Sorry for the delayed response. The problem could be the Connection: close headers being returned by the server. We will need the debug log in addition to the wire log to be sure. Please use the system properties from <http://jakarta.apache.org/commons/httpclient/logging.html> to ensure they are both enabled.
Please also open a bug in bugzilla <http://nagoya.apache.org/bugzilla/index.html> so that we can more easily exchange the logs and keep track of this issue.
Thanks for your help.
Mike
On Oct 30, 2003, at 4:52 PM, Alfonso wrote:
Michael
You are right, I was not using the rc2 source but the commons-httpclient-20031022.zip source. However in both cases the wire log is identical (except of course for the timestamps). Here it is
[DEBUG] wire - ->> "GET http://www.apache.org/ HTTP/1.1[\r][\n]"
[DEBUG] wire - ->> "User-Agent: Jakarta Commons-HttpClient/2.1m1[\r][\n]"
[DEBUG] wire - ->> "Host: www.apache.org[\r][\n]"
[DEBUG] wire - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] wire - ->> "[\r][\n]"
[DEBUG] wire - -<< "HTTP/1.1 407 Proxy Access Denied[\r][\n]"
[DEBUG] wire - -<< "Server: Microsoft-IIS/4.0[\r][\n]"
[DEBUG] wire - -<< "Date: Thu, 30 Oct 2003 11:44:35 GMT[\r][\n]"
[DEBUG] wire - -<< "Connection: close[\r][\n]"
[DEBUG] wire - -<< "Proxy-Authenticate: NTLM[\r][\n]"
[DEBUG] wire - ->> "GET http://www.apache.org/ HTTP/1.1[\r][\n]"
[DEBUG] wire - ->> "User-Agent: Jakarta Commons-HttpClient/2.1m1[\r][\n]"
[DEBUG] wire - ->> "Proxy-Authorization: NTLM
[DEBUG] wire - ->> "Host: www.apache.org[\r][\n]"
[DEBUG] wire - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] wire - ->> "[\r][\n]"
[DEBUG] wire - -<< "HTTP/1.1 407 Proxy authentication required[\r][\n]"
[DEBUG] wire - -<< "Proxy-Authenticate: NTLM
[DEBUG] wire - -<< "Content-Length: 503[\r][\n]"
[DEBUG] wire - -<< "Content-Type: text/html[\r][\n]"
[DEBUG] wire - -<< "<html><head><title>Error 407</title>[\r][\n]"
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "<meta name="robots" content="noindex">[\r][\n]"
[DEBUG] wire - -<< "<META HTTP-EQUIV="Content-Type" CONTENT="text/html;
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "<body>[\r][\n]"
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "<h2>HTTP Error 407</h2>[\r][\n]"
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "<p><strong>407 Proxy Authentication
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "<p>You must authenticate with a proxy server before
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "<p>Please contact the Web server's administrator if
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "</body></html>"
[DEBUG] wire - ->> "GET http://www.apache.org/ HTTP/1.1[\r][\n]"
[DEBUG] wire - ->> "User-Agent: Jakarta Commons-HttpClient/2.1m1[\r][\n]"
[DEBUG] wire - ->> "Proxy-Authorization: NTLM
[DEBUG] wire - ->> "Host: www.apache.org[\r][\n]"
[DEBUG] wire - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
[DEBUG] wire - ->> "[\r][\n]"
[DEBUG] wire - -<< "HTTP/1.1 407 Proxy authentication required[\r][\n]"
[DEBUG] wire - -<< "Proxy-Authenticate: NTLM[\r][\n]"
[DEBUG] wire - -<< "Proxy-Connection: close[\r][\n]"
[DEBUG] wire - -<< "Content-Length: 503[\r][\n]"
[DEBUG] wire - -<< "Content-Type: text/html[\r][\n]"
[DEBUG] wire - -<< "<html><head><title>Error 407</title>[\r][\n]"
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "<meta name="robots" content="noindex">[\r][\n]"
[DEBUG] wire - -<< "<META HTTP-EQUIV="Content-Type" CONTENT="text/html;
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "<body>[\r][\n]"
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "<h2>HTTP Error 407</h2>[\r][\n]"
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "<p><strong>407 Proxy Authentication
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "<p>You must authenticate with a proxy server before
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "<p>Please contact the Web server's administrator if
[DEBUG] wire - -<< "[\r][\n]"
[DEBUG] wire - -<< "</body></html>"
Anyway I'm on the second stage of my problem, which is validating using basic authentication against a web server. Now I face another problem: when the host beign contacted responds with a WWW-Authenticate, the MethodDirector tries to reply with the username/password. However, it refuses to use the authentication realm it has just used to pass throuhg the proxy again. Can you think of a fix for this ?. Clearly it should "forget" what realms had been used to authenticate with the proxy when trying to authenticate against the target host. It seems to me that the states of authentication (host and proxy) are mixed somehow.
Michael Becke wrote:
Hello Alfonso,
Have you been working with 2.0 RC2 or with the latest code from HEAD? The HttpMethodDirector class was recently added to HEAD but does not exist in RC2. If you're using HEAD please give it a shot with RC2 and see how things work. Either way please post a wire log <http://jakarta.apache.org/commons/httpclient/logging.html> of the problem so we can better idea of what's happening.
Thanks,
Mike
On Oct 29, 2003, at 5:25 PM, Alfonso wrote:
Hi to all
Excuse me as I am relatively new to low-level network plumbing so this may sound amateur to you.
I was having problems trying to make HttpClient 2rc2 to authenticate to my Microsoft proxy server.
Despite trying all combinatios of user/domain/host in the credentials I always got the same result, reply code 407.
Tracing through the sequence of actions and activating the debugger and examining the publicly available documentation about NTLM challenge/response I came to the conclusion that the problem was that HttpMethodDirector was wrongly closing the connection after the second stage of authentication. Thus, in the third stage the client sent what apparently a correct authentication header but was beign rejected by the proxy as it not belong to the session that was just establishing the connection.
The cause of the problem is that HttpMethodDirector expects not to see a response body until the authentication process is finished, that is, it understands that things should be ok the moment a response body is present. As I've found out by activating the debug log, the Microsoft proxy answers to the second stage of the authentication process with the response body that corresponds to the HTML page shown to the user when the authentication is not correct.
The solution that I've tried that has passed a basic test (that is, it retrieves correctly the pages) is to modify the method in HttpMethodBase#canHaveResponseBody. As I understand that method is provided to ignore response bodies for certain return codes. That is, around line 2126 it says
if ((status >= 100 && status <= 199) || (status == 204) || (status == 304) ) { // NOT MODIFIED result = false; }
If you instead say
if ((status >= 100 && status <= 199) || (status == 204) || (status == 304) || (status == 407)) { // NOT MODIFIED result = false; }
Things work, at least for me. I don't know how nor have the tools to generate a patch, and if I could I did not know where to send it. So if somebody out there is kind enough to test if this fixes things for every other case of proxy/authentication, it would be wise to incorporate the change into the final release. This Microsoft proxy feature has been something that I have wished to have for a very long time and not yet found in any other library.
Keep up the good work.
Alfonso
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
