[jira] [Commented] (HTTPCLIENT-856) Proxy NTLM Authentication Redirecting to different address fails saying Proxy Auth Required.

Daniel Kugel (JIRA) Mon, 03 Feb 2014 01:04:40 -0800

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13889331#comment-13889331
 ]


Daniel Kugel commented on HTTPCLIENT-856:
-----------------------------------------

I'm trying to back port the patch to httpclient 3.1 and I was wondering if I 
could simply add {code:java}method.getProxyAuthState().invalidate();{code} to 
the end of the method {code:java}private boolean processRedirectResponse(final 
HttpMethod method){code} in HttpMethodDirector.java?

> Proxy NTLM Authentication  Redirecting to different address fails saying 
> Proxy Auth Required.
> ---------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-856
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-856
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 3.1 (end of life), 4.0 Beta 2
>         Environment: HttpClient , Proxy Authentication (Microsoft ISA server) 
>            Reporter: Raj
>             Fix For: 4.0 Final
>
>         Attachments: HTTPCLIENT-856.patch
>
>
> The issue has been discussed in,
> http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tt23867531.html
> This was found in http client 3.1 release,  where NTLM proxy authentication 
> is must and the server ask the redirect to a new url, in this case, when 
> redirecting, the earlier proxy auth status is not cleared, so, it does not do 
> proxy authentication for the new URL and hence fails.
> Target Host Authenticaiton NTLM authentication - redirect also had problem 
> and fixed as said,
> http://issues.apache.org/jira/browse/HTTPCLIENT-211
> Proxy Authentication - redirect has to be fixed, 
> The wire logs for the release 
> https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/
> is given below,
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA 
> Server requires authorization to fulfill the request. Access to the Web Proxy 
> filter is denied.  )[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Negotiate[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Kerberos[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Basic realm="lab1."[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 4107  [EOL]"
> [DEBUG] wire - << "[EOL]"
> [DEBUG] wire - << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 
> Transitional//EN">[\r][\n]"
> [DEBUG] wire - << "<HTML><HEAD><TITLE>Error Message</TITLE>[\r][\n]"
> [DEBUG] wire - << "<META http-equiv=Content-Type content="text/html; 
> charset=UTF-8">[\r][\n]"
> [DEBUG] wire - << "<STYLE id=L_default_1>A {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #005a80; 
> FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "A:hover {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #0d3372; 
> FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-SIZE: 8pt; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD.titleBorder {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 1px solid; BORDER-TOP: #955319 
> 1px solid; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 12pt; 
> VERTICAL-ALIGN: middle; BORDER-LEFT: #955319 0px solid; COLOR: #955319; 
> BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: tahoma; HEIGHT: 35px; 
> BACKGROUND-COLOR: #d2b87a; TEXT-ALIGN: left[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "TD.titleBorder_x {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 0px solid; BORDER-TOP: #955319 
> 1px solid; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 12pt; 
> VERTICAL-ALIGN: middle; BORDER-LEFT: #955319 1px solid; COLOR: #978c79; 
> BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: tahoma; HEIGHT: 35px; 
> BACKGROUND-COLOR: #d2b87a; TEXT-ALIGN: left[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".TitleDescription {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: bold; FONT-SIZE: 12pt; COLOR: black; 
> FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "SPAN.explain {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: normal; FONT-SIZE: 10pt; COLOR: 
> #934225[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "SPAN.TryThings {[\r][\n]"
> [DEBUG] wire - << "[0x9]FONT-WEIGHT: normal; FONT-SIZE: 10pt; COLOR: 
> #934225[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".TryList {[\r][\n]"
> [DEBUG] wire - << "[0x9]MARGIN-TOP: 5px; FONT-WEIGHT: normal; FONT-SIZE: 8pt; 
> COLOR: black; FONT-FAMILY: tahoma[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".X {[\r][\n]"
> [DEBUG] wire - << "[0x9]BORDER-RIGHT: #955319 1px solid; BORDER-TOP: #955319 
> 1px solid; FONT-WEIGHT: normal; FONT-SIZE: 12pt; BORDER-LEFT: #955319 1px 
> solid; COLOR: #7b3807; BORDER-BOTTOM: #955319 1px solid; FONT-FAMILY: 
> verdana; BACKGROUND-COLOR: #d1c2b4[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << ".adminList {[\r][\n]"
> [DEBUG] wire - << "[0x9]MARGIN-TOP: 2px[\r][\n]"
> [DEBUG] wire - << "}[\r][\n]"
> [DEBUG] wire - << "</STYLE>[\r][\n]"
> [DEBUG] wire - << "<META content="MSHTML 6.00.2800.1170" 
> name=GENERATOR></HEAD>[\r][\n]"
> [DEBUG] wire - << "<BODY bgColor=#f3f3ed>[\r][\n]"
> [DEBUG] wire - << "<TABLE cellSpacing=0 cellPadding=0 width="100%">[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD class=titleborder_x width=30>[\r][\n]"
> [DEBUG] wire - << "      <TABLE height=25 cellSpacing=2 cellPadding=0 
> width=25 bgColor=black>[\r][\n]"
> [DEBUG] wire - << "        <TBODY>[\r][\n]"
> [DEBUG] wire - << "        <TR>[\r][\n]"
> [DEBUG] wire - << "          <TD class=x vAlign=center alig"
> [DEBUG] wire - << "n=middle>X</TD>[\r][\n]"
> [DEBUG] wire - << "        </TR>[\r][\n]"
> [DEBUG] wire - << "        </TBODY>[\r][\n]"
> [DEBUG] wire - << "      </TABLE>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "    <TD class=titleBorder id=L_default_2>Network Access 
> Message:<SPAN class=TitleDescription> The page cannot be displayed</SPAN> 
> </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE id=spacer>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD height=10></TD></TR></TBODY></TABLE>[\r][\n]"
> [DEBUG] wire - << "<TABLE width=400>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD noWrap width=25></TD>[\r][\n]"
> [DEBUG] wire - << "    <TD width=400><SPAN class=explain><ID 
> id=L_default_3><B>Explanation:</B></ID></SPAN><ID id=L_default_4> There is a 
> problem with the page you are trying to reach and it cannot be displayed. 
> </ID><BR><BR>[\r][\n]"
> [DEBUG] wire - << "    <B><SPAN class=tryThings><ID id=L_default_5><B>Try the 
> following:</B></ID></SPAN></B> [\r][\n]"
> [DEBUG] wire - << "      <UL class=TryList>[\r][\n]"
> [DEBUG] wire - << "        <LI id=L_default_6><B>Refresh page:</B> Search for 
> the page again by clicking the Refresh button. The timeout may have occurred 
> due to Internet congestion.[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_7><B>Check spelling:</B> Check that you 
> typed the Web page address correctly. The address may have been 
> mistyped.[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_8><B>Access from a link:</B> If there is 
> a link to the page you are looking for, try accessing the page from that 
> link.[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "      </UL>[\r][\n]"
> [DEBUG] wire - << "<ID id=L_default_9>If you are still not able to view the 
> requested page, try contacting your administrator or Helpdesk.</ID> 
> <BR><BR>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE id=spacer><TBODY><TR><TD 
> height=15></TD></TR></TBODY></TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<TABLE width=400>[\r][\n]"
> [DEBUG] wire - << "  <TBODY>[\r][\n]"
> [DEBUG] wire - << "  <TR>[\r][\n]"
> [DEBUG] wire - << "    <TD noWrap width=25></TD>[\r][\n]"
> [DEBUG] wire - << "    <TD width=400 id=L_default_10><B>Technical Information 
> (for support personnel)</B> [\r][\n]"
> [DEBUG] wire - << "      <UL class=adminList>[\r][\n]"
> [DEBUG] wire - << "        <LI id=L_default_11>Error Code: 407 Proxy 
> Authentication Required. The ISA Server requires authorization to fulfill the 
> request. Access to the Web Proxy filter is denied. (12209)[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_12>IP Address: x.x.x.x[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_13>Date: 6/29/2009 11:15:15 AM 
> [GMT][\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_14>Server: lab1[\r][\n]"
> [DEBUG] wire - << "<LI id=L_default_15>Source: proxy[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "      </UL>[\r][\n]"
> [DEBUG] wire - << "    </TD>[\r][\n]"
> [DEBUG] wire - << "  </TR>[\r][\n]"
> [DEBUG] wire - << "  </TBODY>[\r][\n]"
> [DEBUG] wire - << "</TABLE>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "</BODY>[\r][\n]"
> [DEBUG] wire - << "</HTML>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "Proxy-Authorization: NTLM 
> TlRMTVNTUAABAAAAATIAAAgACAAgAAAADgAOACgAAABNWURPTUFJTkpDSUZTMjMwXzg2Xzkx[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( Access is 
> denied.  )[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM 
> TlRMTVNTUAACAAAAAAAAADgAAAABAgACqbXrIWnZ3i4AAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 0     [EOL]"
> [DEBUG] wire - << "[EOL]"
> [DEBUG] wire - >> "GET http://verisign.com HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "Proxy-Authorization: NTLM 
> TlRMTVNTUAADAAAAGAAYAEAAAAAwADAAWAAAABAAEACIAAAAGgAaAJgAAAAcABwAsgAAAAAAAAAAAAAAAQIAAAXLpW40q7jqh7E6FgFnJqy9529ANaSLqfTiwjyF2BrUP9F8ObYOyYsBAQAAAAAAACDgxRg9+skBRt4mUOFFCs0AAAAAAAAAAE0AWQBEAE8ATQBBAEkATgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEoAQwBJAEYAUwAyADMAMABfADgANgBfADkAMQA=[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 301 Unknown reason[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Content-length: 0[EOL]"
> [DEBUG] wire - << "Date: Mon, 29 Jun 2009 11:16:50 GMT[EOL]"
> [DEBUG] wire - << "Location: http://www.verisign.com/[EOL]";
> [DEBUG] wire - << "Content-type: text/html[EOL]"
> [DEBUG] wire - << "Server: Netscape-Enterprise/4.1[EOL]"
> [DEBUG] wire - << "[EOL]"
> [ERROR] RequestProxyAuthentication - Proxy authentication error: Unexpected 
> state: MSG_TYPE3_GENERATED
> [DEBUG] wire - >> "GET http://www.verisign.com/ HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: www.verisign.com[EOL]"
> [DEBUG] wire - >> "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] wire - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA 
> Server requires authorization to fulfill the request. Access to the Web Proxy 
> filter is denied.  )[EOL]"
> [DEBUG] wire - << "Via: 1.1 lab1[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Negotiate[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Kerberos[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: Basic realm="lab1."[EOL]"
> [DEBUG] wire - << "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Proxy-Connection: Keep-Alive[EOL]"
> [DEBUG] wire - << "Pragma: no-cache[EOL]"
> [DEBUG] wire - << "Cache-Control: no-cache[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 4107  [EOL]"
> [DEBUG] wire - << "[EOL]"
> ----------------------------------------
> HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires 
> authorization to fulfill the request. Access to the Web Proxy filter is 
> denied.  )
> Thanks,
> Raj



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (HTTPCLIENT-856) Proxy NTLM Authentication Redirecting to different address fails saying Proxy Auth Required.

Reply via email to