On Tue, 2012-01-24 at 18:06 -0800, luciano.musacchio wrote: > Oleg, > > this is my curl output http://pastebin.com/203MS9Ut > .. my code http://pastebin.com/7YPXznxW > .. and its logs http://pastebin.com/DUMGgGHX > > .. in particular the HttpGet.addHeader() works fine if I connect through > http, but when I use https the Proxy-Authenticate header doesn't show (btw, > setCredentials doesn't work for me, 407/proxy auth required).. > > .. I'm still missing the ssl handshake, right? > > > Thanks!, > Luciano. >
I found the problem. The BasicScheme per default assumes the target host authentication mode and not proxy mode. So, as a result it was generating 'Authorization' header instead of 'Proxy-Authorization' HttpClient --- wire - >> "CONNECT google.com:443 HTTP/1.1[\r][\n]" wire - >> "Authorization: Basic Z21wMTgwOm1hZVQwMTIz[\r][\n]" --- curl --- > CONNECT www.google.com.ar:443 HTTP/1.1 > Proxy-Authorization: Basic Z21wMTgwOm1hZVQwMTIz --- The trouble is that there is no easy way to flip the mode. For the time being force BasicScheme into the proxy mode by feeding it a fake proxy challenge, like that --- BasicScheme basicAuth = new BasicScheme(); basicAuth.processChallenge( new BasicHeader(AUTH.PROXY_AUTH, "BASIC preemptive")); --- That should fix the problem. In the meantime I'll try to come with an easier API for preemptive proxy authentication. Oleg PS: do not use HttpGet.addHeader(). HttpClient will generate all the necessary headers for you. > > olegk wrote: > > > > On Tue, 2012-01-24 at 11:04 -0800, luciano.musacchio wrote: > >> Thanks Oleg, I've tried preemptive BASIC auth with the same luck. > >> > > > > All that can be done with curl can also be done with HttpClient. > > > > Feel free to post HttpClient wire / context log and output of curl with > > verbose mode on. > > > > Oleg > > > >> I think I've found a mail from you that is most related with my > >> particular > >> issue: that is, using a basic-auth proxy (probably badly configured, so, > >> also preemptive) to access SSL content. This should be done with a tunnel > >> through the proxy, right? > >> > >> I've tried your code and get 500/Internal Server Error: > >> http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ProxyTunnelDemo.java > >> > >> If I can't go any further with httpclient I'll need to user something > >> from a > >> lower-level, right?, I think that this (very old) article tackles my > >> problem: > >> http://www.javaworld.com/javaworld/javatips/jw-javatip111.html > >> > >> .. the informed guess then seems to be the JSSE library: > >> http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SecureConnSample > >> .. what do you think? > >> > >> > >> Thank you very much, > >> Luciano. > >> > >> > >> > >> olegk wrote: > >> > > >> > On Sun, 2012-01-22 at 14:07 -0800, luciano.musacchio wrote: > >> >> Thanks Oleg for your reply. Could it be that the proxy is announcing > >> just > >> >> NTLM but it actually does accept BASIC auth? I mean, I could > >> authenticate > >> >> using curl: > >> >> > >> > > >> > Yes, this is quite likely. In any way the fault clearly lies with the > >> > proxy. Nevertheless, you can configure HttpClient the same way as curl > >> > by making it use preemptive BASIC authentication. > >> > > >> > Oleg > >> > > >> > > >> >> C:\Users\musacchl\Desktop\curl\bin>curl -v --proxy-basic --proxy-user > >> >> <user>:<password> --url http://www.google.com.ar --proxy > >> >> http://144.72.225.21:80/ > >> >> * About to connect() to proxy 144.72.225.21 port 80 (#0) > >> >> * Trying 144.72.225.21... connected > >> >> * Proxy auth using Basic with user '<user>' > >> >> > GET http://www.google.com.ar HTTP/1.1 > >> >> > Proxy-Authorization: Basic Z21wMTgwOm1hZVQwMTIz > >> >> > User-Agent: curl/7.23.1 (i386-pc-win32) libcurl/7.23.1 > >> OpenSSL/0.9.8r > >> >> > zlib/1.2 > >> >> .5 libidn/1.18 libssh2/1.3.0 librtmp/2.3 > >> >> > Host: www.google.com.ar > >> >> > Accept: */* > >> >> > Proxy-Connection: Keep-Alive > >> >> > > >> >> < HTTP/1.1 200 OK > >> >> < Date: Sun, 22 Jan 2012 22:04:21 GMT > >> >> < Expires: -1 > >> >> < Cache-Control: private, max-age=0 > >> >> < Content-Type: text/html; charset=ISO-8859-1 > >> >> < P3P: CP="This is not a P3P policy! See > >> >> http://www.google.com/support/accounts/ > >> >> bin/answer.py?hl=en&answer=151657 for more info." > >> >> < Server: gws > >> >> < X-XSS-Protection: 1; mode=block > >> >> < X-Frame-Options: SAMEORIGIN > >> >> < Transfer-Encoding: chunked > >> >> < Proxy-Connection: Keep-Alive > >> >> < Connection: Keep-Alive > >> >> < Set-Cookie: > >> >> PREF=ID=9003536854dee7dc:FF=0:TM=1327269861:LM=1327269861:S=itmA28 > >> >> PklgxOcuZI; expires=Tue, 21-Jan-2014 22:04:21 GMT; path=/; > >> >> domain=.google.com.ar > >> >> > >> >> < Set-Cookie: > >> >> NID=56=lB4_bLrbrFvShtTIk-0X_qSQvirjPAFCzZ5wb0r1ryOXHKu8zsi2j6yvqp- > >> >> EoNgthPJlwCmXR3yndoG47bKC15nJX1HgPKaN5yl0lzb14FemGCNRNqbX_IXNIl8ZOQXE; > >> >> expires=M > >> >> on, 23-Jul-2012 22:04:21 GMT; path=/; domain=.google.com.ar; HttpOnly > >> > > >> > ... > >> > > >> > > >> > --------------------------------------------------------------------- > >> > To unsubscribe, e-mail: [email protected] > >> > For additional commands, e-mail: [email protected] > >> > > >> > > >> > > >> > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
