Hi again, Updating to version 4.2-beta1 solved the problem.
Best regards, Thomas -----Oprindelig meddelelse----- Fra: Thomas Vestergaard [mailto:[email protected]] Sendt: 20. marts 2012 16:26 Til: HttpClient User Discussion Emne: SV: NTLM proxy authentication Hi, Just to follow up, I got NTLM proxy to work - atleast partly by using JCIFS as described on: http://hc.apache.org/httpcomponents-client-ga/ntlm.html However, I still have a number of use-cases, where my implementation fails. From what I can gather from the logs, it has to do with missing proxy auth of redirects. (See below.) I there something I need to set or override to enable authentication on each connection rather than request? Or is it possible to prevent the client from closing the connection between the two GET's? (Regardless of this problem, it seems wasteful. But I might be mistaken.) Best regards, Thomas [snip - initial GET resulting in 307 Temporary Redirect] DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 307 Temporary Redirect DEBUG [org.apache.http.headers] << HTTP/1.1 307 Temporary Redirect DEBUG [org.apache.http.headers] << Accept-Ranges: bytes DEBUG [org.apache.http.headers] << Age: 0 DEBUG [org.apache.http.headers] << Content-Type: application/xml DEBUG [org.apache.http.headers] << Date: Tue, 20 Mar 2012 14:51:56 GMT DEBUG [org.apache.http.headers] << Location: https://partner.com/users/42/info?apiuserid=TNDK DEBUG [org.apache.http.headers] << Server: Jetty(8.0.0.M2) DEBUG [org.apache.http.headers] << Via: 1.1 varnish DEBUG [org.apache.http.headers] << X-Varnish: 1790574415 DEBUG [org.apache.http.headers] << Content-Length: 0 DEBUG [org.apache.http.headers] << Connection: keep-alive DEBUG [org.apache.http.client.protocol.ResponseAuthCache] Caching 'basic' auth scheme for https://partner.com DEBUG [org.apache.http.impl.client.DefaultRedirectStrategy] Redirect requested to location 'https://partner.com/id/users/42/info?apiuserid=TNDK' DEBUG [org.apache.http.impl.client.DefaultHttpClient] Redirecting to 'https://partner.com/id/users/42/info?apiuserid=TNDK' via HttpRoute[{tls}->http://tmgproxy.telenor.dk:8080->https://partner.com] DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection closed DEBUG [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to tmgproxy.telenor.dk:8080 DEBUG [org.apache.http.client.protocol.RequestAuthCache] Re-using cached 'ntlm' auth scheme for http://tmgproxy.telenor.dk:8080 DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: CONNECT partner.com:443 HTTP/1.1 DEBUG [org.apache.http.headers] >> CONNECT partner.com:443 HTTP/1.1 DEBUG [org.apache.http.headers] >> Host: partner.com DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5) DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ) DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ) DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02 DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM DEBUG [org.apache.http.headers] << Connection: close DEBUG [org.apache.http.headers] << Proxy-Connection: close DEBUG [org.apache.http.headers] << Pragma: no-cache DEBUG [org.apache.http.headers] << Cache-Control: no-cache DEBUG [org.apache.http.headers] << Content-Type: text/html DEBUG [org.apache.http.headers] << Content-Length: 2687 DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080 DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication failed DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection closed DEBUG [org.apache.http.impl.client.DefaultHttpClient] CONNECT refused by proxy: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ) DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Releasing connection org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@1f78040 -----Oprindelig meddelelse----- Fra: Thomas Vestergaard [mailto:[email protected]] Sendt: 20. marts 2012 13:35 Til: [email protected] Emne: NTLM proxy authentication Hello, I am having a problem with getting HttpClient to send requests through a proxy demanding NTLM authentication, which I understand should be possible. My code for trying to accomplish this: Credentials credentials; try { credentials = new NTCredentials(proxyUsername, proxyPassword, InetAddress.getLocalHost().getHostName(), proxyDomain); } catch (Exception e) { throw new SessionException("Unable to create NTLM credentials for proxy authentication", e); } client.getCredentialsProvider().setCredentials(new AuthScope(proxyHostname, proxyPort), credentials); HttpHost proxyHost = new HttpHost(proxyHostname, proxyPort); client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxyHost); AuthScheme proxyAuthScheme = new NTLMSchemeFactory().newInstance(client.getParams()); authCache.put(proxyHost, proxyAuthScheme); But I am apparently missing something, since it does not work. The authCache is later added to the context used in the execute call. Without this, I get an error about missing an ini-file - looks like an attempt to use Kerberos. The full log of the interaction is pasted below. As can also be seen in the log, I am using HttpClient v. 4.1.3. Best regards, Telenor Thomas Vestergaard Ekstern konsulent Technology Frederikskaj, DK-1780. København V Tel: +45 52 18 92 18 // e-mail: [email protected]<mailto:[email protected]> Web: http://www.telenor.dk<http://www.telenor.dk/> DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Get connection for route HttpRoute[{}->http://tmgproxy.telenor.dk:8080->http://hc.apache.org:80] DEBUG [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to tmgproxy.telenor.dk:8080 DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match DEBUG [org.apache.http.client.protocol.RequestAuthCache] Re-using cached 'ntlm' auth scheme for http://tmgproxy.telenor.dk:8080 DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 1 to execute request DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1 DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1 DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80 DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5) DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ) DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ) DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02 DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM DEBUG [org.apache.http.headers] << Connection: Keep-Alive DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive DEBUG [org.apache.http.headers] << Pragma: no-cache DEBUG [org.apache.http.headers] << Cache-Control: no-cache DEBUG [org.apache.http.headers] << Content-Type: text/html DEBUG [org.apache.http.headers] << Content-Length: 3670 DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080 DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 2 to execute request DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1 DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1 DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80 DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5) DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM TlRMTVNTUAABAAAANQIIIAwADAA8AAAAHAAcACAAAABYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQAUwBPAE4ARgBPAE4A DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Access is denied. ) DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Access is denied. ) DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02 DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAFgAWADgAAAA1Aoki1+rF8hsocI8AAAAAAAAAALQAtABOAAAABgGxHQAAAA9TAE8ATgBPAEYATwBOAC4ARABPAE0AAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAA DEBUG [org.apache.http.headers] << Connection: Keep-Alive DEBUG [org.apache.http.headers] << Proxy-Connection: Keep-Alive DEBUG [org.apache.http.headers] << Pragma: no-cache DEBUG [org.apache.http.headers] << Cache-Control: no-cache DEBUG [org.apache.http.headers] << Content-Type: text/html DEBUG [org.apache.http.headers] << Content-Length: 0 DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080 DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 3 to execute request DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1 DEBUG [org.apache.http.headers] >> GET http://hc.apache.org:80/httpcomponents-client-ga/tutorial/html/authentication.html HTTP/1.1 DEBUG [org.apache.http.headers] >> Host: hc.apache.org:80 DEBUG [org.apache.http.headers] >> Proxy-Connection: Keep-Alive DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.3 (java 1.5) DEBUG [org.apache.http.headers] >> Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAADgAOAAWAAAAAwADAA4AQAADgAOAEQBAAAcABwAUgEAAAAAAABuAQAANQIIILz16v88ObGIAyJRwplRA1RHf5V7zloNVnfwJnYZbsCj/uvqTyxBJbgBAQAAAAAAADDtlQ+VBs0BR3+Ve85aDVYAAAAAAgAWAFMATwBOAE8ARgBPAE4ALgBEAE8ATQABABIASQBWAEEAQgBUAE0ARwAwADIABAAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawADADAASQBWAEEAQgBUAE0ARwAwADIALgBpAG4AdAAuAHMAbwBuAG8AZgBvAG4ALgBkAGsABQAcAGkAbgB0AC4AcwBvAG4AbwBmAG8AbgAuAGQAawAHAAgAFOT4DpUGzQEAAAAAUwBPAE4ARgBPAE4AYwBnAGUAdABoAHYAZQBYAFAARgBFAFAAQwBDAEcARQBUAEgAVgBFAFQA DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ) DEBUG [org.apache.http.headers] << HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ) DEBUG [org.apache.http.headers] << Via: 1.1 IVABTMG02 DEBUG [org.apache.http.headers] << Proxy-Authenticate: Negotiate DEBUG [org.apache.http.headers] << Proxy-Authenticate: Kerberos DEBUG [org.apache.http.headers] << Proxy-Authenticate: NTLM DEBUG [org.apache.http.headers] << Connection: close DEBUG [org.apache.http.headers] << Proxy-Connection: close DEBUG [org.apache.http.headers] << Pragma: no-cache DEBUG [org.apache.http.headers] << Cache-Control: no-cache DEBUG [org.apache.http.headers] << Content-Type: text/html DEBUG [org.apache.http.headers] << Content-Length: 3670 DEBUG [org.apache.http.impl.client.DefaultHttpClient] Proxy requested authentication DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authorization challenge processed DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication scope: NTLM <any realm>@tmgproxy.telenor.dk:8080 DEBUG [org.apache.http.impl.client.DefaultHttpClient] Authentication failed DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Releasing connection org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@a9ae05 DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Released connection open but not reusable. DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Connection shut down --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
