[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector

Michael Osipov (JIRA) Thu, 17 Jan 2019 08:32:27 -0800


    [ 
https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16745267#comment-16745267
 ]


Michael Osipov commented on CONNECTORS-1564:
--------------------------------------------

OK friends, here is minimal working example with HttpClient 4.5.6 against 
latest Apache Web Server:

Anonymous endpoint:
{code:java}
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;

import org.apache.http.HttpEntity;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

public class ExpectContinueTest {

        public static void main(String[] args) throws IOException {
                HttpClientBuilder builder = HttpClientBuilder.create();
                RequestConfig rc = 
RequestConfig.custom().setExpectContinueEnabled(true).build();
                builder.setDefaultRequestConfig(rc);

                try (CloseableHttpClient httpClient = builder.build();
                                InputStream is = 
Files.newInputStream(Paths.get("D:", "metadata.dmp"))) {

                        HttpPost method = new HttpPost(
                                        
"https://blnn719x.ad001.siemens.net/~osipovmi/CONNECTORS-1564.php";);
                        HttpEntity entity = new InputStreamEntity(is);
                        method.setEntity(entity);
                        CloseableHttpResponse response = 
httpClient.execute(method);
                        EntityUtils.consumeQuietly(response.getEntity());
                        response.close();

                }

        }

}
{code}

Log ouput:
{noformat}
655 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec 
selected: default
665 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache 
not set in the context
666 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - 
Connection request: [route: {s}->https://blnn719x.ad001.siemens.net:443][total 
kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
683 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - 
Connection leased: [id: 0][route: 
{s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route 
allocated: 1 of 2; total allocated: 1 of 20]
684 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening 
connection {s}->https://blnn719x.ad001.siemens.net:443
695 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator 
- Connecting to blnn719x.ad001.siemens.net/147.54.64.19:443
695 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - 
Connecting socket to blnn719x.ad001.siemens.net/147.54.64.19:443 with timeout 0
754 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled 
protocols: [TLSv1, TLSv1.1, TLSv1.2]
754 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled 
cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, 
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
754 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting 
handshake
938 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure 
session established
939 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  
negotiated protocol: TLSv1.2
939 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  
negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
939 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer 
principal: CN=blnn719x.ad001.siemens.net, OU=PD LD AP DW, O=Siemens, C=DE
939 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer 
alternative names: [blnn719x.ad001.siemens.net]
939 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer 
principal: CN=Siemens Issuing CA Intranet Server 2017, OU=Siemens Trust Center, 
SERIALNUMBER=ZZZZZZB7, O=Siemens, L=Muenchen, ST=Bayern, C=DE
942 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator 
- Connection established 147.54.65.49:56942<->147.54.64.19:443
942 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing 
request POST /~osipovmi/CONNECTORS-1564.php HTTP/1.1
942 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth 
state: UNCHALLENGED
943 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth 
state: UNCHALLENGED
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST 
/~osipovmi/CONNECTORS-1564.php HTTP/1.1
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> 
Transfer-Encoding: chunked
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: 
blnn719x.ad001.siemens.net
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: 
Keep-Alive
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: 
Apache-HttpClient/4.5.6 (Java/1.8.0_181)
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Expect: 
100-continue
944 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: 
gzip,deflate
951 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 100 
Continue
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 200 OK
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Thu, 17 
Jan 2019 16:09:43 GMT
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: 
Apache/2.4.37 (FreeBSD) OpenSSL/1.0.2q PHP/7.2.13 SVN/1.9.9 
mod_auth_gssapi/1.6.1
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Frame-Options: 
SAMEORIGIN
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Powered-By: 
PHP/7.2.13
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 0
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Keep-Alive: 
timeout=300, max=1000
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: 
Keep-Alive
1112 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: 
text/html; charset=UTF-8
1117 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection 
can be kept alive for 300000 MILLISECONDS
1118 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager 
- Connection [id: 0][route: {s}->https://blnn719x.ad001.siemens.net:443] can be 
kept alive for 300.0 seconds
1118 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection 
- http-outgoing-0: set socket timeout to 0
1118 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager 
- Connection released: [id: 0][route: 
{s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 1; route 
allocated: 1 of 2; total allocated: 1 of 20]
1121 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager 
- Connection manager is shutting down
1121 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection 
- http-outgoing-0: Close connection
1122 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager 
- Connection manager shut down
{noformat}

Basic endpoint:
{code:java}
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;

import org.apache.http.HttpEntity;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

public class ExpectContinueTest {

        public static void main(String[] args) throws IOException {
                HttpClientBuilder builder = HttpClientBuilder.create();
                RequestConfig rc = 
RequestConfig.custom().setExpectContinueEnabled(true).build();
                builder.setDefaultRequestConfig(rc);

                try (CloseableHttpClient httpClient = builder.build();
                                InputStream is = 
Files.newInputStream(Paths.get("D:", "metadata.dmp"))) {

                        HttpPost method = new HttpPost(
                                        
"https://blnn719x.ad001.siemens.net/~osipovmi/basic/CONNECTORS-1564.php";);
                        HttpEntity entity = new InputStreamEntity(is);
                        method.setEntity(entity);
                        CloseableHttpResponse response = 
httpClient.execute(method);
                        EntityUtils.consumeQuietly(response.getEntity());
                        response.close();

                }

        }

}
{code}

No credentials provided:
{noformat}
679 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec 
selected: default
695 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache 
not set in the context
696 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - 
Connection request: [route: {s}->https://blnn719x.ad001.siemens.net:443][total 
kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
712 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - 
Connection leased: [id: 0][route: 
{s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route 
allocated: 1 of 2; total allocated: 1 of 20]
714 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening 
connection {s}->https://blnn719x.ad001.siemens.net:443
726 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator 
- Connecting to blnn719x.ad001.siemens.net/147.54.64.19:443
726 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - 
Connecting socket to blnn719x.ad001.siemens.net/147.54.64.19:443 with timeout 0
785 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled 
protocols: [TLSv1, TLSv1.1, TLSv1.2]
785 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled 
cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, 
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
785 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting 
handshake
956 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure 
session established
956 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  
negotiated protocol: TLSv1.2
956 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  
negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
956 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer 
principal: CN=blnn719x.ad001.siemens.net, OU=PD LD AP DW, O=Siemens, C=DE
956 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer 
alternative names: [blnn719x.ad001.siemens.net]
956 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer 
principal: CN=Siemens Issuing CA Intranet Server 2017, OU=Siemens Trust Center, 
SERIALNUMBER=ZZZZZZB7, O=Siemens, L=Muenchen, ST=Bayern, C=DE
960 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator 
- Connection established 147.54.65.49:57003<->147.54.64.19:443
960 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing 
request POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
960 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth 
state: UNCHALLENGED
960 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth 
state: UNCHALLENGED
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST 
/~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> 
Transfer-Encoding: chunked
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: 
blnn719x.ad001.siemens.net
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: 
Keep-Alive
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: 
Apache-HttpClient/4.5.6 (Java/1.8.0_181)
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Expect: 
100-continue
961 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: 
gzip,deflate
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 401 
Unauthorized
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Thu, 17 Jan 
2019 16:13:47 GMT
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: 
Apache/2.4.37 (FreeBSD) OpenSSL/1.0.2q PHP/7.2.13 SVN/1.9.9 
mod_auth_gssapi/1.6.1
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Frame-Options: 
SAMEORIGIN
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << WWW-Authenticate: 
Basic realm="CONNECTORS-1564 Realm"
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 
533
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: close
970 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: 
text/html; charset=iso-8859-1
972 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication 
required
972 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - 
blnn719x.ad001.siemens.net:443 requested authentication
972 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, 
CredSSP, Digest, Basic]
972 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for Negotiate authentication scheme not available
972 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for Kerberos authentication scheme not available
972 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for NTLM authentication scheme not available
972 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for CredSSP authentication scheme not available
972 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for Digest authentication scheme not available
980 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - 
http-outgoing-0: Close connection
981 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection 
discarded
981 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - 
Connection released: [id: 0][route: 
{s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route 
allocated: 0 of 2; total allocated: 0 of 20]
981 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - 
Connection manager is shutting down
982 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - 
Connection manager shut down
{noformat}

Invalid credentials provided:
{code:java}
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;

import org.apache.http.HttpEntity;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

public class ExpectContinueTest {

        public static void main(String[] args) throws IOException {
                CredentialsProvider cp = new BasicCredentialsProvider();
                Credentials c = new UsernamePasswordCredentials("expect", 
"magic");
                cp.setCredentials(AuthScope.ANY, c);

                HttpClientBuilder builder = HttpClientBuilder.create();
                RequestConfig rc = 
RequestConfig.custom().setExpectContinueEnabled(true).build();
                builder.setDefaultRequestConfig(rc);
                builder.setDefaultCredentialsProvider(cp);

                try (CloseableHttpClient httpClient = builder.build();
                                InputStream is = 
Files.newInputStream(Paths.get("D:", "metadata.dmp"))) {

                        HttpPost method = new HttpPost(
                                        
"https://blnn719x.ad001.siemens.net/~osipovmi/basic/CONNECTORS-1564.php";);
                        HttpEntity entity = new InputStreamEntity(is);
                        method.setEntity(entity);
                        CloseableHttpResponse response = 
httpClient.execute(method);
                        EntityUtils.consumeQuietly(response.getEntity());
                        response.close();

                }

        }

}
{code}

Failed authentication:
{noformat}
696 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec 
selected: default
705 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache 
not set in the context
709 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - 
Connection request: [route: {s}->https://blnn719x.ad001.siemens.net:443][total 
kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
724 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - 
Connection leased: [id: 0][route: 
{s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route 
allocated: 1 of 2; total allocated: 1 of 20]
725 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening 
connection {s}->https://blnn719x.ad001.siemens.net:443
735 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator 
- Connecting to blnn719x.ad001.siemens.net/147.54.64.19:443
736 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - 
Connecting socket to blnn719x.ad001.siemens.net/147.54.64.19:443 with timeout 0
798 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled 
protocols: [TLSv1, TLSv1.1, TLSv1.2]
798 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled 
cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, 
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
798 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting 
handshake
981 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure 
session established
981 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  
negotiated protocol: TLSv1.2
981 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  
negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
981 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer 
principal: CN=blnn719x.ad001.siemens.net, OU=PD LD AP DW, O=Siemens, C=DE
982 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer 
alternative names: [blnn719x.ad001.siemens.net]
982 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer 
principal: CN=Siemens Issuing CA Intranet Server 2017, OU=Siemens Trust Center, 
SERIALNUMBER=ZZZZZZB7, O=Siemens, L=Muenchen, ST=Bayern, C=DE
986 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator 
- Connection established 147.54.65.49:57083<->147.54.64.19:443
986 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing 
request POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
986 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth 
state: UNCHALLENGED
987 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth 
state: UNCHALLENGED
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST 
/~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> 
Transfer-Encoding: chunked
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: 
blnn719x.ad001.siemens.net
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: 
Keep-Alive
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: 
Apache-HttpClient/4.5.6 (Java/1.8.0_181)
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Expect: 
100-continue
988 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: 
gzip,deflate
998 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 401 
Unauthorized
998 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Thu, 17 Jan 
2019 16:18:17 GMT
999 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: 
Apache/2.4.37 (FreeBSD) OpenSSL/1.0.2q PHP/7.2.13 SVN/1.9.9 
mod_auth_gssapi/1.6.1
999 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Frame-Options: 
SAMEORIGIN
999 [main] DEBUG org.apache.http.headers - http-outgoing-0 << WWW-Authenticate: 
Basic realm="CONNECTORS-1564 Realm"
999 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 
533
999 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: close
999 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: 
text/html; charset=iso-8859-1
1000 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication 
required
1000 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - 
blnn719x.ad001.siemens.net:443 requested authentication
1001 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, 
CredSSP, Digest, Basic]
1001 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for Negotiate authentication scheme not available
1001 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for Kerberos authentication scheme not available
1001 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for NTLM authentication scheme not available
1001 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for CredSSP authentication scheme not available
1001 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for Digest authentication scheme not available
1006 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Selected 
authentication options: [BASIC [complete=true]]
1006 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection 
- http-outgoing-0: Close connection
1006 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening 
connection {s}->https://blnn719x.ad001.siemens.net:443
1007 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator 
- Connecting to blnn719x.ad001.siemens.net/147.54.64.19:443
1007 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - 
Connecting socket to blnn719x.ad001.siemens.net/147.54.64.19:443 with timeout 0
1010 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled 
protocols: [TLSv1, TLSv1.1, TLSv1.2]
1010 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled 
cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, 
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
1010 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - 
Starting handshake
1121 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure 
session established
1121 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  
negotiated protocol: TLSv1.2
1122 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  
negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1122 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer 
principal: CN=blnn719x.ad001.siemens.net, OU=PD LD AP DW, O=Siemens, C=DE
1122 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer 
alternative names: [blnn719x.ad001.siemens.net]
1122 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer 
principal: CN=Siemens Issuing CA Intranet Server 2017, OU=Siemens Trust Center, 
SERIALNUMBER=ZZZZZZB7, O=Siemens, L=Muenchen, ST=Bayern, C=DE
1123 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator 
- Connection established 147.54.65.49:57084<->147.54.64.19:443
1123 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing 
request POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
1123 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth 
state: CHALLENGED
1123 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Generating 
response to an authentication challenge using basic scheme
1128 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth 
state: UNCHALLENGED
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST 
/~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> 
Transfer-Encoding: chunked
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: 
blnn719x.ad001.siemens.net
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: 
Keep-Alive
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: 
Apache-HttpClient/4.5.6 (Java/1.8.0_181)
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Expect: 
100-continue
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: 
gzip,deflate
1128 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Authorization: 
Basic ZXhwZWN0Om1hZ2lj
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 401 
Unauthorized
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Thu, 17 
Jan 2019 16:18:17 GMT
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: 
Apache/2.4.37 (FreeBSD) OpenSSL/1.0.2q PHP/7.2.13 SVN/1.9.9 
mod_auth_gssapi/1.6.1
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Frame-Options: 
SAMEORIGIN
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << 
WWW-Authenticate: Basic realm="CONNECTORS-1564 Realm"
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 
533
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: close
1133 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: 
text/html; charset=iso-8859-1
1133 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication 
required
1133 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - 
blnn719x.ad001.siemens.net:443 requested authentication
1133 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authorization 
challenge processed
1134 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication 
failed
1137 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection 
- http-outgoing-0: Close connection
1137 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection 
discarded
1138 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager 
- Connection released: [id: 0][route: 
{s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route 
allocated: 0 of 2; total allocated: 0 of 20]
1138 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager 
- Connection manager is shutting down
1138 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager 
- Connection manager shut down
{noformat}

Proper credentials:
{code:java}
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;

import org.apache.http.HttpEntity;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

public class ExpectContinueTest {

        public static void main(String[] args) throws IOException {
                CredentialsProvider cp = new BasicCredentialsProvider();
                Credentials c = new UsernamePasswordCredentials("michaelo", 
"expect-magic");
                cp.setCredentials(AuthScope.ANY, c);

                HttpClientBuilder builder = HttpClientBuilder.create();
                RequestConfig rc = 
RequestConfig.custom().setExpectContinueEnabled(true).build();
                builder.setDefaultRequestConfig(rc);
                builder.setDefaultCredentialsProvider(cp);

                try (CloseableHttpClient httpClient = builder.build();
                                InputStream is = 
Files.newInputStream(Paths.get("D:", "metadata.dmp"))) {

                        HttpPost method = new HttpPost(
                                        
"https://blnn719x.ad001.siemens.net/~osipovmi/basic/CONNECTORS-1564.php";);
                        HttpEntity entity = new InputStreamEntity(is);
                        method.setEntity(entity);
                        CloseableHttpResponse response = 
httpClient.execute(method);
                        EntityUtils.consumeQuietly(response.getEntity());
                        response.close();

                }

        }

}
{code}

Successful authentication:
{noformat}
589 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec 
selected: default
598 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache 
not set in the context
601 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - 
Connection request: [route: {s}->https://blnn719x.ad001.siemens.net:443][total 
kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
613 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - 
Connection leased: [id: 0][route: 
{s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 0; route 
allocated: 1 of 2; total allocated: 1 of 20]
615 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening 
connection {s}->https://blnn719x.ad001.siemens.net:443
627 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator 
- Connecting to blnn719x.ad001.siemens.net/147.54.64.19:443
627 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - 
Connecting socket to blnn719x.ad001.siemens.net/147.54.64.19:443 with timeout 0
685 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled 
protocols: [TLSv1, TLSv1.1, TLSv1.2]
685 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled 
cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, 
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
685 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting 
handshake
865 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure 
session established
865 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  
negotiated protocol: TLSv1.2
865 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  
negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
865 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer 
principal: CN=blnn719x.ad001.siemens.net, OU=PD LD AP DW, O=Siemens, C=DE
866 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer 
alternative names: [blnn719x.ad001.siemens.net]
866 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer 
principal: CN=Siemens Issuing CA Intranet Server 2017, OU=Siemens Trust Center, 
SERIALNUMBER=ZZZZZZB7, O=Siemens, L=Muenchen, ST=Bayern, C=DE
869 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator 
- Connection established 147.54.65.49:57122<->147.54.64.19:443
869 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing 
request POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
869 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth 
state: UNCHALLENGED
869 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth 
state: UNCHALLENGED
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST 
/~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> 
Transfer-Encoding: chunked
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: 
blnn719x.ad001.siemens.net
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: 
Keep-Alive
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: 
Apache-HttpClient/4.5.6 (Java/1.8.0_181)
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Expect: 
100-continue
870 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: 
gzip,deflate
879 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 401 
Unauthorized
879 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Thu, 17 Jan 
2019 16:20:17 GMT
879 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: 
Apache/2.4.37 (FreeBSD) OpenSSL/1.0.2q PHP/7.2.13 SVN/1.9.9 
mod_auth_gssapi/1.6.1
879 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Frame-Options: 
SAMEORIGIN
879 [main] DEBUG org.apache.http.headers - http-outgoing-0 << WWW-Authenticate: 
Basic realm="CONNECTORS-1564 Realm"
880 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 
533
880 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: close
880 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: 
text/html; charset=iso-8859-1
881 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication 
required
881 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - 
blnn719x.ad001.siemens.net:443 requested authentication
882 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, 
CredSSP, Digest, Basic]
882 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for Negotiate authentication scheme not available
882 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for Kerberos authentication scheme not available
882 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for NTLM authentication scheme not available
882 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for CredSSP authentication scheme not available
882 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Challenge for Digest authentication scheme not available
886 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Selected 
authentication options: [BASIC [complete=true]]
886 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - 
http-outgoing-0: Close connection
887 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening 
connection {s}->https://blnn719x.ad001.siemens.net:443
887 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator 
- Connecting to blnn719x.ad001.siemens.net/147.54.64.19:443
887 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - 
Connecting socket to blnn719x.ad001.siemens.net/147.54.64.19:443 with timeout 0
889 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled 
protocols: [TLSv1, TLSv1.1, TLSv1.2]
889 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled 
cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, 
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
889 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting 
handshake
997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure 
session established
997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  
negotiated protocol: TLSv1.2
997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  
negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer 
principal: CN=blnn719x.ad001.siemens.net, OU=PD LD AP DW, O=Siemens, C=DE
997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer 
alternative names: [blnn719x.ad001.siemens.net]
997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer 
principal: CN=Siemens Issuing CA Intranet Server 2017, OU=Siemens Trust Center, 
SERIALNUMBER=ZZZZZZB7, O=Siemens, L=Muenchen, ST=Bayern, C=DE
997 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator 
- Connection established 147.54.65.49:57123<->147.54.64.19:443
997 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing 
request POST /~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
997 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth 
state: CHALLENGED
998 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Generating 
response to an authentication challenge using basic scheme
1002 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth 
state: UNCHALLENGED
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST 
/~osipovmi/basic/CONNECTORS-1564.php HTTP/1.1
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> 
Transfer-Encoding: chunked
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: 
blnn719x.ad001.siemens.net
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: 
Keep-Alive
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: 
Apache-HttpClient/4.5.6 (Java/1.8.0_181)
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Expect: 
100-continue
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: 
gzip,deflate
1002 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Authorization: 
Basic bWljaGFlbG86ZXhwZWN0LW1hZ2lj
1007 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 100 
Continue
1179 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 200 OK
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Thu, 17 
Jan 2019 16:20:17 GMT
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: 
Apache/2.4.37 (FreeBSD) OpenSSL/1.0.2q PHP/7.2.13 SVN/1.9.9 
mod_auth_gssapi/1.6.1
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Frame-Options: 
SAMEORIGIN
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << X-Powered-By: 
PHP/7.2.13
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 0
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Keep-Alive: 
timeout=300, max=1000
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: 
Keep-Alive
1180 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: 
text/html; charset=UTF-8
1181 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection 
can be kept alive for 300000 MILLISECONDS
1181 [main] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication 
succeeded
1181 [main] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - 
Caching 'basic' auth scheme for https://blnn719x.ad001.siemens.net:443
1188 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager 
- Connection [id: 0][route: {s}->https://blnn719x.ad001.siemens.net:443] can be 
kept alive for 300.0 seconds
1188 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection 
- http-outgoing-0: set socket timeout to 0
1188 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager 
- Connection released: [id: 0][route: 
{s}->https://blnn719x.ad001.siemens.net:443][total kept alive: 1; route 
allocated: 1 of 2; total allocated: 1 of 20]
1191 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager 
- Connection manager is shutting down
1191 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection 
- http-outgoing-0: Close connection
1191 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager 
- Connection manager shut down
{noformat}

PHP script:
{code}
$ less CONNECTORS-1564.php
<?php
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
file_put_contents('/tmp/CONNECTORS-1564.bin', file_get_contents('php://input'));
}

?>
{code}

I can repeat the same test with Tomcat, but the result won't change.

If you happen to run Tomcat behind Apache Web Server as reverse proxy, the 
expect *won't* work. You will suffer from 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60330. If this is your case, 
please reach out to Jean-Frédéric and Yann. I need this backport too.

> Support preemptive authentication to Solr connector
> ---------------------------------------------------
>
>                 Key: CONNECTORS-1564
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
>             Project: ManifoldCF
>          Issue Type: Improvement
>          Components: Lucene/SOLR connector
>            Reporter: Erlend Garåsen
>            Assignee: Karl Wright
>            Priority: Major
>         Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic 
> authentication. This will make the communication between ManifoldCF and Solr 
> much more effective instead of the following:
>  * Send a HTTP POST request to Solr
>  * Solr sends a 401 response
>  * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector

Reply via email to