[jira] [Resolved] (HTTPCLIENT-1970) HttpClient does not support (non preemptive) digest authentication

Oleg Kalnichevski (JIRA) Tue, 26 Feb 2019 08:57:20 -0800


     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Oleg Kalnichevski resolved HTTPCLIENT-1970.
-------------------------------------------
    Resolution: Invalid

When used correctly HttpClient works just fine.

Oleg
{noformat}
Executing request GET http://httpbin.org/digest-auth/auth/user/passwd HTTP/1.1 
to target http://httpbin.org:80
[DEBUG] RequestAddCookies - CookieSpec selected: default
[DEBUG] RequestAuthCache - Auth cache not set in the context
[DEBUG] PoolingHttpClientConnectionManager - Connection request: [route: 
{}->http://httpbin.org:80][total kept alive: 0; route allocated: 0 of 2; total 
allocated: 0 of 20]
[DEBUG] PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: 
{}->http://httpbin.org:80][total kept alive: 0; route allocated: 1 of 2; total 
allocated: 1 of 20]
[DEBUG] MainClientExec - Opening connection {}->http://httpbin.org:80
[DEBUG] DefaultHttpClientConnectionOperator - Connecting to 
httpbin.org/52.71.234.219:80
[DEBUG] DefaultHttpClientConnectionOperator - Connection established 
192.168.8.104:58656<->52.71.234.219:80
[DEBUG] MainClientExec - Executing request GET /digest-auth/auth/user/passwd 
HTTP/1.1
[DEBUG] MainClientExec - Target auth state: UNCHALLENGED
[DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
[DEBUG] headers - http-outgoing-0 >> GET /digest-auth/auth/user/passwd HTTP/1.1
[DEBUG] headers - http-outgoing-0 >> Host: httpbin.org
[DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] headers - http-outgoing-0 >> User-Agent: 
Apache-HttpClient/4.5.8-SNAPSHOT (Java/1.6.0_45)
[DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] headers - http-outgoing-0 << HTTP/1.1 401 UNAUTHORIZED
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Credentials: true
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] headers - http-outgoing-0 << Content-Type: text/html; charset=utf-8
[DEBUG] headers - http-outgoing-0 << Date: Tue, 26 Feb 2019 16:54:46 GMT
[DEBUG] headers - http-outgoing-0 << Server: nginx
[DEBUG] headers - http-outgoing-0 << Set-Cookie: stale_after=never; Path=/
[DEBUG] headers - http-outgoing-0 << Set-Cookie: fake=fake_value; Path=/
[DEBUG] headers - http-outgoing-0 << WWW-Authenticate: Digest 
realm="[email protected]", nonce="1b33760699d56bfd9f082ab0a26c02ae", 
qop="auth", opaque="b99ee2503a513867924899c28e59c3a9", algorithm=MD5, 
stale=FALSE
[DEBUG] headers - http-outgoing-0 << Content-Length: 0
[DEBUG] headers - http-outgoing-0 << Connection: keep-alive
[DEBUG] MainClientExec - Connection can be kept alive indefinitely
[DEBUG] HttpAuthenticator - Authentication required
[DEBUG] HttpAuthenticator - httpbin.org:80 requested authentication
[DEBUG] TargetAuthenticationStrategy - Authentication schemes in the order of 
preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
[DEBUG] TargetAuthenticationStrategy - Challenge for Negotiate authentication 
scheme not available
[DEBUG] TargetAuthenticationStrategy - Challenge for Kerberos authentication 
scheme not available
[DEBUG] TargetAuthenticationStrategy - Challenge for NTLM authentication scheme 
not available
[DEBUG] TargetAuthenticationStrategy - Challenge for CredSSP authentication 
scheme not available
[DEBUG] TargetAuthenticationStrategy - Challenge for Basic authentication 
scheme not available
[DEBUG] HttpAuthenticator - Selected authentication options: [DIGEST 
[complete=true, nonce=null, nc=0]]
[DEBUG] MainClientExec - Executing request GET /digest-auth/auth/user/passwd 
HTTP/1.1
[DEBUG] MainClientExec - Target auth state: CHALLENGED
[DEBUG] HttpAuthenticator - Generating response to an authentication challenge 
using digest scheme
[DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
[DEBUG] headers - http-outgoing-0 >> GET /digest-auth/auth/user/passwd HTTP/1.1
[DEBUG] headers - http-outgoing-0 >> Host: httpbin.org
[DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] headers - http-outgoing-0 >> User-Agent: 
Apache-HttpClient/4.5.8-SNAPSHOT (Java/1.6.0_45)
[DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] headers - http-outgoing-0 >> Authorization: Digest username="user", 
realm="[email protected]", nonce="1b33760699d56bfd9f082ab0a26c02ae", 
uri="/digest-auth/auth/user/passwd", 
response="4cf81f9122072a78772899ac734fc733", qop=auth, nc=00000001, 
cnonce="528e79c8918a05e6", algorithm=MD5, 
opaque="b99ee2503a513867924899c28e59c3a9"
[DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Credentials: true
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] headers - http-outgoing-0 << Content-Encoding: gzip
[DEBUG] headers - http-outgoing-0 << Content-Type: application/json
[DEBUG] headers - http-outgoing-0 << Date: Tue, 26 Feb 2019 16:54:46 GMT
[DEBUG] headers - http-outgoing-0 << Server: nginx
[DEBUG] headers - http-outgoing-0 << Set-Cookie: fake=fake_value; Path=/
[DEBUG] headers - http-outgoing-0 << Content-Length: 59
[DEBUG] headers - http-outgoing-0 << Connection: keep-alive
[DEBUG] MainClientExec - Connection can be kept alive indefinitely
[DEBUG] HttpAuthenticator - Authentication succeeded
[DEBUG] ResponseProcessCookies - Cookie accepted [fake="fake_value", version:0, 
domain:httpbin.org, path:/, expiry:null]
----------------------------------------
HTTP/1.1 200 OK
[DEBUG] PoolingHttpClientConnectionManager - Connection [id: 0][route: 
{}->http://httpbin.org:80] can be kept alive indefinitely
[DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: set socket 
timeout to 0
[DEBUG] PoolingHttpClientConnectionManager - Connection released: [id: 
0][route: {}->http://httpbin.org:80][total kept alive: 1; route allocated: 1 of 
2; total allocated: 1 of 20]
{
  "authenticated": true, 
  "user": "user"
}

[DEBUG] RequestAddCookies - CookieSpec selected: default
[DEBUG] RequestAddCookies - Cookie [version: 0][name: fake][value: 
fake_value][domain: httpbin.org][path: /][expiry: null] match 
[httpbin.org:80/digest-auth/auth/user/passwd]
[DEBUG] RequestAuthCache - Auth cache not set in the context
[DEBUG] PoolingHttpClientConnectionManager - Connection request: [route: 
{}->http://httpbin.org:80][total kept alive: 1; route allocated: 1 of 2; total 
allocated: 1 of 20]
[DEBUG] PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: 
{}->http://httpbin.org:80][total kept alive: 0; route allocated: 1 of 2; total 
allocated: 1 of 20]
[DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: set socket 
timeout to 0
[DEBUG] MainClientExec - Executing request GET /digest-auth/auth/user/passwd 
HTTP/1.1
[DEBUG] MainClientExec - Target auth state: SUCCESS
[DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
[DEBUG] headers - http-outgoing-0 >> GET /digest-auth/auth/user/passwd HTTP/1.1
[DEBUG] headers - http-outgoing-0 >> Host: httpbin.org
[DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] headers - http-outgoing-0 >> User-Agent: 
Apache-HttpClient/4.5.8-SNAPSHOT (Java/1.6.0_45)
[DEBUG] headers - http-outgoing-0 >> Cookie: fake=fake_value
[DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] headers - http-outgoing-0 >> Authorization: Digest username="user", 
realm="[email protected]", nonce="1b33760699d56bfd9f082ab0a26c02ae", 
uri="/digest-auth/auth/user/passwd", 
response="018f914bb0296baacfd64e9586e2f687", qop=auth, nc=00000002, 
cnonce="528e79c8918a05e6", algorithm=MD5, 
opaque="b99ee2503a513867924899c28e59c3a9"
[DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Credentials: true
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] headers - http-outgoing-0 << Content-Encoding: gzip
[DEBUG] headers - http-outgoing-0 << Content-Type: application/json
[DEBUG] headers - http-outgoing-0 << Date: Tue, 26 Feb 2019 16:54:47 GMT
[DEBUG] headers - http-outgoing-0 << Server: nginx
[DEBUG] headers - http-outgoing-0 << Set-Cookie: fake=fake_value; Path=/
[DEBUG] headers - http-outgoing-0 << Content-Length: 59
[DEBUG] headers - http-outgoing-0 << Connection: keep-alive
[DEBUG] MainClientExec - Connection can be kept alive indefinitely
[DEBUG] ResponseProcessCookies - Cookie accepted [fake="fake_value", version:0, 
domain:httpbin.org, path:/, expiry:null]
----------------------------------------
HTTP/1.1 200 OK
[DEBUG] PoolingHttpClientConnectionManager - Connection [id: 0][route: 
{}->http://httpbin.org:80] can be kept alive indefinitely
[DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: set socket 
timeout to 0
[DEBUG] PoolingHttpClientConnectionManager - Connection released: [id: 
0][route: {}->http://httpbin.org:80][total kept alive: 1; route allocated: 1 of 
2; total allocated: 1 of 20]
{
  "authenticated": true, 
  "user": "user"
}

[DEBUG] RequestAddCookies - CookieSpec selected: default
[DEBUG] RequestAddCookies - Cookie [version: 0][name: fake][value: 
fake_value][domain: httpbin.org][path: /][expiry: null] match 
[httpbin.org:80/digest-auth/auth/user/passwd]
[DEBUG] RequestAuthCache - Auth cache not set in the context
[DEBUG] PoolingHttpClientConnectionManager - Connection request: [route: 
{}->http://httpbin.org:80][total kept alive: 1; route allocated: 1 of 2; total 
allocated: 1 of 20]
[DEBUG] PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: 
{}->http://httpbin.org:80][total kept alive: 0; route allocated: 1 of 2; total 
allocated: 1 of 20]
[DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: set socket 
timeout to 0
[DEBUG] MainClientExec - Executing request GET /digest-auth/auth/user/passwd 
HTTP/1.1
[DEBUG] MainClientExec - Target auth state: SUCCESS
[DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED
[DEBUG] headers - http-outgoing-0 >> GET /digest-auth/auth/user/passwd HTTP/1.1
[DEBUG] headers - http-outgoing-0 >> Host: httpbin.org
[DEBUG] headers - http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] headers - http-outgoing-0 >> User-Agent: 
Apache-HttpClient/4.5.8-SNAPSHOT (Java/1.6.0_45)
[DEBUG] headers - http-outgoing-0 >> Cookie: fake=fake_value
[DEBUG] headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] headers - http-outgoing-0 >> Authorization: Digest username="user", 
realm="[email protected]", nonce="1b33760699d56bfd9f082ab0a26c02ae", 
uri="/digest-auth/auth/user/passwd", 
response="23155c348c17b56017895d0525a4f4d7", qop=auth, nc=00000003, 
cnonce="528e79c8918a05e6", algorithm=MD5, 
opaque="b99ee2503a513867924899c28e59c3a9"
[DEBUG] headers - http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Credentials: true
[DEBUG] headers - http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] headers - http-outgoing-0 << Content-Encoding: gzip
[DEBUG] headers - http-outgoing-0 << Content-Type: application/json
[DEBUG] headers - http-outgoing-0 << Date: Tue, 26 Feb 2019 16:54:47 GMT
[DEBUG] headers - http-outgoing-0 << Server: nginx
[DEBUG] headers - http-outgoing-0 << Set-Cookie: fake=fake_value; Path=/
[DEBUG] headers - http-outgoing-0 << Content-Length: 59
[DEBUG] headers - http-outgoing-0 << Connection: keep-alive
[DEBUG] MainClientExec - Connection can be kept alive indefinitely
[DEBUG] ResponseProcessCookies - Cookie accepted [fake="fake_value", version:0, 
domain:httpbin.org, path:/, expiry:null]
----------------------------------------
HTTP/1.1 200 OK
[DEBUG] PoolingHttpClientConnectionManager - Connection [id: 0][route: 
{}->http://httpbin.org:80] can be kept alive indefinitely
[DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: set socket 
timeout to 0
[DEBUG] PoolingHttpClientConnectionManager - Connection released: [id: 
0][route: {}->http://httpbin.org:80][total kept alive: 1; route allocated: 1 of 
2; total allocated: 1 of 20]
{
  "authenticated": true, 
  "user": "user"
}

[DEBUG] PoolingHttpClientConnectionManager - Connection manager is shutting down
[DEBUG] DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
[DEBUG] PoolingHttpClientConnectionManager - Connection manager shut down
{noformat}


> HttpClient does not support (non preemptive) digest authentication 
> -------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1970
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1970
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (classic)
>    Affects Versions: 4.5.6
>            Reporter: Cisto Cyriac
>            Priority: Major
>
> In HttpClient 4.5.6 the preemptive digest authentication works, however 
> non-Preemptive digest authentication does not work.  We found this issue when 
> the HttpClient library was upgraded from 4.4.1 to 4.5.6.  
> As per  rfc2617  https://tools.ietf.org/html/rfc2617#section-3.2.1
> nonce  is a server-specified data string which should be uniquely generated 
> each time a 401 response is made.
> This issue can  be reproduced by commenting out the following two digest 
> authentication override parameters in the preemptive auth example in 
> https://hc.apache.org/httpcomponents-client-4.5.x/httpclient/examples/org/apache/http/examples/client/ClientPreemptiveDigestAuthentication.java
>  
> DigestScheme digestAuth = new DigestScheme();
> // Suppose we already know the realm name
> //digestAuth.overrideParamter("realm", "some realm");
> // Suppose we already know the expected nonce value
> //digestAuth.overrideParamter("nonce", "whatever");



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Resolved] (HTTPCLIENT-1970) HttpClient does not support (non preemptive) digest authentication

Reply via email to