[jira] [Updated] (HTTPCLIENT-1224) (regression) NTLM auth not retried after a redirect over a non-persistent connection

Oleg Kalnichevski (JIRA) Thu, 23 Aug 2012 12:54:46 -0700

     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1224?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Oleg Kalnichevski updated HTTPCLIENT-1224:
------------------------------------------

    Summary: (regression) NTLM auth not retried after a redirect over a 
non-persistent connection  (was: NTLM auth fails with redirect. Eg. Exchange 
/ews/Exchange.asmx -> /ews/Services.wsdl)
    
> (regression) NTLM auth not retried after a redirect over a non-persistent 
> connection
> ------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1224
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1224
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.1
>         Environment: Fedora 15
>            Reporter: Dave Godbey
>              Labels: NTLM, authentication, redirect
>             Fix For: 4.2.2
>
>
> When you communicate with a Microsoft Exchange server (eg. EWS), you point to 
> /ews/Exchange.asmx. Exchange replies with a redirect order to 
> ews/Services.wsdl. Client is failing to complete this with following wire log:
> executing request: GET /ews/Exchange.asmx HTTP/1.1
> to target: https://mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:41:570 CDT [DEBUG] BasicClientConnectionManager - Get 
> connection for route {s}->https://mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:41:785 CDT [DEBUG] DefaultClientConnectionOperator - 
> Connecting to mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:324 CDT [DEBUG] RequestAddCookies - CookieSpec selected: 
> best-match
> 2012/08/22 15:05:42:337 CDT [DEBUG] RequestAuthCache - Auth cache not set in 
> the context
> 2012/08/22 15:05:42:337 CDT [DEBUG] RequestTargetAuthentication - Target auth 
> state: UNCHALLENGED
> 2012/08/22 15:05:42:338 CDT [DEBUG] RequestProxyAuthentication - Proxy auth 
> state: UNCHALLENGED
> 2012/08/22 15:05:42:338 CDT [DEBUG] DefaultHttpClient - Attempt 1 to execute 
> request
> 2012/08/22 15:05:42:338 CDT [DEBUG] DefaultClientConnection - Sending 
> request: GET /ews/Exchange.asmx HTTP/1.1
> 2012/08/22 15:05:42:339 CDT [DEBUG] headers - >> GET /ews/Exchange.asmx 
> HTTP/1.1
> 2012/08/22 15:05:42:339 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:340 CDT [DEBUG] headers - >> Connection: Keep-Alive
> 2012/08/22 15:05:42:340 CDT [DEBUG] headers - >> User-Agent: 
> Apache-HttpClient/4.2.1 (java 1.5)
> 2012/08/22 15:05:42:395 CDT [DEBUG] DefaultClientConnection - Receiving 
> response: HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:42:395 CDT [DEBUG] headers - << HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Content-Length: 1656
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Content-Type: text/html
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << WWW-Authenticate: Negotiate
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << WWW-Authenticate: NTLM
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 
> 20:05:41 GMT
> 2012/08/22 15:05:42:400 CDT [DEBUG] DefaultHttpClient - Connection can be 
> kept alive indefinitely
> 2012/08/22 15:05:42:401 CDT [DEBUG] DefaultHttpClient - 
> mail02.ndc.nasa.gov:443 requested authentication
> 2012/08/22 15:05:42:401 CDT [DEBUG] TargetAuthenticationStrategy - 
> Authentication schemes in the order of preference: [negotiate, Kerberos, 
> NTLM, Digest, Basic]
> 2012/08/22 15:05:42:409 CDT [DEBUG] SPNegoScheme - Received challenge '' from 
> the auth server
> 2012/08/22 15:05:42:410 CDT [DEBUG] TargetAuthenticationStrategy - Challenge 
> for Kerberos authentication scheme not available
> 2012/08/22 15:05:42:410 CDT [DEBUG] TargetAuthenticationStrategy - Challenge 
> for Digest authentication scheme not available
> 2012/08/22 15:05:42:410 CDT [DEBUG] TargetAuthenticationStrategy - Challenge 
> for Basic authentication scheme not available
> 2012/08/22 15:05:42:410 CDT [DEBUG] DefaultHttpClient - Selected 
> authentication options: [NEGOTIATE, NTLM]
> 2012/08/22 15:05:42:411 CDT [DEBUG] RequestAddCookies - CookieSpec selected: 
> best-match
> 2012/08/22 15:05:42:411 CDT [DEBUG] RequestAuthCache - Auth cache not set in 
> the context
> 2012/08/22 15:05:42:411 CDT [DEBUG] RequestTargetAuthentication - Target auth 
> state: CHALLENGED
> 2012/08/22 15:05:42:411 CDT [DEBUG] RequestTargetAuthentication - Generating 
> response to an authentication challenge using Negotiate scheme
> 2012/08/22 15:05:42:412 CDT [DEBUG] SPNegoScheme - init 
> mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:428 CDT [WARN] RequestTargetAuthentication - NEGOTIATE 
> authentication error: No valid credentials provided (Mechanism level: No 
> valid credentials provided (Mechanism level: Failed to find any Kerberos tgt))
> 2012/08/22 15:05:42:428 CDT [DEBUG] RequestTargetAuthentication - Generating 
> response to an authentication challenge using ntlm scheme
> 2012/08/22 15:05:42:430 CDT [DEBUG] RequestProxyAuthentication - Proxy auth 
> state: UNCHALLENGED
> 2012/08/22 15:05:42:431 CDT [DEBUG] DefaultHttpClient - Attempt 2 to execute 
> request
> 2012/08/22 15:05:42:431 CDT [DEBUG] DefaultClientConnection - Sending 
> request: GET /ews/Exchange.asmx HTTP/1.1
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> GET /ews/Exchange.asmx 
> HTTP/1.1
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> Connection: Keep-Alive
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> User-Agent: 
> Apache-HttpClient/4.2.1 (java 1.5)
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> Authorization: NTLM 
> TlRMTVNTUAABAAAANQIIIAYABgAkAAAABAAEACAAAAA2ADgATgBEAEMA
> 2012/08/22 15:05:42:479 CDT [DEBUG] DefaultClientConnection - Receiving 
> response: HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:42:479 CDT [DEBUG] headers - << HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:42:479 CDT [DEBUG] headers - << Content-Length: 1539
> 2012/08/22 15:05:42:479 CDT [DEBUG] headers - << Content-Type: text/html
> 2012/08/22 15:05:42:480 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
> 2012/08/22 15:05:42:480 CDT [DEBUG] headers - << WWW-Authenticate: NTLM 
> TlRMTVNTUAACAAAABgAGADgAAAA1AokiF/jsXoLF09YAAAAAAAAAAIwAjAA+AAAABQLODgAAAA9OAEQAQwACAAYATgBEAEMAAQASAE4ARABNAFMAQwBBAFMAMAA3AAQAGABuAGQAYwAuAG4AYQBzAGEALgBnAG8AdgADACwAbgBkAG0AcwBjAGEAcwAwADcALgBuAGQAYwAuAG4AYQBzAGEALgBnAG8AdgAFABgAbgBkAGMALgBuAGEAcwBhAC4AZwBvAHYAAAAAAA==
> 2012/08/22 15:05:42:480 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
> 2012/08/22 15:05:42:480 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 
> 20:05:42 GMT
> 2012/08/22 15:05:42:480 CDT [DEBUG] DefaultHttpClient - Connection can be 
> kept alive indefinitely
> 2012/08/22 15:05:42:481 CDT [DEBUG] DefaultHttpClient - 
> mail02.ndc.nasa.gov:443 requested authentication
> 2012/08/22 15:05:42:481 CDT [DEBUG] DefaultHttpClient - Authorization 
> challenge processed
> 2012/08/22 15:05:42:481 CDT [DEBUG] RequestAddCookies - CookieSpec selected: 
> best-match
> 2012/08/22 15:05:42:482 CDT [DEBUG] RequestAuthCache - Auth cache not set in 
> the context
> 2012/08/22 15:05:42:482 CDT [DEBUG] RequestTargetAuthentication - Target auth 
> state: HANDSHAKE
> 2012/08/22 15:05:42:491 CDT [DEBUG] RequestProxyAuthentication - Proxy auth 
> state: UNCHALLENGED
> 2012/08/22 15:05:42:491 CDT [DEBUG] DefaultHttpClient - Attempt 3 to execute 
> request
> 2012/08/22 15:05:42:491 CDT [DEBUG] DefaultClientConnection - Sending 
> request: GET /ews/Exchange.asmx HTTP/1.1
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> GET /ews/Exchange.asmx 
> HTTP/1.1
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> Connection: Keep-Alive
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> User-Agent: 
> Apache-HttpClient/4.2.1 (java 1.5)
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> Authorization: NTLM 
> TlRMTVNTUAADAAAAGAAYAEAAAAC4ALgAWAAAAAYABgAQAQAADgAOABYBAAAEAAQAJAEAAAAAAAAoAQAANQIIIBHmQ40nLaSFn1s5yZuMSjVu5GMt03gALm3CwkwfZcuQnNpCRGUtYgwBAQAAAAAAAKDzIIKhgM0BbuRjLdN4AC4AAAAAAgAGAE4ARABDAAEAEgBOAEQATQBTAEMAQQBTADAANwAEABgAbgBkAGMALgBuAGEAcwBhAC4AZwBvAHYAAwAsAG4AZABtAHMAYwBhAHMAMAA3AC4AbgBkAGMALgBuAGEAcwBhAC4AZwBvAHYABQAYAG4AZABjAC4AbgBhAHMAYQAuAGcAbwB2AAAAAABOAEQAQwBkAGcAbwBkAGIAZQB5ADYAOAA=
> 2012/08/22 15:05:42:548 CDT [DEBUG] DefaultClientConnection - Receiving 
> response: HTTP/1.1 302 Found
> 2012/08/22 15:05:42:548 CDT [DEBUG] headers - << HTTP/1.1 302 Found
> 2012/08/22 15:05:42:548 CDT [DEBUG] headers - << Connection: close
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 
> 20:05:42 GMT
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << X-AspNet-Version: 2.0.50727
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Location: /ews/Services.wsdl
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Cache-Control: private
> 2012/08/22 15:05:42:550 CDT [DEBUG] headers - << Content-Type: text/html
> 2012/08/22 15:05:42:551 CDT [DEBUG] DefaultRedirectStrategy - Redirect 
> requested to location '/ews/Services.wsdl'
> 2012/08/22 15:05:42:558 CDT [DEBUG] DefaultHttpClient - Redirecting to 
> 'https://mail02.ndc.nasa.gov:443/ews/Services.wsdl' via 
> {s}->https://mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:559 CDT [DEBUG] DefaultClientConnection - Connection 
> 0.0.0.0:56462<->198.117.0.46:443 closed
> 2012/08/22 15:05:42:560 CDT [DEBUG] DefaultClientConnectionOperator - 
> Connecting to mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:703 CDT [DEBUG] RequestAddCookies - CookieSpec selected: 
> best-match
> 2012/08/22 15:05:42:704 CDT [DEBUG] RequestAuthCache - Auth cache not set in 
> the context
> 2012/08/22 15:05:42:704 CDT [DEBUG] RequestTargetAuthentication - Target auth 
> state: HANDSHAKE
> 2012/08/22 15:05:42:704 CDT [ERROR] RequestTargetAuthentication - NTLM 
> authentication error: Unexpected state: MSG_TYPE3_GENERATED
> 2012/08/22 15:05:42:704 CDT [DEBUG] RequestProxyAuthentication - Proxy auth 
> state: UNCHALLENGED
> 2012/08/22 15:05:42:705 CDT [DEBUG] DefaultHttpClient - Attempt 4 to execute 
> request
> 2012/08/22 15:05:42:705 CDT [DEBUG] DefaultClientConnection - Sending 
> request: GET /ews/Services.wsdl HTTP/1.1
> 2012/08/22 15:05:42:705 CDT [DEBUG] headers - >> GET /ews/Services.wsdl 
> HTTP/1.1
> 2012/08/22 15:05:42:705 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:705 CDT [DEBUG] headers - >> Connection: Keep-Alive
> 2012/08/22 15:05:42:706 CDT [DEBUG] headers - >> User-Agent: 
> Apache-HttpClient/4.2.1 (java 1.5)
> 2012/08/22 15:05:43:091 CDT [DEBUG] DefaultClientConnection - Receiving 
> response: HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:43:092 CDT [DEBUG] headers - << HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:43:092 CDT [DEBUG] headers - << Content-Length: 1656
> 2012/08/22 15:05:43:092 CDT [DEBUG] headers - << Content-Type: text/html
> 2012/08/22 15:05:43:092 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
> 2012/08/22 15:05:43:093 CDT [DEBUG] headers - << WWW-Authenticate: Negotiate
> 2012/08/22 15:05:43:093 CDT [DEBUG] headers - << WWW-Authenticate: NTLM
> 2012/08/22 15:05:43:093 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
> 2012/08/22 15:05:43:093 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 
> 20:05:42 GMT
> 2012/08/22 15:05:43:093 CDT [DEBUG] DefaultHttpClient - Connection can be 
> kept alive indefinitely
> 2012/08/22 15:05:43:094 CDT [DEBUG] DefaultHttpClient - 
> mail02.ndc.nasa.gov:443 requested authentication
> 2012/08/22 15:05:43:094 CDT [DEBUG] DefaultHttpClient - Authorization 
> challenge processed
> 2012/08/22 15:05:43:094 CDT [DEBUG] DefaultHttpClient - Authentication failed
> Source breakpoint: NtlmTest1.java:229
> ----------------------------------------
> HTTP/1.1 401 Unauthorized
> Response content length: 1656
> 2012/08/22 15:05:48:626 CDT [DEBUG] BasicClientConnectionManager - Releasing 
> connection org.apache.http.impl.conn.ManagedClientConnectionImpl@18b1f8f
> 2012/08/22 15:05:48:626 CDT [DEBUG] BasicClientConnectionManager - Connection 
> can be kept alive indefinitely
> 2012/08/22 15:05:48:626 CDT [DEBUG] DefaultClientConnection - Connection 
> 0.0.0.0:56463<->198.117.0.46:443 closed

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (HTTPCLIENT-1224) (regression) NTLM auth not retried after a redirect over a non-persistent connection

Reply via email to