I set the auth realm to AuthScope.ANY, but this did not work either: httpstate.setCredentials(AuthScope.ANY, credentials);
Fayaz -----Original Message----- From: Mudnal, Fayaz K [mailto:[email protected]] Sent: Tuesday, October 12, 2010 4:19 PM To: [email protected] Subject: HTTPS redirects and then basic auth fails Hi I am trying to upload a file to a https site. The site redirects 3 times and then login fails with a 401 error. I am using HttpClient 3.0. The server folks said they could not see the credentials on their side. I would greatly appreciate any help. Here is the code: String header = "multipart/form-data"; PostMethod method = null; try { HttpClient client = new HttpClient(); HostConfiguration hostConfig = client.getHostConfiguration(); hostConfig.setHost(new URI(URL, true)); LOGGER.debug("Open connection to: " + URL); if (username != null && password != null && username.trim().length() > 0 && password.trim().length() > 0) { LOGGER.debug("Setting credentials."); Credentials credentials = new UsernamePasswordCredentials(username, password); AuthScope authScope = new AuthScope(hostConfig.getHost(), hostConfig.getPort()); HttpState state = client.getState(); state.setCredentials(authScope, credentials); LOGGER.debug("Credentials set"); List authPrefs = new ArrayList(3); authPrefs.add(AuthPolicy.BASIC); authPrefs.add(AuthPolicy.DIGEST); authPrefs.add(AuthPolicy.NTLM); client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs); client.getParams().setAuthenticationPreemptive(true); LOGGER.debug("Preemptive Authentication set"); } RequestEntity entity = new InputStreamRequestEntity(inputStream, "application/upload"); method = new PostMethod(URL); method.setRequestEntity(entity); LOGGER.debug("FileInputStream set"); method.setRequestHeader("filename", fileName); method.setRequestHeader("Content-Type", header); method.setRequestHeader("Content-Disposition", "form-data"); method.setDoAuthentication(true); method.setFollowRedirects( false ); LOGGER.debug("Uploading file..."); int responseStatusCode = client.executeMethod(hostConfig, method); LOGGER.debug("HTTPS ResponseStatusCode=" + responseStatusCode); LOGGER.debug(method.getStatusLine()); LOGGER.debug(method.getResponseBodyAsString()); // Handle redirects int redirResponseStatusCode = 0; if (responseStatusCode == HttpStatus.SC_MOVED_TEMPORARILY || responseStatusCode == HttpStatus.SC_MOVED_PERMANENTLY || responseStatusCode == HttpStatus.SC_SEE_OTHER || responseStatusCode == HttpStatus.SC_TEMPORARY_REDIRECT) { LOGGER.debug("Redirection encountered:" + responseStatusCode); // handle a max of 10 redirects for (int i = 1; i < 11; i++) { LOGGER.debug("Redirect attempt: " + i); redirResponseStatusCode = 0; Header locationHeader = method.getResponseHeader("location"); if (locationHeader == null) { throw new DeliveryException("Redirected without a location"); } String location = locationHeader.getValue(); hostConfig.setHost(new URI(location, true)); method.setURI(new URI(location, true)); if (username != null && password != null && username.trim().length() > 0 && password.trim().length() > 0) { LOGGER.debug("Setting credentials for redirect."); Credentials credentials = new UsernamePasswordCredentials(username, password); AuthScope authScope = new AuthScope(hostConfig.getHost(), hostConfig.getPort()); HttpState state = client.getState(); state.setCredentials(authScope, credentials); LOGGER.debug("Credentials set"); List authPrefs = new ArrayList(3); authPrefs.add(AuthPolicy.BASIC); authPrefs.add(AuthPolicy.DIGEST); authPrefs.add(AuthPolicy.NTLM); client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs); //client.getState().setAuthenticationPreemptive(true); client.getParams().setAuthenticationPreemptive(true); LOGGER.debug("Preemptive Authentication set"); } LOGGER.debug("Redirecting to location:" + location); redirResponseStatusCode = client.executeMethod(hostConfig, method); LOGGER.debug("HTTPS RedirectResponseStatusCode=" + redirResponseStatusCode); LOGGER.debug(method.getStatusLine()); LOGGER.debug(method.getResponseBodyAsString()); if (redirResponseStatusCode != HttpStatus.SC_MOVED_TEMPORARILY && redirResponseStatusCode != HttpStatus.SC_MOVED_PERMANENTLY && redirResponseStatusCode != HttpStatus.SC_SEE_OTHER && redirResponseStatusCode != HttpStatus.SC_TEMPORARY_REDIRECT) break; if (i == 10) {LOGGER.debug("MAX Redirects exceeded.");} } } // Handle redirects if ((responseStatusCode >= 400)||(redirResponseStatusCode >= 400)) { LOGGER.debug("File upload via HTTPS failed."); throw new DeliveryException("File upload via HTTPS failed."); } else LOGGER.debug("File upload via HTTPS Successful."); } catch (Exception e) { LOGGER.debug("File upload via HTTPS failed."); e.printStackTrace(); throw new DeliveryException(e); } finally { method.releaseConnection(); } Here are the logs: [10/12/10 0:52:56:136 GMT] 00000164 SystemOut O - username:xxxxx password:xxxxx [10/12/10 0:52:56:137 GMT] 00000164 SystemOut O - Open connection to: https://159.37.35.247/ [10/12/10 0:52:56:137 GMT] 00000164 SystemOut O - Setting credentials. [10/12/10 0:52:56:138 GMT] 00000164 SystemOut O - Credentials set [10/12/10 0:52:56:139 GMT] 00000164 SystemOut O - Preemptive Authentication set [10/12/10 0:52:56:140 GMT] 00000164 SystemOut O - FileInputStream set [10/12/10 0:52:56:141 GMT] 00000164 SystemOut O - Uploading file... [10/12/10 0:52:56:452 GMT] 00000164 HttpMethodDir I org.apache.commons.httpclient.HttpMethodDirector isRedirectNeeded Redirect requested but followRedirects is disabled [10/12/10 0:52:56:459 GMT] 00000164 SystemOut O - HTTPS ResponseStatusCode=302 [10/12/10 0:52:56:459 GMT] 00000164 SystemOut O - HTTP/1.1 302 Found [10/12/10 0:52:56:459 GMT] 00000164 HttpMethodBas W org.apache.commons.httpclient.HttpMethodBase getResponseBody Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended. [10/12/10 0:52:56:475 GMT] 00000164 SystemOut O - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY> <H1>Found</H1> The document has moved <A HREF="https://159.37.35.247:443/?&STCO=1TLOxTpeXQHAAAEqsStY&STCOEND";>here</A>.<P> <P>Additionally, a 302 Found error was encountered while trying to use an ErrorDocument to handle the request. </BODY></HTML> [10/12/10 0:52:56:475 GMT] 00000164 SystemOut O - Redirection encountered:302 [10/12/10 0:52:56:476 GMT] 00000164 SystemOut O - Redirect attempt: 1 [10/12/10 0:52:56:476 GMT] 00000164 SystemOut O - Setting credentials for redirect. [10/12/10 0:52:56:477 GMT] 00000164 SystemOut O - Credentials set [10/12/10 0:52:56:478 GMT] 00000164 SystemOut O - Preemptive Authentication set [10/12/10 0:52:56:478 GMT] 00000164 SystemOut O - Redirecting to location:https://159.37.35.247:443/?&STCO=1TLOxTpeXQHAAAEqsStY&STCOEND [10/12/10 0:52:56:561 GMT] 00000164 HttpMethodDir I org.apache.commons.httpclient.HttpMethodDirector isRedirectNeeded Redirect requested but followRedirects is disabled [10/12/10 0:52:56:568 GMT] 00000164 SystemOut O - HTTPS RedirectResponseStatusCode=302 [10/12/10 0:52:56:568 GMT] 00000164 SystemOut O - HTTP/1.1 302 Found [10/12/10 0:52:56:569 GMT] 00000164 HttpMethodBas W org.apache.commons.httpclient.HttpMethodBase getResponseBody Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended. [10/12/10 0:52:56:584 GMT] 00000164 SystemOut O - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY> <H1>Found</H1> The document has moved <A HREF="https://159.37.35.247/?&STCO=2TLOxTpeXQHAAAEqsStY&STCOEND";>here</A>.<P> <P>Additionally, a 302 Found error was encountered while trying to use an ErrorDocument to handle the request. </BODY></HTML> [10/12/10 0:52:56:585 GMT] 00000164 SystemOut O - Redirect attempt: 2 [10/12/10 0:52:56:585 GMT] 00000164 SystemOut O - Setting credentials for redirect. [10/12/10 0:52:56:586 GMT] 00000164 SystemOut O - Credentials set [10/12/10 0:52:56:586 GMT] 00000164 SystemOut O - Preemptive Authentication set [10/12/10 0:52:56:587 GMT] 00000164 SystemOut O - Redirecting to location:https://159.37.35.247/?&STCO=2TLOxTpeXQHAAAEqsStY&STCOEND [10/12/10 0:52:56:672 GMT] 00000164 HttpMethodDir I org.apache.commons.httpclient.HttpMethodDirector isRedirectNeeded Redirect requested but followRedirects is disabled [10/12/10 0:52:56:680 GMT] 00000164 SystemOut O - HTTPS RedirectResponseStatusCode=302 [10/12/10 0:52:56:681 GMT] 00000164 SystemOut O - HTTP/1.1 302 Found [10/12/10 0:52:56:681 GMT] 00000164 HttpMethodBas W org.apache.commons.httpclient.HttpMethodBase getResponseBody Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended. [10/12/10 0:52:56:696 GMT] 00000164 SystemOut O - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY> <H1>Found</H1> The document has moved <A HREF="https://159.37.35.247/";>here</A>.<P> <P>Additionally, a 302 Found error was encountered while trying to use an ErrorDocument to handle the request. </BODY></HTML> [10/12/10 0:52:56:696 GMT] 00000164 SystemOut O - Redirect attempt: 3 [10/12/10 0:52:56:697 GMT] 00000164 SystemOut O - Setting credentials for redirect. [10/12/10 0:52:56:698 GMT] 00000164 SystemOut O - Credentials set [10/12/10 0:52:56:698 GMT] 00000164 SystemOut O - Preemptive Authentication set [10/12/10 0:52:56:698 GMT] 00000164 SystemOut O - Redirecting to location:https://159.37.35.247/ [10/12/10 0:52:56:778 GMT] 00000164 AuthChallenge I org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme Basic authentication scheme selected [10/12/10 0:52:56:786 GMT] 00000164 HttpMethodDir I org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge Failure authenticating with BASIC 'FileDriveWWW'@159.37.35.247:443 [10/12/10 0:52:56:792 GMT] 00000164 SystemOut O - HTTPS RedirectResponseStatusCode=401 [10/12/10 0:52:56:792 GMT] 00000164 SystemOut O - HTTP/1.1 401 Authorization Required [10/12/10 0:52:56:793 GMT] 00000164 HttpMethodBas W org.apache.commons.httpclient.HttpMethodBase getResponseBody Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended. [10/12/10 0:52:56:809 GMT] 00000164 SystemOut O - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>401 Authorization Required</TITLE> </HEAD><BODY> <H1>Authorization Required</H1> This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.<P> </BODY></HTML> [10/12/10 0:52:56:809 GMT] 00000164 SystemOut O - File upload via HTTPS failed. Thanks Fayaz --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
