[
https://issues.apache.org/jira/browse/AXIS2-4595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13262833#comment-13262833
]
Peter Dunphy commented on AXIS2-4595:
-------------------------------------
I think there is some confusion in the authenticator credential look-up stuff
for AXIS2 where the "host" is confused with the "workstation" when it comes to
retrieving the credentials.
When sending out the TYPE 1 and type 3 NTLM messages in AXIS2, If you do a
wireshark trace and reverse engineer the NTLM data sent it uses the
"authenticator.setHost(this.host)" as the WORKSTATION field in the NTLM
protocol as you might expect.
However who ever wrote the piece that retrieves the credentials prior to
sending out and generates the error message "No credentials available for NTLM
<any realm>@host:port" has mistaken the "authenticator.setHost(this.host)" as
the remote host (not the client workstation). If there is is no entry made for
the remote host via "authenticator.setHost(this.host)" then you get this error.
Really there should be two methods "authenticator.setWorkstation()" and
"authenticator.setRemoteHost()".
In the end this means the NTLM stuff is essentially broken.
> No Credentials provider found when authenticating with NTLM
> -----------------------------------------------------------
>
> Key: AXIS2-4595
> URL: https://issues.apache.org/jira/browse/AXIS2-4595
> Project: Axis2
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.5.1
> Environment: windows, NTLM authentication against Exchange WS 2007
> Reporter: Dominique Jean-Prost
>
> I'm meeting a problem I really can't resolve and after reading many lines of
> code in axis2, here where I am :
> - I'm trying to call a ms exchange 2007 WS
> - I setup I think my authentication code using this kind of code :
> final Options options =
> this.serviceExchange._getServiceClient().getOptions();
> final Authenticator authenticator = new Authenticator();
>
> // Cf.
> http://ws.apache.org/axis2/1_5_1/http-transport.html#preemptive_auth
> final List<String> authScheme = new ArrayList<String>();
> authScheme.add(Authenticator.NTLM);
> authScheme.add(Authenticator.BASIC);
>
> authenticator.setAuthSchemes(authScheme);
> authenticator.setUsername(this.username);
> authenticator.setPassword(this.password);
> authenticator.setHost(this.host);
> authenticator.setDomain(this.domain);
> authenticator.setPort(this.port);
>
> options.setTimeOutInMilliSeconds(this.timeout);
> options.setProperty(HTTPConstants.CHUNKED, "false");
> options.setProperty(HTTPConstants.REUSE_HTTP_CLIENT, "true");
> options.setProperty(HTTPConstants.AUTHENTICATE, authenticator);
>
> this.serviceExchange._getServiceClient().setOptions(options);
> I then get the following execution logs where you can see that there is no
> credential providers found.
> So I searched the net, and found this
> http://markmail.org/search/list:org%2Eapache%2Ews%2Eaxis-dev+CredentialsProvider
> where you can see that the credential providers was first added and the
> deleted in org/apache/axis2/transport/http/AbstractHTTPSender.java
> Execution log:
> HttpMethodDirector.java:843) - Authorization required
> 2009-12-21 12:01:11,447 DEBUG
> org.apache.commons.httpclient.HttpMethodDirector (
> HttpMethodDirector.java:662) - enter
> HttpMethodBase.processAuthenticationResponse(HttpState, HttpConnection)
> 2009-12-21 12:01:11,447 DEBUG
> org.apache.commons.httpclient.auth.AuthChallengeProcessor (
> AuthChallengeProcessor.java:90) - Supported authentication schemes in the
> order of preference: [NTLM, Basic]
> 2009-12-21 12:01:11,447 INFO
> org.apache.commons.httpclient.auth.AuthChallengeProcessor (
> AuthChallengeProcessor.java:101) - NTLM authentication scheme selected
> 2009-12-21 12:01:11,463 DEBUG
> org.apache.commons.httpclient.auth.AuthChallengeProcessor (
> AuthChallengeProcessor.java:155) - Using authentication scheme: ntlm
> 2009-12-21 12:01:11,463 DEBUG
> org.apache.commons.httpclient.auth.AuthChallengeProcessor (
> AuthChallengeProcessor.java:163) - Authorization challenge processed
> 2009-12-21 12:01:11,463 DEBUG
> org.apache.commons.httpclient.HttpMethodDirector (
> HttpMethodDirector.java:714) - Authentication scope: NTLM <any
> realm>@mercure:443
> 2009-12-21 12:01:11,463 DEBUG org.apache.commons.httpclient.HttpState (
> HttpState.java:436) - enter HttpState.getCredentials(AuthScope)
> 2009-12-21 12:01:11,463 DEBUG
> org.apache.commons.httpclient.HttpMethodDirector (
> HttpMethodDirector.java:861) - Credentials required
> 2009-12-21 12:01:11,463 DEBUG
> org.apache.commons.httpclient.HttpMethodDirector (
> HttpMethodDirector.java:879) - Credentials provider not available
> 2009-12-21 12:01:11,463 INFO
> org.apache.commons.httpclient.HttpMethodDirector (
> HttpMethodDirector.java:737) - No credentials available for NTLM <any
> realm>@mercure:443
> 2009-12-21 12:01:11,463 DEBUG org.apache.axis2.transport.http.HTTPSender (
> HTTPSender.java:278) - Handling response - 401
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
