Hello, I came across the following issue. If I configure the HttpClient with proxy(no-auth) then the digest authentication is failed by the server with 400 Bad request. After short analysis I have found out that the digest authentication request contains an absolute URI instead of a relative URI.The absolute URI is set in the DefaultRequestDirector.execute() by calling of DefaultRequestDirector.rewriteRequestURI() in case the proxy is configured. The parsed log from netmon is in the attachment.
Originally I have found the problem with my own Digest Authentication Scheme (using Windows SSPI). After that I tried the build-in Digest auth scheme and I was able to reproduce the issue. I noticed that the request arg in the Schema.Authenticate is RequestWrapper, so i tried to use RequestWrapper.getOriginal() for retrieving of URI, but I had n o success. It returns also an absolute URI. I believe it is a bug in the HttpClient. Besides that I would like to address this problem in our DigestAuthScheme before it will be fixed in the HttpClient. Is there some consistent way how how to get relative URI from the HttpRequest or HttpContext passed into authenticate() method? I know I can use the URI class to get a relative path, but it seems just like a workaround. Environment: JRE 1.6.0_23, Windows 7 SP1 dependencies: commons-codec-1.6.jar commons-logging-1.1.1.jar fluent-hc-4.2.2.jar httpclient-4.2.2.jar httpclient-cache-4.2.2.jar httpcore-4.2.3.jar httpmime-4.2.2.jar Thanks, Bronislav Gabrhelik
- Http: Request, GET http://auth-digest2.brno.local Command: GET + URI: http://auth-digest2.brno.local ProtocolVersion: HTTP/1.1 Host: auth-digest2.brno.local ProxyConnection: Keep-Alive UserAgent: Apache-HttpClient/4.2 (java 1.5) HeaderEnd: CRLF - Http: Response, HTTP/1.0, Status: Unauthorized, URL: http://auth-digest2.brno.local , Using Digest realm="brno.local", nonce="CVSyoKy7BAA=dd64ff76f1a62597dcbf56bffc89aed73efa380e", algorithm=MD5, qop="auth" Authentication ProtocolVersion: HTTP/1.0 StatusCode: 401, Unauthorized Reason: Unauthorized Date: Tue, 20 Mar 2012 13:26:51 GMT Server: Apache/2.2.8 (Ubuntu) DAV/2 + WWWAuthenticate: Digest realm="brno.local", nonce="CVSyoKy7BAA=dd64ff76f1a62597dcbf56bffc89aed73efa380e", algorithm=MD5, qop="auth" ContentLength: 495 + ContentType: text/html; charset=iso-8859-1 X-Cache: MISS from qac-squid-noauth.brno.local X-Cache-Lookup: MISS from qac-squid-noauth.brno.local:8800 Via: 1.0 qac-squid-noauth.brno.local (squid/3.1.10) Connection: keep-alive HeaderEnd: CRLF + payload: HttpContentType = text/html; charset=iso-8859-1 - Http: Request, GET http://auth-digest2.brno.local , Using Digest Authorization Command: GET + URI: http://auth-digest2.brno.local ProtocolVersion: HTTP/1.1 Host: auth-digest2.brno.local ProxyConnection: Keep-Alive UserAgent: Apache-HttpClient/4.2 (java 1.5) - Authorization: Digest + Authorization: Digest username="testuser2",realm="brno.local",nonce="CVSyoKy7BAA=dd64ff76f1a62597dcbf56bffc89aed73efa380e",uri="http://auth-digest2.brno.local",cnonce="30a2c65b6956a024e89490d0c983309a",nc=00000001,algorithm=MD5,response="c0785abfaf6a65baa9f7 HeaderEnd: CRLF - Http: Response, HTTP/1.0, Status: Bad request, URL: http://auth-digest2.brno.local ProtocolVersion: HTTP/1.0 StatusCode: 400, Bad request Reason: Bad Request Date: Tue, 20 Mar 2012 13:26:58 GMT Server: Apache/2.2.8 (Ubuntu) DAV/2 ContentLength: 320 + ContentType: text/html; charset=iso-8859-1 X-Cache: MISS from qac-squid-noauth.brno.local X-Cache-Lookup: MISS from qac-squid-noauth.brno.local:8800 Via: 1.0 qac-squid-noauth.brno.local (squid/3.1.10) Connection: keep-alive HeaderEnd: CRLF - payload: HttpContentType = text/html; charset=iso-8859-1 HtmlElement: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> HtmlElement: <html> HtmlElement: <head> HtmlElement: <title> HtmlElement: 400 Bad Request</title> HtmlElement: </head> HtmlElement: <body> HtmlElement: <h1> HtmlElement: Bad Request</h1> HtmlElement: <p> HtmlElement: Your browser sent a request that this server could not understand.<br /> HtmlElement: </p> HtmlElement: <hr> HtmlElement: <address> HtmlElement: Apache/2.2.8 (Ubuntu) DAV/2 Server at auth-digest2.brno.local Port 80</address> HtmlElement: </body> HtmlElement: </html> HtmlElement:
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
