NTLM proxy authentication

[Thomas Vestergaard]

Hello,

I am having a problem with getting HttpClient to send requests through a proxy 
demanding NTLM authentication, which I understand should be possible.

My code for trying to accomplish this:
Credentials credentials;
try {
           credentials = new NTCredentials(proxyUsername, proxyPassword, 
InetAddress.getLocalHost().getHostName(), proxyDomain);
} catch (Exception e) {
           throw new SessionException("Unable to create NTLM credentials for 
proxy authentication", e);
}
client.getCredentialsProvider().setCredentials(new AuthScope(proxyHostname, 
proxyPort), credentials);

HttpHost proxyHost = new HttpHost(proxyHostname, proxyPort);
client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxyHost);

AuthScheme proxyAuthScheme = new 
NTLMSchemeFactory().newInstance(client.getParams());
authCache.put(proxyHost, proxyAuthScheme);

But I am apparently missing something, since it does not work.

The authCache is later added to the context used in the execute call. Without 
this, I get an error about missing an ini-file - looks like an attempt to use 
Kerberos.
The full log of the interaction is pasted below. As can also be seen in the 
log, I am using HttpClient v. 4.1.3.

 Best regards,
Telenor

Thomas Vestergaard
Ekstern konsulent
Technology
Frederikskaj, DK-1780. København V
Tel: +45 52 18 92 18  // e-mail: cget...@telenor.dk<mailto:cget...@telenor.dk>
Web: http://www.telenor.dk<http://www.telenor.dk/>

DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Get connection for 
route HttpRoute[{}->http://tmgproxy.telenor.dk:8080->http://hc.apache.org:80]
DEBUG [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to 
tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: 
best-match
DEBUG [org.apache.http.client.protocol.RequestAuthCache] Re-using cached 'ntlm' 
auth scheme for http://tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 1 to execute 
request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET 
http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html
 HTTP/1.1
DEBUG [org.apache.http.headers] >> GET 
http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html
 HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 
1.5)
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: 
HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires 
authorization to fulfill the request. Access to the Web Proxy filter is denied. 
 )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( 
Forefront TMG requires authorization to fulfill the request. Access to the Web 
Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
DEBUG [org.apache.http.headers] << Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 3670
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept 
alive indefinitely
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested 
authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge 
processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: 
NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: 
best-match
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 2 to execute 
request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET 
http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html
 HTTP/1.1
DEBUG [org.apache.http.headers] >> GET 
http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html
 HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 
1.5)
DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM 
TlRMTVNTUAABAAAANQIIIAwADAA8AAAAHAAcACAAAABYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQAUwBPAE4ARgBPAE4A
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: 
HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( 
Access is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM 
TlRMTVNTUAACAAAAFgAWADgAAAA1Aoki1+rF8hsocI8AAAAAAAAAALQAtABOAAAABgGxHQAAAA9TAE8ATgBPAEYATwBOAC4ARABPAE0AAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAA
DEBUG [org.apache.http.headers] << Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 0
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept 
alive indefinitely
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested 
authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge 
processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: 
NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: 
best-match
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 3 to execute 
request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET 
http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html
 HTTP/1.1
DEBUG [org.apache.http.headers] >> GET 
http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html
 HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80
DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 
1.5)
DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM 
TlRMTVNTUAADAAAAGAAYAEAAAADgAOAAWAAAAAwADAA4AQAADgAOAEQBAAAcABwAUgEAAAAAAABuAQAANQIIILz16v88ObGIAyJRwplRA1RHf5V7zloNVnfwJnYZbsCj/uvqTyxBJbgBAQAAAAAAADDtlQ+VBs0BR3+Ve85aDVYAAAAAAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAAUwBPAE4ARgBPAE4AYwBnAGUAdABoAHYAZQBYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQA
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: 
HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires 
authorization to fulfill the request. Access to the Web Proxy filter is denied. 
 )
DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( 
Forefront TMG requires authorization to fulfill the request. Access to the Web 
Proxy filter is denied.  )
DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate
DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos
DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM
DEBUG [org.apache.http.headers] << Connection: close
DEBUG [org.apache.http.headers] << Proxy-Connection: close
DEBUG [org.apache.http.headers] << Pragma: no-cache
DEBUG [org.apache.http.headers] << Cache-Control: no-cache
DEBUG [org.apache.http.headers] << Content-Type: text/html
DEBUG [org.apache.http.headers] << Content-Length: 3670
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested 
authentication
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge 
processed
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: 
NTLM <any realm>@tmgproxy.telenor.dk:8080
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication failed
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Releasing connection 
org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@a9ae05
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Released connection 
open but not reusable.
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection shut down