[
https://issues.apache.org/jira/browse/HTTPCLIENT-1071?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski resolved HTTPCLIENT-1071.
-------------------------------------------
Resolution: Invalid
I suspected that. The authorization request generated by the Innovation.ch
HTTPClient violates RFC2617, section 3.2.2.5
---
3.2.2.5 Various considerations
The "Method" value is the HTTP request method as specified in section
5.1.1 of [2]. The "request-uri" value is the Request-URI from the
request line as specified in section 5.1.2 of [2]. This may be "*",
an "absoluteURL" or an "abs_path" as specified in section 5.1.2 of
[2], but it MUST agree with the Request-URI. In particular, it MUST
be an "absoluteURL" if the Request-URI is an "absoluteURL". The
"cnonce-value" is an optional client-chosen value whose purpose is
to foil chosen plaintext attacks.
---
Request uri value in the Digest Authorization '... MUST be an "absoluteURL" if
the Request-URI is an "absoluteURL"', which is clearly not the case
---
GET http://renderv3.mappoint.net:80/render-30/RenderService.asmx HTTP/1.1
Host: renderv3.mappoint.net
Proxy-Connection: Keep-Alive
Connection: TE
TE: trailers, deflate, gzip, compress
User-Agent: RPT-HTTPClient/0.3-3E
Pragma: no-cache
Accept-Encoding: deflate, gzip, x-gzip, compress, x-compress
Proxy-Authorization: Basic bXV0aHUtemNpNTY4OnNhZGZzZjNy
Authorization: Digest
realm="MapPoint",username="7518",uri="/render-30/RenderService.asmx",nonce="386b1170cabff277975819992100dd940a6884eb44e9f02fb50736820af2",response="12cfdb83386a255cc7329f2120b11ecc",cnonce="8d15f60bd65131c63cabc91d8702258d",qop="auth",nc="00000001"
---
Apparently the IIS server gets confused by the absolute request URI in the
Digest authorization request (even though the uri is perfectly OK) and rejects
the request as invalid (though it is not)
---
GET http://renderv3.mappoint.net/render-30/RenderService.asmx HTTP/1.1
Host: renderv3.mappoint.net
Proxy-Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1 (java 1.5)
Authorization: Digest username="7518", realm="MapPoint",
nonce="f5674eeba014d98c600358992100d5829a60853da97d70f6f5000d8b8eb9",
uri="http://renderv3.mappoint.net/render-30/RenderService.asmx";,
response="e452c5c1d70bb8b9f5177ac1abc66b31", qop=auth, nc=00000001,
cnonce="93e6e5399da67d161b7fec8728ccd496"
Proxy-Authorization: Basic bWFuYXNhLXpjaTEzOTA6c2d1ZDhkaw==
---
I am not very keen on changing HttpClient's behavior as in my opinion it is
fully compliant with the requirements of the HTTP specification and the problem
clearly lies with Microsoft-IIS/6.0.
You basically have two options:
(1) If you are a paying Microsoft customer try approaching Microsoft customer
services with this problem
(2) Make a local copy of DigestScheme, tweak its behavior, and use it instead
of the one shipped with HttpClient.
Oleg
> 400 Bad request is returned (Target Authentication)
> ---------------------------------------------------
>
> Key: HTTPCLIENT-1071
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1071
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Environment: WindowsXP, Java 1.5
> Reporter: Manasa K
> Labels: authentication, digest, proxy
> Attachments: ApacheHTTPClient, Inno_WithProxy,
> InnovationHTTPClient.txt, logs_withoutProxy.txt, logstosend_withProxy.txt
>
>
> I am trying to connect a URL
> http://renderv3.mappoint.net/render-30/RenderService.asmx which needs
> WWW-Authenticate(uses Digest Authentication). Also this should go via a
> Proxy(uses Basic Authentication). This returns HTTP/1.0 400 Bad Request
> [Server: Microsoft-IIS/6.0, Date: Tue, 08 Mar 2011 13:38:43 GMT, X-Cache:
> MISS from proxy-server8-int1, Connection: close]....
> When the request to this URL is sent directly(i.e., not going via Proxy),
> works perfectly.
> Also when I tried with another HTTPClient from Innovation.ch, this works. So
> I doubt if there will be any trouble caused due to the proxy server.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
