authentication ...

Wed, 31 Dec 2003 08:46:49 -0800 

Hi everybody :)

and first of all, I wish you all an happy new year :)) 

and now is my question/remark (i don't know if it's better to post it here, or in the 
user mailing list, or as a comment in bugzilla, but I don't want to cross post, so for 
now I post it only here - let me know if I should cross post or add a comment in 
bugzilla) : 

- the proxy I had to go though was using NTLM, and I checkouted the 
HTTPCLIENT_2_0_BRANCH tag sources from cvs.
- then the sysadmin decided to open a door for me in the proxy that would use only 
basic authentication. So i though that replacing the NTCredentials with 
UsernamePasswordCredentials would be enough - and it wasn't. The code was still 
returning a 407 - which is weird with basic auth.
- I finally found out where the "error" was (and now it works fine - only for me tho), 
but I can't decide if it's because of the proxy (that returns a "wrong" answer) or 
because of commons/httpclient code :
        * the proxy returns these challenges, in this order : ntlm - basic - kerberos 
- negotiate
        * in HttpAuthenticator.selectAuthScheme, after having built the challengemap, 
you go like :
...
                challenge = (String) challengemap.get("ntlm");
                if (challenge != null) {
                        return new NTLMScheme(challenge);
                }
                challenge = (String) challengemap.get("digest");
                if (challenge != null) {
                        return new DigestScheme(challenge);
                }
                challenge = (String) challengemap.get("basic");
                if (challenge != null) {
                        return new BasicScheme(challenge);
                }
...

I only commented out the 4 lines about NTLM (i know it's quick & dirty but .. i had to 
make it work before 2004 ;] !)
Anyway, does it mean that the proxy should NOT return any ntlm challenge if it expects 
a basic auth, even if it's for one single realm (all other realms (domains for ntlm) 
use NTLM auth) ?
Or does it mean there's something here in the code that needs to be twisted (like, the 
only challenge that actually has a "value" is the basic one : if i print the challenge 
map i get 
ntlm--NTLM
basic--Basic realm="hidden-sorry"
kerberos--Kerberos
negotiate--Negotiate
) ??

that was my 2 cents ....
hope you'll all have a nice nice new year's eve tonight :o) ! 

Isa

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to