You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Ji, Yuan" <Yu...@celcorp.com> on 2004/11/03 16:14:39 UTC

RE: NTLM Proxy Authentication + Digest Web Server Authenticationfailed

Oleg, Thanks for your help.

Did another test with Netscape Enterprise Web Server with Basic
Authentication and SSL through NTLM Proxy Server, and it works. Great!

I will do more test this week and tell you the result.

Yuan

-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org] 
Sent: November 2, 2004 3:54 PM
To: HttpClient Project
Subject: Re: NTLM Proxy Authentication + Digest Web Server
Authenticationfailed

Yuan

(1) Please retest your application against the latest CVS HEAD snapshot.
I submitted a fix for a bug in the authentication code only a few hours
ago. 

http://issues.apache.org/bugzilla/show_bug.cgi?id=31981

The bug appears to be unrelated to the problem you are having, but just
in case please do upgrade to the latest CVS HEAD snapshot

(2) This may well be a problem with the proxy or the target server

[DEBUG] HttpMethodDirector - -The server 10.0.1.159 failed to respond
> <org.apache.commons.httpclient.NoHttpResponseException: The server
> 10.0.1.159 failed to
> respond>org.apache.commons.httpclient.NoHttpResponseException: The
> server 10.0.1.159 failed to respond

It looks like the proxy or the target server itself failed to send back
a response, which seems to suggest that the problem may have nothing to
do with HttpClient.

What is FreeProxy? It is stable? Do you have access to the proxy and/or
the web server logs?

It's getting kind of late here. I'll pick it up tommorow

Oleg


On Tue, 2004-11-02 at 23:19, Ji, Yuan wrote:
> I tried to test HttpClient to access a Web site with digest 
> authentication through an NTLM proxy server, and it failed. But when I

> changed to Proxy Server with Basic or Digest Authentication, it works.
> I'm using HttpClient 3.0 source code from CVS on Nov. 2, 2004. Is this

> an unfinished feature or I did something wrong?
>  
> The log is here:
>  
> [DEBUG] header - ->> "GET http://10.0.1.159:4492/index.html 
> HTTP/1.1[\r][\n]"
> 
> [DEBUG] HttpMethodBase - -Adding Host request header
> 
> [DEBUG] header - ->> "User-Agent: Jakarta 
> Commons-HttpClient/3.0-alpha2[\r][\n]"
> 
> [DEBUG] header - ->> "Host: 10.0.1.159:4492[\r][\n]"
> 
> [DEBUG] header - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
> 
> [DEBUG] header - ->> "[\r][\n]"
> 
> [DEBUG] header - -<< "HTTP/1.1 407 Proxy Authentication 
> Required[\r][\n]"
> 
> [DEBUG] header - -<< "Server: FreeProxy/3.72[\r][\n]"
> 
> [DEBUG] header - -<< "Date: Tue, 02 Nov 2004 21:48:06 GMT[\r][\n]"
> 
> [DEBUG] header - -<< "Proxy-Connection: Close[\r][\n]"
> 
> [DEBUG] header - -<< "Content-Length: 202[\r][\n]"
> 
> [DEBUG] header - -<< "Proxy-Authenticate: NTLM[\r][\n]"
> 
> [DEBUG] HttpMethodDirector - -Authorization required
> 
> [DEBUG] AuthChallengeProcessor - -Supported authentication schemes in 
> the order of preference: [ntlm, digest, basic]
> 
> [INFO] AuthChallengeProcessor - -ntlm authentication scheme selected
> 
> [DEBUG] AuthChallengeProcessor - -Using authentication scheme: ntlm
> 
> [DEBUG] HttpMethodBase - -Should close connection in response to
> Proxy-Connection: Close
> 
> [DEBUG] HttpConnection - -Connection is locked. Call to
> releaseConnection() ignored.
> 
> [DEBUG] HttpMethodDirector - -Authenticating with NTLM <any
> realm>@10.0.1.184:4480
> 
> [DEBUG] header - ->> "GET http://10.0.1.159:4492/index.html 
> HTTP/1.1[\r][\n]"
> 
> [DEBUG] HttpMethodBase - -Adding Host request header
> 
> [DEBUG] header - ->> "User-Agent: Jakarta 
> Commons-HttpClient/3.0-alpha2[\r][\n]"
> 
> [DEBUG] header - ->> "Proxy-Authorization: NTLM 
> TlRMTVNTUAABAAAABlIAAAYABgAqAAAACgAKACAAAAAxMC4wLjEuMTg0U0lSSVVT[\r][\
> n]
> "
> 
> [DEBUG] header - ->> "Host: 10.0.1.159:4492[\r][\n]"
> 
> [DEBUG] header - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
> 
> [DEBUG] header - ->> "[\r][\n]"
> 
> [DEBUG] header - -<< "HTTP/1.1 407 Proxy Authentication 
> Required[\r][\n]"
> 
> [DEBUG] header - -<< "Server: FreeProxy/3.72[\r][\n]"
> 
> [DEBUG] header - -<< "Date: Tue, 02 Nov 2004 21:48:06 GMT[\r][\n]"
> 
> [DEBUG] header - -<< "Content-Length: 202[\r][\n]"
> 
> [DEBUG] header - -<< "Proxy-Authenticate: NTLM
> TlRMTVNTUAACAAAABgAGADgAAAAGAoECFILBclqvmPEAAAAAAAAAAJIAkgA+AAAABQCTCA
> TlRMTVNTUAACAAAABgAGADgAAAAGAoECFILBclqvmPEAAAAAAAAAAJIAkgA+AA
> AA9TSVJJVVMCAAwAUwBJAFIASQBVAFMAAQAUAFQARQBTAFQARgBBAFIATQAtADcABAAkAH
> MA 
> aQByAGkAdQBzAC4AYwBlAGwAYwBvAHIAcAAuAGMAbwBtAAMAOgB0AGUAcwB0AGYAYQByAG
> 0A 
> LQA3AC4AcwBpAHIAaQB1AHMALgBjAGUAbABjAG8AcgBwAC4AYwBvAG0AAAAAAA==[\r][\
> n]
> "
> 
> [DEBUG] header - -<< "Proxy-Connection: Keep-Alive[\r][\n]"
> 
> [DEBUG] HttpMethodDirector - -Authorization required
> 
> [DEBUG] AuthChallengeProcessor - -Using authentication scheme: ntlm
> 
> [DEBUG] HttpMethodBase - -Should NOT close connection in response to
> Proxy-Connection: Keep-Alive
> 
> [DEBUG] HttpConnection - -Connection is locked. Call to
> releaseConnection() ignored.
> 
> [DEBUG] HttpMethodDirector - -Authenticating with NTLM <any
> realm>@10.0.1.184:4480
> 
> [DEBUG] header - ->> "GET http://10.0.1.159:4492/index.html 
> HTTP/1.1[\r][\n]"
> 
> [DEBUG] HttpMethodBase - -Adding Host request header
> 
> [DEBUG] header - ->> "User-Agent: Jakarta 
> Commons-HttpClient/3.0-alpha2[\r][\n]"
> 
> [DEBUG] header - ->> "Proxy-Authorization: NTLM 
> TlRMTVNTUAADAAAAGAAYAFYAAAAAAAAAbgAAAAYABgBAAAAABgAGAEYAAAAKAAoATAAAAA
> AA
> AABuAAAABlIAAFNJUklVU01LUkFGVDEwLjAuMS4xODRbOFGxorkG7rZFjk8LuUTPABaC6l
> U4
> nOk=[\r][\n]"
> 
> [DEBUG] header - ->> "Host: 10.0.1.159:4492[\r][\n]"
> 
> [DEBUG] header - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
> 
> [DEBUG] header - ->> "[\r][\n]"
> 
> [DEBUG] header - -<< "HTTP/1.1 401 Unauthorized[\r][\n]"
> 
> [DEBUG] header - -<< "Server: FreeProxy/3.72[\r][\n]"
> 
> [DEBUG] header - -<< "Date: Tue, 02 Nov 2004 21:48:06 GMT[\r][\n]"
> 
> [DEBUG] header - -<< "Connection: Keep-Alive[\r][\n]"
> 
> [DEBUG] header - -<< "Content-Length: 168[\r][\n]"
> 
> [DEBUG] header - -<< "WWW-Authenticate: Digest realm="DigestWebRealm",

> qop="auth", nonce="CgABuA==", opaque="MuJvtG2/s9xyNPY7Kyy5pkoS",
> algorithm="MD5"[\r][\n]"
> 
> [DEBUG] HttpMethodDirector - -Authorization required
> 
> [DEBUG] AuthChallengeProcessor - -Supported authentication schemes in 
> the order of preference: [ntlm, digest, basic]
> 
> [DEBUG] AuthChallengeProcessor - -Challenge for ntlm authentication 
> scheme not available
> 
> [INFO] AuthChallengeProcessor - -digest authentication scheme selected
> 
> [DEBUG] AuthChallengeProcessor - -Using authentication scheme: digest
> 
> [DEBUG] HttpMethodBase - -Should NOT close connection in response to
> Connection: Keep-Alive
> 
> [DEBUG] HttpConnection - -Connection is locked. Call to
> releaseConnection() ignored.
> 
> [DEBUG] HttpMethodDirector - -Authenticating with DIGEST
> 'DigestWebRealm'@10.0.1.159:4492
> 
> [DEBUG] HttpMethodParams - -Credential charset not configured, using 
> HTTP element charset
> 
> [DEBUG] DigestScheme - -Using qop method auth
> 
> [DEBUG] header - ->> "GET http://10.0.1.159:4492/index.html 
> HTTP/1.1[\r][\n]"
> 
> [DEBUG] HttpMethodBase - -Adding Host request header
> 
> [DEBUG] header - ->> "User-Agent: Jakarta 
> Commons-HttpClient/3.0-alpha2[\r][\n]"
> 
> [DEBUG] header - ->> "Authorization: Digest username="DigestWebUser", 
> realm="DigestWebRealm", nonce="CgABuA==", uri="/index.html", 
> response="926e355cb219877121648e598d7b2b8e", qop="auth", nc=00000001, 
> cnonce="1d43bae46046bdbda093247f361003e3", algorithm="MD5", 
> opaque="MuJvtG2/s9xyNPY7Kyy5pkoS"[\r][\n]"
> 
> [DEBUG] header - ->> "Host: 10.0.1.159:4492[\r][\n]"
> 
> [DEBUG] header - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
> 
> [DEBUG] header - ->> "[\r][\n]"
> 
> [DEBUG] HttpMethodDirector - -Closing the connection.
> 
> [INFO] HttpMethodDirector - -I/O exception caught when processing
> request: The server 10.0.1.159 failed to respond
> 
> [DEBUG] HttpMethodDirector - -The server 10.0.1.159 failed to respond
> <org.apache.commons.httpclient.NoHttpResponseException: The server
> 10.0.1.159 failed to
> respond>org.apache.commons.httpclient.NoHttpResponseException: The
> server 10.0.1.159 failed to respond
> 
> at
> org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethod
> Ba
> se.java:1828)
> 
> at
> org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBa
> se
> .java:1588)
> 
> at
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.ja
> va
> :999)
> 
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Http
> Me
> thodDirector.java:382)
> 
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMet
> ho
> dDirector.java:168)
> 
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java
> :3
> 93)
> 
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java
> :3
> 24)
> 
> at
> com.celcorp.test.TestHttpClient.testHttpRequestWithNTLMProxyAuth(TestH
> tt
> pClient.java:200)
> 
> at com.celcorp.test.TestHttpClient.main(TestHttpClient.java:57)
> 
> [INFO] HttpMethodDirector - -Retrying request
> 
> [DEBUG] header - ->> "GET http://10.0.1.159:4492/index.html 
> HTTP/1.1[\r][\n]"
> 
> [DEBUG] HttpMethodBase - -Adding Host request header
> 
> [DEBUG] header - ->> "User-Agent: Jakarta 
> Commons-HttpClient/3.0-alpha2[\r][\n]"
> 
> [DEBUG] header - ->> "Authorization: Digest username="DigestWebUser", 
> realm="DigestWebRealm", nonce="CgABuA==", uri="/index.html", 
> response="926e355cb219877121648e598d7b2b8e", qop="auth", nc=00000001, 
> cnonce="1d43bae46046bdbda093247f361003e3", algorithm="MD5", 
> opaque="MuJvtG2/s9xyNPY7Kyy5pkoS"[\r][\n]"
> 
> [DEBUG] header - ->> "Host: 10.0.1.159:4492[\r][\n]"
> 
> [DEBUG] header - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
> 
> [DEBUG] header - ->> "[\r][\n]"
> 
> [DEBUG] header - -<< "HTTP/1.1 407 Proxy Authentication 
> Required[\r][\n]"
> 
> [DEBUG] header - -<< "Server: FreeProxy/3.72[\r][\n]"
> 
> [DEBUG] header - -<< "Date: Tue, 02 Nov 2004 21:48:06 GMT[\r][\n]"
> 
> [DEBUG] header - -<< "Proxy-Connection: Close[\r][\n]"
> 
> [DEBUG] header - -<< "Content-Length: 202[\r][\n]"
> 
> [DEBUG] header - -<< "Proxy-Authenticate: NTLM[\r][\n]"
> 
> [DEBUG] HttpMethodDirector - -Authorization required
> 
> [DEBUG] AuthChallengeProcessor - -Using authentication scheme: ntlm
> 
> [INFO] HttpMethodDirector - -Failure authenticating with NTLM <any
> realm>@10.0.1.184:4480
> 
> [DEBUG] HttpMethodBase - -Buffering response body
> 
> [DEBUG] HttpMethodBase - -Should close connection in response to
> Proxy-Connection: Close
> 
> [DEBUG] HttpConnection - -Releasing connection back to connection 
> manager.
> 
> The HttpClient sent a challenge response for "401 Unauthorized" with 
> "Authorization" header, but no "Proxy-Authorization" header. Is it a 
> bug?
> 
> Yuan Ji
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: 
> httpclient-dev-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org