On Tue, 2012-06-05 at 11:52 +0100, Pedro Saraiva wrote:
> Hello,
>
> I have a site protected with SPNEGO. The authentication can be performed
> with both Kerberos and NTLMv2.
>
> I'm trying to use HttpClient 4.2 to authenticate against this site
> through NTLMv2 but without success so far. Here's my sample code:
>
> HttpHost targetHost = new HttpHost("172.27.192.171", 8080, "http");
>
> DefaultHttpClient httpclient = new DefaultHttpClient();
>
> try {
> httpclient.getCredentialsProvider().setCredentials(
> new AuthScope(targetHost.getHostName(),
> targetHost.getPort()),
> new NTCredentials("psaraiva", "psaraiva",
> InetAddress.getLocalHost().getHostName(), "DEV"));
> //new UsernamePasswordCredentials("psaraiva",
> "psaraiva" ));
>
> // Create AuthCache instance
> AuthCache authCache = new BasicAuthCache();
> // Generate BASIC scheme object and add it to the local
> // auth cache
> BasicScheme basicAuth = new BasicScheme();
> authCache.put(targetHost, basicAuth);
>
> // Add AuthCache to the execution context
> BasicHttpContext localcontext = new BasicHttpContext();
> localcontext.setAttribute(ClientContext.AUTH_CACHE, authCache);
>
> HttpGet httpget = new HttpGet("/services/files/");
>
> System.out.println("executing request: " +
> httpget.getRequestLine());
> System.out.println("to target: " + targetHost);
>
> HttpResponse response = httpclient.execute(targetHost,
> httpget);//, localcontext);
> HttpEntity entity = response.getEntity();
>
>
> System.out.println("----------------------------------------");
> System.out.println(response.getStatusLine());
> if (entity != null) {
> System.out.println("Response content length: " +
> entity.getContentLength());
> }
> EntityUtils.consume(entity);
>
> } finally {
> // When HttpClient instance is no longer needed,
> // shut down the connection manager to ensure
> // immediate deallocation of all system resources
> httpclient.getConnectionManager().shutdown();
> }
>
> HttpClient seems to only try the Kerberos authentication and outputs the
> following warning:
> WARN [main] (RequestAuthenticationBase.java:88) - NEGOTIATE
> authentication error: No valid credentials provided (Mechanism level: No
> valid credentials provided (Mechanism level: Failed to find any Kerberos
> tgt))
>
> However, I want it to force it to use NTLMv2. From the HttpClient NTLM
> auth page it states that NTLMv2 is supported since version 4.1.
>
> Does HttpClient 4.2 support NTLMv2 over SPNEGO? Or it's my bad
> configuration that's causing it not to use NTLMv2?
>
> Kind regards,
>
> Pedro Saraiva
>
Hi Pedro
Generally SPNEGO takes precedence over NTLM per default but HttpClient
4.2 should have automatically attempted to authenticate with NTLM after
SPNEGO failure.
Could you please post a complete wire log of the HTTP session?
http://hc.apache.org/httpcomponents-client-ga/logging.html
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
