> >>>>
> >>>
> >>> Dilshan
> >>>
> >>> HttpClient chooses SPNEGO/kerberos auth scheme over NTLM per default in
> >>> case the server supports both, as SPNEGO/kerberos is considered
> somewhat
> >>> more secure than NTLM.
> >>>
> >>> You can alter the order of preferred auth schemes by using
> >>> 'http.auth.target-scheme-pref' or 'http.auth.proxy-scheme-pref'
> >>> parameters:
> >>>
> >>>
> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#d4e869
> >>>
> >>> Just a general remark: when troubleshooting problems with HttpClient a
> >>> wire / context log of the HTTP session exhibiting the problem helps a
> >>> great deal.
> >>>
> >>> Oleg
> >>>
> >>>
> >>>> This is my sample code and it exactly same as example given in here
> >>>>
> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#ntlm
> >>>>
> >>>> DefaultHttpClient httpclient = new DefaultHttpClient();
> >>>>
> >>>> NTCredentials creds = new NTCredentials("user", "pwd",
> "machin-name",
> >>>> "machin-name");
> >>>> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY,
> >>>> creds);
> >>>>
> >>>> Host target = new HttpHost("localhost", 9090, "http");
> >>>> HttpContext localContext = new BasicHttpContext();
> >>>>
> >>>> // Execute a cheap method first. This will trigger NTLM authentication
> >>>> HttpGet httpget = new HttpGet("/hello1");
> >>>> HttpResponse response = httpclient.execute(target, httpget,
> >>>> localContext);
> >>>> HttpEntity entity = response.getEntity();
> >>>> System.out.println(" Status :: "+ response.getStatusLine());
> >>>>
> >>>>
> >>>> Further analyzing i found there is no 'Authorization:" header in
> >>>> outgoing
> >>>> messages where this header is available with browser access. Please
> >>>> note
> >>>> that I used same name/password/Domain for browser access too.
> >>>>
> >>>> Appreciate for any help to resolve this ?
> >>>>
> >>>> Thank you ,
> >>>>
> >>>> Dilshan
> >>>
> >>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>>
> >>>
> >>>
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://old.nabble.com/Issues-accessing-NTLM-server-using-HTTPClient-4.1-tp31417743p32855631.html
> Sent from the HttpClient-User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
Re: Issues accessing NTLM server using HTTPClient 4.1
Posted by Srivatsan <sa...@gmail.com>.
Milind - I am yet to try the option suggested by Oleg. However, got it
working with the code given in the link -
http://www.muneebahmad.com/index.php/archives/127
Regards,
Srivatsan
mkjee wrote:
>
>
> Hi Srivatsan,
>
> I have a similar issue where URL works fine via browser but fails from
> JAVA client when web server is IIS with NTLM authentication. Did you find
> any solution for this problem?
>
> Thanks in advance,
> Milind
>
>
>
>
> Srivatsan wrote:
>>
>> Have a similar issue. With the code below - authentication is
>> unsuccessful when using the credentials of a local user. By local user,
>> the domain name / realm is the host itself. However, authentication is
>> successful with the same credentials when accessed from browser.
>>
>> DefaultHttpClient httpclient = new DefaultHttpClient();
>> List<String> authpref = new ArrayList<String>();
>> authpref.add(AuthPolicy.NTLM);
>> httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,
>> authpref);
>> NTCredentials creds = new NTCredentials("uid", "pwd", "ip", "domain");
>> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY,
>> creds);
>> HttpHost target = new HttpHost(<IP>, 80, "http");
>> // Make sure the same context is used to execute logically related
>> requests
>> HttpContext localContext = new BasicHttpContext();
>> // Execute a cheap method first. This will trigger NTLM authentication
>> HttpGet httpget = new HttpGet(<URL>);
>> HttpResponse response;
>> try {
>> response = httpclient.execute(target, httpget, localContext);
>> System.out.println("Status Code:" +
>> response1.getStatusLine().getStatusCode());
>> BufferedReader isr = new BufferedReader (new
>> InputStreamReader(response.getEntity().getContent()));
>> while (isr.readLine() != null) {
>> System.out.println("Content is: ********" + isr.readLine());
>> }
>> HttpEntity entity = response1.getEntity();
>> EntityUtils.consume(entity);
>> } catch (ClientProtocolException e) {
>> // TODO Auto-generated catch block
>> e.printStackTrace();
>> } catch (IOException e) {
>> // TODO Auto-generated catch block
>> e.printStackTrace();
>> }
>>
>> Added the HTTP wire log.
>> http://old.nabble.com/file/p32819071/localuser-nabble.txt
>> localuser-nabble.txt
>>
>> Any pointers, please?
>>
>> Thanks,
>> Srivatsan
>>
>>
>> olegk wrote:
>>>
>>> On Sun, 2011-04-17 at 20:03 +0530, Dilshan Edirisuriya wrote:
>>>> Hi ,
>>>>
>>>> I have a web page that need to access with NTLM authentication on my
>>>> local
>>>> machine and i can see the expected behavior with Web browsers. But when
>>>> I
>>>> try to access same page using HTTPClient 4.1 I'm getting following
>>>> exception.
>>>>
>>>>
>>>> Apr 17, 2011 7:18:23 PM
>>>> org.apache.http.client.protocol.RequestTargetAuthentication process
>>>> SEVERE: Authentication error: Invalid name provided (Mechanism level:
>>>> Could
>>>> not load configuration file C:\Windows\krb5.ini (The system cannot find
>>>> the
>>>> file specified))
>>>> Status :: HTTP/1.1 401 Unauthorized
>>>>
>>>>
>>>
>>> Dilshan
>>>
>>> HttpClient chooses SPNEGO/kerberos auth scheme over NTLM per default in
>>> case the server supports both, as SPNEGO/kerberos is considered somewhat
>>> more secure than NTLM.
>>>
>>> You can alter the order of preferred auth schemes by using
>>> 'http.auth.target-scheme-pref' or 'http.auth.proxy-scheme-pref'
>>> parameters:
>>>
>>> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#d4e869
>>>
>>> Just a general remark: when troubleshooting problems with HttpClient a
>>> wire / context log of the HTTP session exhibiting the problem helps a
>>> great deal.
>>>
>>> Oleg
>>>
>>>
>>>> This is my sample code and it exactly same as example given in here
>>>> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#ntlm
>>>>
>>>> DefaultHttpClient httpclient = new DefaultHttpClient();
>>>>
>>>> NTCredentials creds = new NTCredentials("user", "pwd", "machin-name",
>>>> "machin-name");
>>>> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY,
>>>> creds);
>>>>
>>>> Host target = new HttpHost("localhost", 9090, "http");
>>>> HttpContext localContext = new BasicHttpContext();
>>>>
>>>> // Execute a cheap method first. This will trigger NTLM authentication
>>>> HttpGet httpget = new HttpGet("/hello1");
>>>> HttpResponse response = httpclient.execute(target, httpget,
>>>> localContext);
>>>> HttpEntity entity = response.getEntity();
>>>> System.out.println(" Status :: "+ response.getStatusLine());
>>>>
>>>>
>>>> Further analyzing i found there is no 'Authorization:" header in
>>>> outgoing
>>>> messages where this header is available with browser access. Please
>>>> note
>>>> that I used same name/password/Domain for browser access too.
>>>>
>>>> Appreciate for any help to resolve this ?
>>>>
>>>> Thank you ,
>>>>
>>>> Dilshan
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>>
>>>
>>>
>>
>>
>
>
--
View this message in context: http://old.nabble.com/Issues-accessing-NTLM-server-using-HTTPClient-4.1-tp31417743p32855631.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Issues accessing NTLM server using HTTPClient 4.1
Posted by mkjee <ka...@gmail.com>.
Hi Srivatsan,
I have a similar issue where URL works fine via browser but fails from JAVA
client when web server is IIS with NTLM authentication. Did you find any
solution for this problem?
Thanks in advance,
Milind
Srivatsan wrote:
>
> Have a similar issue. With the code below - authentication is unsuccessful
> when using the credentials of a local user. By local user, the domain name
> / realm is the host itself. However, authentication is successful with the
> same credentials when accessed from browser.
>
> DefaultHttpClient httpclient = new DefaultHttpClient();
> List<String> authpref = new ArrayList<String>();
> authpref.add(AuthPolicy.NTLM);
> httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,
> authpref);
> NTCredentials creds = new NTCredentials("uid", "pwd", "ip", "domain");
> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY,
> creds);
> HttpHost target = new HttpHost(<IP>, 80, "http");
> // Make sure the same context is used to execute logically related
> requests
> HttpContext localContext = new BasicHttpContext();
> // Execute a cheap method first. This will trigger NTLM authentication
> HttpGet httpget = new HttpGet(<URL>);
> HttpResponse response;
> try {
> response = httpclient.execute(target, httpget, localContext);
> System.out.println("Status Code:" +
> response1.getStatusLine().getStatusCode());
> BufferedReader isr = new BufferedReader (new
> InputStreamReader(response.getEntity().getContent()));
> while (isr.readLine() != null) {
> System.out.println("Content is: ********" + isr.readLine());
> }
> HttpEntity entity = response1.getEntity();
> EntityUtils.consume(entity);
> } catch (ClientProtocolException e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> } catch (IOException e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
>
> Added the HTTP wire log.
> http://old.nabble.com/file/p32819071/localuser-nabble.txt
> localuser-nabble.txt
>
> Any pointers, please?
>
> Thanks,
> Srivatsan
>
>
> olegk wrote:
>>
>> On Sun, 2011-04-17 at 20:03 +0530, Dilshan Edirisuriya wrote:
>>> Hi ,
>>>
>>> I have a web page that need to access with NTLM authentication on my
>>> local
>>> machine and i can see the expected behavior with Web browsers. But when
>>> I
>>> try to access same page using HTTPClient 4.1 I'm getting following
>>> exception.
>>>
>>>
>>> Apr 17, 2011 7:18:23 PM
>>> org.apache.http.client.protocol.RequestTargetAuthentication process
>>> SEVERE: Authentication error: Invalid name provided (Mechanism level:
>>> Could
>>> not load configuration file C:\Windows\krb5.ini (The system cannot find
>>> the
>>> file specified))
>>> Status :: HTTP/1.1 401 Unauthorized
>>>
>>>
>>
>> Dilshan
>>
>> HttpClient chooses SPNEGO/kerberos auth scheme over NTLM per default in
>> case the server supports both, as SPNEGO/kerberos is considered somewhat
>> more secure than NTLM.
>>
>> You can alter the order of preferred auth schemes by using
>> 'http.auth.target-scheme-pref' or 'http.auth.proxy-scheme-pref'
>> parameters:
>>
>> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#d4e869
>>
>> Just a general remark: when troubleshooting problems with HttpClient a
>> wire / context log of the HTTP session exhibiting the problem helps a
>> great deal.
>>
>> Oleg
>>
>>
>>> This is my sample code and it exactly same as example given in here
>>> http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#ntlm
>>>
>>> DefaultHttpClient httpclient = new DefaultHttpClient();
>>>
>>> NTCredentials creds = new NTCredentials("user", "pwd", "machin-name",
>>> "machin-name");
>>> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY,
>>> creds);
>>>
>>> Host target = new HttpHost("localhost", 9090, "http");
>>> HttpContext localContext = new BasicHttpContext();
>>>
>>> // Execute a cheap method first. This will trigger NTLM authentication
>>> HttpGet httpget = new HttpGet("/hello1");
>>> HttpResponse response = httpclient.execute(target, httpget,
>>> localContext);
>>> HttpEntity entity = response.getEntity();
>>> System.out.println(" Status :: "+ response.getStatusLine());
>>>
>>>
>>> Further analyzing i found there is no 'Authorization:" header in
>>> outgoing
>>> messages where this header is available with browser access. Please note
>>> that I used same name/password/Domain for browser access too.
>>>
>>> Appreciate for any help to resolve this ?
>>>
>>> Thank you ,
>>>
>>> Dilshan
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>
>>
>>
>
>
--
View this message in context: http://old.nabble.com/Issues-accessing-NTLM-server-using-HTTPClient-4.1-tp31417743p32848475.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Issues accessing NTLM server using HTTPClient 4.1
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, Nov 10, 2011 at 06:40:59AM -0800, Srivatsan wrote:
>
> Have a similar issue. With the code below - authentication is unsuccessful
> when using the credentials of a local user. By local user, the domain name /
> realm is the host itself. However, authentication is successful with the
> same credentials when accessed from browser.
>
> DefaultHttpClient httpclient = new DefaultHttpClient();
> List<String> authpref = new ArrayList<String>();
> authpref.add(AuthPolicy.NTLM);
> httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,
> authpref);
> NTCredentials creds = new NTCredentials("uid", "pwd", "ip", "domain");
> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);
> HttpHost target = new HttpHost(<IP>, 80, "http");
> // Make sure the same context is used to execute logically related
> requests
> HttpContext localContext = new BasicHttpContext();
> // Execute a cheap method first. This will trigger NTLM authentication
> HttpGet httpget = new HttpGet(<URL>);
> HttpResponse response;
> try {
> response = httpclient.execute(target, httpget, localContext);
> System.out.println("Status Code:" +
> response1.getStatusLine().getStatusCode());
> BufferedReader isr = new BufferedReader (new
> InputStreamReader(response.getEntity().getContent()));
> while (isr.readLine() != null) {
> System.out.println("Content is: ********" + isr.readLine());
> }
> HttpEntity entity = response1.getEntity();
> EntityUtils.consume(entity);
> } catch (ClientProtocolException e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> } catch (IOException e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
>
> Added the HTTP wire log.
> http://old.nabble.com/file/p32819071/localuser-nabble.txt
> localuser-nabble.txt
>
> Any pointers, please?
>
I see nothing unusual in the HTTP session log. The three-way NTLM message exchange seems normal. You can try using CIFS as an alternative NTLN engine and see if that makes any difference [1]. If that does not help, there must be something wrong with the credentials.
Oleg
[1] http://hc.apache.org/httpcomponents-client-ga/ntlm.html
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org