Yeah, just been sniffing around this afternoon and switched on all the logging in IIS. Still not helping me figure it out yet. When talking direct using the commons classes or going via a proxy the sequence of events is
> POST request < 401 > POST request with some NTLM http header < 401 > POST request with bigger NTLM http header < 100 (which is ignored and a bit wierd) < 200 OK, followed by message. When going direct using the CommonsHTTPSender I get... > POST request < 401 I had been thinking that the strange 100 return message could have been throwing things off, but it doesn't look that way now as it seems to fall over when reading the first 401 error (it doesn't even read the return code because the socket has been unexpectedly closed). I have also tried forcing authentication in the HttpClient paramaters (thereby avoiding the 401 error) but that doesn't seem to work either, the first request still does not have the NTLM header so you still get the 401... I'm going to carry on debugging through see if I can figure out the problem. If anyone has any other suggestions then let me know !! Thanks, Martin. On 28/06/05, Evgeny Beskrovny <[EMAIL PROTECTED]> wrote: > I would suggest you to use Ethereal sniffer to catch the difference between > using just HttpClient and CommonHttpSender. It may give you a clue of > what's going on. > Evgeny > > Martin Woodward > <martin.woodward@ > gmail.com> To > [email protected] > 06/28/2005 05:05 cc > PM > Subject > Re: NTLM Authentication (again) > Please respond to > [EMAIL PROTECTED] > he.org > > The latest version (3.0 RC3) of the Commons HttpClient works just fine > with NTLM. Which suggests to me that something is going funny in the > org.apache.axis.transport.http.CommonsHTTPSender class. I'll dig > around in the CommonsHTTPSender class, but I was wondering if anyone > had come across this before or actually got NTLM working... > > Below is the code I used that just used the Commons HTTPClient class > to get an NTLM protected message (changed slightly to protect the > innocent). I tried it against the same web service method that my > WDSL2Java generated call eventually winds up calling... > > ----- > > package com.mrwpro.vsts.play; > > import java.io.IOException; > > import org.apache.commons.httpclient.Credentials; > import org.apache.commons.httpclient.HttpClient; > import org.apache.commons.httpclient.HttpException; > import org.apache.commons.httpclient.HttpMethodBase; > import org.apache.commons.httpclient.NTCredentials; > import org.apache.commons.httpclient.auth.AuthScope; > import org.apache.commons.httpclient.methods.GetMethod; > > /** > * Get a NTLM secured page. > * @author martinwoodward > */ > public class NTLMHttpTest { > > public static void main(String[] args) { > > HttpClient httpClient = new HttpClient(); > Credentials credentials = new NTCredentials("username", > "password", "remoteMachine", "MY_DOMAIN"); > httpClient.getState().setCredentials(AuthScope.ANY,credentials); > HttpMethodBase method = new > GetMethod("http://remoteMachine/WebService/MyService.asmx/WhoAmI";); > > try { > int returnCode = httpClient.executeMethod(method); > String response = method.getResponseBodyAsString(); > System.out.println("Response: " + response); > } catch (HttpException e) { > e.printStackTrace(); > } catch (IOException e) { > e.printStackTrace(); > } > > } > } > > ----- > > Thanks, > > Martin. > > On 28/06/05, Evgeny Beskrovny <[EMAIL PROTECTED]> wrote: > > I suggest you to write the code using the classes of Apache that connect > to > > the NTLM server and see if it works. There is a big chance that it won't > > work since as far as I remember they don't support different parameters > > that can be set in NTLM for example usage of NTLM2 that server during the > > NTLM handshake might prescribe client to do. > > Evgeny > > > > Martin Woodward > > <martin.woodward@ > > gmail.com> To > > [email protected] > > 06/28/2005 01:30 cc > > PM > > Subject > > Re: NTLM Authentication (again) > > Please respond to > > [EMAIL PROTECTED] > > he.org > > > > I'm pretty sure that that the Commons HTTPClient implementation (used > > by CommonsHTTPSender) has an implementation of NTLM in 3.0-RC3. If I > > take out my credentials from the call then I get the following error > > when talking via the proxy > > > > No credentials available for NTLM <any realm>@mymachine:80 > > > > Which would suggest that it is the Commons HTTPClient code that > > negotiating, not TCPMon. > > > > I am not creating the HTTP connection directly. I am using a > > WSDL2Java generated stub which I have added a couple of lines to add > > my credentials to the _call in the createCall method. I have then > > used the client-config.wsdd to override the default transport > > implementaion to the Commons one (which has NTLM support) > > > > Below if the contents of my client-config.msdd file... > > > > <?xml version="1.0" encoding="UTF-8"?> > > <deployment name="defaultClientConfig" > > xmlns="http://xml.apache.org/axis/wsdd/"; > > xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";> > > <globalConfiguration> > > <parameter name="disablePrettyXML" value="true"/> > > </globalConfiguration> > > <transport name="http" > > pivot="java:org.apache.axis.transport.http.CommonsHTTPSender"/> > > <!-- transport name="http" > > > pivot="java:org.apache.axis.transport.http.HTTPSender"/ --> > > <transport name="local" > > pivot="java:org.apache.axis.transport.local.LocalSender"/> > > <transport name="java" > > pivot="java:org.apache.axis.transport.java.JavaSender"/> > > </deployment> > > > > I think it is actually the > > org.apache.axis.transport.http.CommonsHTTPSender class that creates > > the URL connection - please let me know if I doing something daft or > > have mis-understood your point. > > > > Cheers, > > > > Martin. > > > > On 28/06/05, Evgeny Beskrovny <[EMAIL PROTECTED]> wrote: > > > Hi, > > > I think the reason it doesn't work for you is because in order to make > it > > > work you need to have a Sun implementation of HTTPUrlConnection on a > > > client, while here as I understand you use HttpClient of Apache that > > might > > > have no implementation of NTLM. When you connect to a proxy it > internally > > > uses Sun implementation of HTTPUrlConnection so it works. > > > When you create a URL on your client you would better use it this way > > > > > > handler = new sun.net.www.protocol.http.Handler(); > > > urlToConnect = new URL (null, urlPath.toString(),handler); > > > URLConnection connection = urlToConnect.openConnection(); > > > Try this and see if it works. > > > Evgeny > > > > > > Martin Woodward > > > <martin.woodward@ > > > gmail.com> > To > > > [email protected] > > > 06/27/2005 08:30 > cc > > > PM > > > > Subject > > > NTLM Authentication (again) > > > Please respond to > > > [EMAIL PROTECTED] > > > he.org > > > > > > > > > Hi, > > > > > > I'm trying to talk to a web service that requires NTLM authentication > > > for my sins. The good news is that it works, the bad news is that I > > > have to proxy the request through a local instance of TCPmon to get it > > > to work. Does this sound familiar to anyone, I could very possibly be > > > me doing something dumb... > > > > > > I am using axis-1_2_1, commons-httpclient-3.0-rc3, commons-codec-1.3 > > > on j2sdk1.4.2_08 running in Windows XP Pro SP2. > > > > > > As I say, everything works fine if I run up TCPMonitor on my machine > > > and then include the following lines in my client... > > > > > > System.setProperty("http.proxyHost", "localhost"); > > > System.setProperty("http.proxyPort", "8888"); > > > > > > I've allready edited my stub to add the username/password and added a > > > client-config.wsdd to point to the CommonsHTTPSender. > > > > > > Below is the stack trace when I don't have the web service call > proxied:- > > > > > > AxisFault > > > faultCode: > > {http://schemas.xmlsoap.org/soap/envelope/}Server.userException > > > faultSubcode: > > > faultString: java.net.SocketException: Connection reset > > > faultActor: > > > faultNode: > > > faultDetail: > > > > > > {http://xml.apache.org/axis/}stackTrace:java.net.SocketException: > > > Connection reset > > > at > > java.net.SocketInputStream.read(SocketInputStream.java:168) > > > at > > > java.io.BufferedInputStream.fill(BufferedInputStream.java:183) > > > at > > > java.io.BufferedInputStream.read(BufferedInputStream.java:201) > > > at > > > > org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:77) > > > at > > > org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:105) > > > at > > > > > > org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1110) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1391) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1832) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1592) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:995) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:393) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396) > > > at > > > > > > org.apache.axis.transport.http.CommonsHTTPSender.invoke(CommonsHTTPSender.java:188) > > > > > > > > > at > > > > > > org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) > > > > > > > > > at > > > org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > > > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > > > at > > > org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) > > > at org.apache.axis.client.Call.invokeEngine(Call.java:2765) > > > at org.apache.axis.client.Call.invoke(Call.java:2748) > > > at org.apache.axis.client.Call.invoke(Call.java:2424) > > > at org.apache.axis.client.Call.invoke(Call.java:2347) > > > at org.apache.axis.client.Call.invoke(Call.java:1804) > > > at SNIP.whoAmI(SNIP.java:430) > > > at com.mrwpro.vsts.play.TestClient.main(TestClient.java:30) > > > > > > {http://xml.apache.org/axis/}hostname:tst-028-04452 > > > > > > java.net.SocketException: Connection reset > > > at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) > > > at > > > > > > org.apache.axis.transport.http.CommonsHTTPSender.invoke(CommonsHTTPSender.java:277) > > > > > > > > > at > > > > > > org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) > > > > > > > > > at > > > org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > > > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > > > at > > > org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) > > > at org.apache.axis.client.Call.invokeEngine(Call.java:2765) > > > at org.apache.axis.client.Call.invoke(Call.java:2748) > > > at org.apache.axis.client.Call.invoke(Call.java:2424) > > > at org.apache.axis.client.Call.invoke(Call.java:2347) > > > at org.apache.axis.client.Call.invoke(Call.java:1804) > > > at SNIP.whoAmI(SNIP.java:430) > > > at com.mrwpro.vsts.play.TestClient.main(TestClient.java:30) > > > Caused by: java.net.SocketException: Connection reset > > > at > > java.net.SocketInputStream.read(SocketInputStream.java:168) > > > at > > > java.io.BufferedInputStream.fill(BufferedInputStream.java:183) > > > at > > > java.io.BufferedInputStream.read(BufferedInputStream.java:201) > > > at > > > > org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:77) > > > at > > > org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:105) > > > at > > > > > > org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1110) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1391) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1832) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1592) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:995) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:393) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168) > > > > > > > > > at > > > > > > org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396) > > > at > > > > > > org.apache.axis.transport.http.CommonsHTTPSender.invoke(CommonsHTTPSender.java:188) > > > > > > > > > ... 11 more > > > > > > When I do have it proxied, you see the 401 error coming back from the > > > server, followed by a 100 with the final 200 response containing the > > > answer. When I run pointing to the proxy I also get the following > > > console output... > > > > > > - Unable to find required classes (javax.activation.DataHandler and > > > javax.mail.internet.MimeMultipart). Attachment support is disabled. > > > - ntlm authentication scheme selected > > > - Discarding unexpected response: HTTP/1.1 100 Continue > > > > > > Any ideas? > > > > > > Thanks, > > > > > > Martin. > > > > > > -- > > > > > > http://www.woodwardweb.com > > > > > > > > > > -- > > > > http://www.woodwardweb.com > > > > > > -- > > http://www.woodwardweb.com > > -- http://www.woodwardweb.com
