On Mon, Jun 22, 2009 at 09:35:58PM -0700, RajK wrote: > > HI Oleg, > Thanks for the reply, here is the wire logs, > > [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]" > [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" > [DEBUG] header - >> "Host: verisign.com[\r][\n]" > [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - >> "[\r][\n]" > [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA > Server requires authorization to fulfill the request. Access to the Web > Proxy filter is denied. )[\r][\n]" > [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA > Server requires authorization to fulfill the request. Access to the Web > Proxy filter is denied. )[\r][\n]" > [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]" > [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Pragma: no-cache[\r][\n]" > [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" > [DEBUG] header - << "Content-Type: text/html[\r][\n]" > [DEBUG] header - << "Content-Length: 4106 [\r][\n]" > [DEBUG] header - << "[\r][\n]" > [INFO] AuthChallengeProcessor - ntlm authentication scheme selected > [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]" > [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" > [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - >> "Proxy-Authorization: NTLM > TlRMTVNTUAABAAAABlIAAA0ADQAiAAAAAgACACAAAABOVDE3Mi4yNi4yMzAuODY=[\r][\n]" > [DEBUG] header - >> "Host: verisign.com[\r][\n]" > [DEBUG] header - >> "[\r][\n]" > [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access is > denied. )[\r][\n]" > [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( Access is > denied. )[\r][\n]" > [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: NTLM > TlRMTVNTUAACAAAACQAJADgAAAAGAoECE6EfrShmucQAAAAAAAAAAJ4AngBBAAAABQLODgAAAA9DSElMRElCQUMCABIAQwBIAEkATABEAEkAQgBBAEMAAQAYAFMAVQBOAEkATABOAEsALQBMAEEAQgAxAAQAKABjAGgAaQBsAGQALgBpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAwAYAHMAdQBuAGkAbABuAGsALQBsAGEAYgAxAAUAHABpAHMAbQAuAG0AYwBhAGYAZQBlAC4AYwBvAG0AAAAAAA==[\r][\n]" > [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Pragma: no-cache[\r][\n]" > [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" > [DEBUG] header - << "Content-Type: text/html[\r][\n]" > [DEBUG] header - << "Content-Length: 0 [\r][\n]" > [DEBUG] header - << "[\r][\n]" > [DEBUG] header - >> "GET http://verisign.com/ HTTP/1.1[\r][\n]" > [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" > [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - >> "Proxy-Authorization: NTLM > TlRMTVNTUAADAAAAGAAYAFwAAAAAAAAAdAAAAA0ADQBAAAAADQANAE0AAAACAAIAWgAAAAAAAAB0AAAABlIAADE3Mi4yNi4yMzAuODZBRE1JTklTVFJBVE9STlTpGOVYkkr+LQRybRsJCgxl2lYVu2N/vb8=[\r][\n]" > [DEBUG] header - >> "Host: verisign.com[\r][\n]" > [DEBUG] header - >> "[\r][\n]" > [DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]" > [DEBUG] header - << "HTTP/1.1 301 Unknown reason[\r][\n]" > [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" > [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Content-length: 0[\r][\n]" > [DEBUG] header - << "Date: Tue, 23 Jun 2009 04:19:48 GMT[\r][\n]" > [DEBUG] header - << "Location: http://www.verisign.com/[\r][\n]"; > [DEBUG] header - << "Content-type: text/html[\r][\n]" > [DEBUG] header - << "Server: Netscape-Enterprise/4.1[\r][\n]" > [DEBUG] header - << "[\r][\n]" > [DEBUG] header - >> "GET http://www.verisign.com/ HTTP/1.1[\r][\n]" > [DEBUG] header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" > [DEBUG] header - >> "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - >> "Host: www.verisign.com[\r][\n]" > [DEBUG] header - >> "[\r][\n]" > [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA > Server requires authorization to fulfill the request. Access to the Web > Proxy filter is denied. )[\r][\n]" > [DEBUG] header - << "HTTP/1.1 407 Proxy Authentication Required ( The ISA > Server requires authorization to fulfill the request. Access to the Web > Proxy filter is denied. )[\r][\n]" > [DEBUG] header - << "Via: 1.1 lab1[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: Negotiate[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: Kerberos[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: NTLM[\r][\n]" > [DEBUG] header - << "Proxy-Authenticate: Basic realm="lab1."[\r][\n]" > [DEBUG] header - << "Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Proxy-Connection: Keep-Alive[\r][\n]" > [DEBUG] header - << "Pragma: no-cache[\r][\n]" > [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" > [DEBUG] header - << "Content-Type: text/html[\r][\n]" > [DEBUG] header - << "Content-Length: 4106 [\r][\n]" > [DEBUG] header - << "[\r][\n]" > [INFO] HttpMethodDirector - Failure authenticating with NTLM <any > realm>@172.16.100.16:8080 > > When I tried the with the code changes as > In processRedirectResponse { > method.getHostAuthState().invalidate(); > I added the below line, > method.getProxyAuthState().invalidate(); > } > This works > Thanks, > RajK >
This appears to be a bug in HttpClient 3.1. Would it be a big deal for you to test the same request with the latest HttpClient 4.0 snapshot? https://repository.apache.org/content/repositories/snapshots/org/apache/httpcomponents/httpclient/4.0-beta3-SNAPSHOT/ Also, feel free to open an issue in JIRA for this bug https://issues.apache.org/jira/browse/HTTPCLIENT Oleg > > olegk wrote: > > > > On Thu, Jun 04, 2009 at 03:41:53AM -0700, RajK wrote: > >> > >> HI all, > >> During redirect time, the auth has to be cleared as the below issues > >> says, > >> http://issues.apache.org/jira/browse/HTTPCLIENT-211 > >> but, it does it only for the hosts NTLM authentication, > >> But, when we have NTLM at proxy, redirect fails. > >> > >> Should we have it cleared for proxy also, right? please let me know > >> otherwise, please let me know. > >> > >> Thanks, > >> Raj > >> > >> > > > > Post wire / context log > > > > Oleg > > > > > >> > >> -- > >> View this message in context: > >> http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p23867531.html > >> Sent from the HttpClient-User mailing list archive at Nabble.com. > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: [email protected] > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > > -- > View this message in context: > http://www.nabble.com/redirect-fails-when-NTLM-authentication-is-used-for-proxy-tp23867531p24158833.html > Sent from the HttpClient-User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
