On Wed, Jun 29, 2005 at 10:34:38AM -0700, David Parks wrote: > Thanks for the reply Oleg. This is what I figured, but I cannot see how to > use different authentication schemes for the Proxy vs. the Site > authentication challenge. > > I tried adding the code suggested in the Authentication tutorial: > > List authPrefs = new ArrayList(2); > authPrefs.add(AuthPolicy.DIGEST); > authPrefs.add(AuthPolicy.BASIC); > authPrefs.add(AuthPolicy.NTLM); > This will exclude the NTLM authentication scheme > httpclient.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, > authPrefs); > > I got a message stating that it was attempting BASIC authentication for the > Proxy and that it failed (probably because the domain doesn't get passed I > guess). So my thought is that I need NTLM for the proxy authentication and > Basic will work for the site authentication. > > The question I am then working on is how to direct the HttpClient to select > that order of authentication methods. If I let it take NTLM as the preffered > authentication method then it will try to authenticate both challenges with > NTLM. > > I sure there is just some little detail I'm missing here somewhere, it's just > hard to find it. >
David, I see the problem. This will require a patch and a new parameter. Luckily the preference API introduced in HttpClient 3.0 allows up to add parameters quite easily. Please file a feature request with Bugzilla ASAP and I'll do my best to hack up a patch before I leave for holidays (that is Friday, July 1st) Oleg > Thanks a lot! > David > > > On Wed, 29 Jun 2005 19:17:24 +0200, Oleg Kalnichevski wrote: > >?On Wed, Jun 29, 2005 at 09:53:07AM -0700, David Parks wrote: > > > >>?Hi all, > >>?I am trying to authenticate to a server via a proxy which also > >>?requires authentication. It seems that I can get either the proxy > >>?authentication to work OR the site authentication to work, but > >>?not both. > >> > >>?Both seem to work independently when I set the credentials (or > >>?proxy credentials) using NTCredentials (e.g. if I connect to the > >>?site from a network not using a proxy I can get it to work, and I > >>?can authenticate to the proxy only to get a 401 authentication > >>?failed from the server when using the proxy). > >> > >>?I read in the Authentication tutorial that you can't authenticate > >>?using NTLM to both the proxy and site, so I'm trying various > >>?combinations of authentication, but I can't find any > >>?documentation that specifically covers this case and I feel like > >>?I'm just taking stabs in the dark right now. > >> > >?David, > > > >?You _really_ can't use NTLM to authenticate with the proxy and the > >?target host at the same, due to the nature of this authentication > >?scheme. Really. That was not a joke. > > > >?Please consider using one of the following combinations instead: > > > >?(1) BASIC proxy + NTLM host if both the clent and the proxy are > >?within a trusted network segment > > > >?(2) NTLM proxy + SSL + BASIC host > > > >?Both combinations should provide an adequate (or better in the > >?latter case) security > > > >?Hope this helps > > > >?Oleg > > > >> > >>?If anyone can point me in the direction of the light at the end > >>?of the tunnel I'd really appreciate it. > >> > >>?Thanks, > >>?David > >> > >> > >>?------------------------------------------------------------------ > >>?--- To unsubscribe, e-mail: httpclient-user- > >>[EMAIL PROTECTED] For additional commands, e-mail: > >>[EMAIL PROTECTED] > >> > > > >?-------------------------------------------------------------------- > >?- To unsubscribe, e-mail: httpclient-user- > >[EMAIL PROTECTED] For additional commands, e-mail: > >[EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
