[jira] [Comment Edited] (HTTPCLIENT-1224) (regression) NTLM auth not retried after a redirect over a non-persistent connection

Fri, 31 Aug 2012 11:15:09 -0700 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13446191#comment-13446191
 ] 

Oleg Kalnichevski edited comment on HTTPCLIENT-1224 at 9/1/12 5:13 AM:
-----------------------------------------------------------------------

Dave,

I am fairly confident the problem should have been fixed. I suspect you are not 
using the latest code. I added a number of additional log statements [1] that I 
cannot see in the log even though they should be there. Could you please let me 
know what revision are you using and check the classdpath of your application 
for older versions of HttpClient.

Oleg

[1] 
http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/client/HttpAuthenticator.java?r1=1376672&r2=1376671&pathrev=1376672
                
      was (Author: olegk):
    Dave,

I fairly confident the problem should have been fixed. I suspect you are not 
using the latest code. I added a number of additional log statements [1] that I 
cannot see in the log even though they should be there. Could you please let me 
know what revision are you using and check the classdpath of your application 
for older versions of HttpClient.

Oleg

[1] 
http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/client/HttpAuthenticator.java?r1=1376672&r2=1376671&pathrev=1376672
                  
> (regression) NTLM auth not retried after a redirect over a non-persistent 
> connection
> ------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1224
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1224
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.1
>         Environment: Fedora 15
>            Reporter: Dave Godbey
>              Labels: NTLM, authentication, redirect
>             Fix For: 4.2.2
>
>
> When you communicate with a Microsoft Exchange server (eg. EWS), you point to 
> /ews/Exchange.asmx. Exchange replies with a redirect order to 
> ews/Services.wsdl. Client is failing to complete this with following wire log:
> executing request: GET /ews/Exchange.asmx HTTP/1.1
> to target: https://mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:41:570 CDT [DEBUG] BasicClientConnectionManager - Get 
> connection for route {s}->https://mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:41:785 CDT [DEBUG] DefaultClientConnectionOperator - 
> Connecting to mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:324 CDT [DEBUG] RequestAddCookies - CookieSpec selected: 
> best-match
> 2012/08/22 15:05:42:337 CDT [DEBUG] RequestAuthCache - Auth cache not set in 
> the context
> 2012/08/22 15:05:42:337 CDT [DEBUG] RequestTargetAuthentication - Target auth 
> state: UNCHALLENGED
> 2012/08/22 15:05:42:338 CDT [DEBUG] RequestProxyAuthentication - Proxy auth 
> state: UNCHALLENGED
> 2012/08/22 15:05:42:338 CDT [DEBUG] DefaultHttpClient - Attempt 1 to execute 
> request
> 2012/08/22 15:05:42:338 CDT [DEBUG] DefaultClientConnection - Sending 
> request: GET /ews/Exchange.asmx HTTP/1.1
> 2012/08/22 15:05:42:339 CDT [DEBUG] headers - >> GET /ews/Exchange.asmx 
> HTTP/1.1
> 2012/08/22 15:05:42:339 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:340 CDT [DEBUG] headers - >> Connection: Keep-Alive
> 2012/08/22 15:05:42:340 CDT [DEBUG] headers - >> User-Agent: 
> Apache-HttpClient/4.2.1 (java 1.5)
> 2012/08/22 15:05:42:395 CDT [DEBUG] DefaultClientConnection - Receiving 
> response: HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:42:395 CDT [DEBUG] headers - << HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Content-Length: 1656
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Content-Type: text/html
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << WWW-Authenticate: Negotiate
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << WWW-Authenticate: NTLM
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
> 2012/08/22 15:05:42:396 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 
> 20:05:41 GMT
> 2012/08/22 15:05:42:400 CDT [DEBUG] DefaultHttpClient - Connection can be 
> kept alive indefinitely
> 2012/08/22 15:05:42:401 CDT [DEBUG] DefaultHttpClient - 
> mail02.ndc.nasa.gov:443 requested authentication
> 2012/08/22 15:05:42:401 CDT [DEBUG] TargetAuthenticationStrategy - 
> Authentication schemes in the order of preference: [negotiate, Kerberos, 
> NTLM, Digest, Basic]
> 2012/08/22 15:05:42:409 CDT [DEBUG] SPNegoScheme - Received challenge '' from 
> the auth server
> 2012/08/22 15:05:42:410 CDT [DEBUG] TargetAuthenticationStrategy - Challenge 
> for Kerberos authentication scheme not available
> 2012/08/22 15:05:42:410 CDT [DEBUG] TargetAuthenticationStrategy - Challenge 
> for Digest authentication scheme not available
> 2012/08/22 15:05:42:410 CDT [DEBUG] TargetAuthenticationStrategy - Challenge 
> for Basic authentication scheme not available
> 2012/08/22 15:05:42:410 CDT [DEBUG] DefaultHttpClient - Selected 
> authentication options: [NEGOTIATE, NTLM]
> 2012/08/22 15:05:42:411 CDT [DEBUG] RequestAddCookies - CookieSpec selected: 
> best-match
> 2012/08/22 15:05:42:411 CDT [DEBUG] RequestAuthCache - Auth cache not set in 
> the context
> 2012/08/22 15:05:42:411 CDT [DEBUG] RequestTargetAuthentication - Target auth 
> state: CHALLENGED
> 2012/08/22 15:05:42:411 CDT [DEBUG] RequestTargetAuthentication - Generating 
> response to an authentication challenge using Negotiate scheme
> 2012/08/22 15:05:42:412 CDT [DEBUG] SPNegoScheme - init 
> mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:428 CDT [WARN] RequestTargetAuthentication - NEGOTIATE 
> authentication error: No valid credentials provided (Mechanism level: No 
> valid credentials provided (Mechanism level: Failed to find any Kerberos tgt))
> 2012/08/22 15:05:42:428 CDT [DEBUG] RequestTargetAuthentication - Generating 
> response to an authentication challenge using ntlm scheme
> 2012/08/22 15:05:42:430 CDT [DEBUG] RequestProxyAuthentication - Proxy auth 
> state: UNCHALLENGED
> 2012/08/22 15:05:42:431 CDT [DEBUG] DefaultHttpClient - Attempt 2 to execute 
> request
> 2012/08/22 15:05:42:431 CDT [DEBUG] DefaultClientConnection - Sending 
> request: GET /ews/Exchange.asmx HTTP/1.1
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> GET /ews/Exchange.asmx 
> HTTP/1.1
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> Connection: Keep-Alive
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> User-Agent: 
> Apache-HttpClient/4.2.1 (java 1.5)
> 2012/08/22 15:05:42:431 CDT [DEBUG] headers - >> Authorization: NTLM 
> TlRMTVNTUAABAAAANQIIIAYABgAkAAAABAAEACAAAAA2ADgATgBEAEMA
> 2012/08/22 15:05:42:479 CDT [DEBUG] DefaultClientConnection - Receiving 
> response: HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:42:479 CDT [DEBUG] headers - << HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:42:479 CDT [DEBUG] headers - << Content-Length: 1539
> 2012/08/22 15:05:42:479 CDT [DEBUG] headers - << Content-Type: text/html
> 2012/08/22 15:05:42:480 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
> 2012/08/22 15:05:42:480 CDT [DEBUG] headers - << WWW-Authenticate: NTLM 
> TlRMTVNTUAACAAAABgAGADgAAAA1AokiF/jsXoLF09YAAAAAAAAAAIwAjAA+AAAABQLODgAAAA9OAEQAQwACAAYATgBEAEMAAQASAE4ARABNAFMAQwBBAFMAMAA3AAQAGABuAGQAYwAuAG4AYQBzAGEALgBnAG8AdgADACwAbgBkAG0AcwBjAGEAcwAwADcALgBuAGQAYwAuAG4AYQBzAGEALgBnAG8AdgAFABgAbgBkAGMALgBuAGEAcwBhAC4AZwBvAHYAAAAAAA==
> 2012/08/22 15:05:42:480 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
> 2012/08/22 15:05:42:480 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 
> 20:05:42 GMT
> 2012/08/22 15:05:42:480 CDT [DEBUG] DefaultHttpClient - Connection can be 
> kept alive indefinitely
> 2012/08/22 15:05:42:481 CDT [DEBUG] DefaultHttpClient - 
> mail02.ndc.nasa.gov:443 requested authentication
> 2012/08/22 15:05:42:481 CDT [DEBUG] DefaultHttpClient - Authorization 
> challenge processed
> 2012/08/22 15:05:42:481 CDT [DEBUG] RequestAddCookies - CookieSpec selected: 
> best-match
> 2012/08/22 15:05:42:482 CDT [DEBUG] RequestAuthCache - Auth cache not set in 
> the context
> 2012/08/22 15:05:42:482 CDT [DEBUG] RequestTargetAuthentication - Target auth 
> state: HANDSHAKE
> 2012/08/22 15:05:42:491 CDT [DEBUG] RequestProxyAuthentication - Proxy auth 
> state: UNCHALLENGED
> 2012/08/22 15:05:42:491 CDT [DEBUG] DefaultHttpClient - Attempt 3 to execute 
> request
> 2012/08/22 15:05:42:491 CDT [DEBUG] DefaultClientConnection - Sending 
> request: GET /ews/Exchange.asmx HTTP/1.1
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> GET /ews/Exchange.asmx 
> HTTP/1.1
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> Connection: Keep-Alive
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> User-Agent: 
> Apache-HttpClient/4.2.1 (java 1.5)
> 2012/08/22 15:05:42:491 CDT [DEBUG] headers - >> Authorization: NTLM 
> TlRMTVNTUAADAAAAGAAYAEAAAAC4ALgAWAAAAAYABgAQAQAADgAOABYBAAAEAAQAJAEAAAAAAAAoAQAANQIIIBHmQ40nLaSFn1s5yZuMSjVu5GMt03gALm3CwkwfZcuQnNpCRGUtYgwBAQAAAAAAAKDzIIKhgM0BbuRjLdN4AC4AAAAAAgAGAE4ARABDAAEAEgBOAEQATQBTAEMAQQBTADAANwAEABgAbgBkAGMALgBuAGEAcwBhAC4AZwBvAHYAAwAsAG4AZABtAHMAYwBhAHMAMAA3AC4AbgBkAGMALgBuAGEAcwBhAC4AZwBvAHYABQAYAG4AZABjAC4AbgBhAHMAYQAuAGcAbwB2AAAAAABOAEQAQwBkAGcAbwBkAGIAZQB5ADYAOAA=
> 2012/08/22 15:05:42:548 CDT [DEBUG] DefaultClientConnection - Receiving 
> response: HTTP/1.1 302 Found
> 2012/08/22 15:05:42:548 CDT [DEBUG] headers - << HTTP/1.1 302 Found
> 2012/08/22 15:05:42:548 CDT [DEBUG] headers - << Connection: close
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 
> 20:05:42 GMT
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << X-AspNet-Version: 2.0.50727
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Location: /ews/Services.wsdl
> 2012/08/22 15:05:42:549 CDT [DEBUG] headers - << Cache-Control: private
> 2012/08/22 15:05:42:550 CDT [DEBUG] headers - << Content-Type: text/html
> 2012/08/22 15:05:42:551 CDT [DEBUG] DefaultRedirectStrategy - Redirect 
> requested to location '/ews/Services.wsdl'
> 2012/08/22 15:05:42:558 CDT [DEBUG] DefaultHttpClient - Redirecting to 
> 'https://mail02.ndc.nasa.gov:443/ews/Services.wsdl' via 
> {s}->https://mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:559 CDT [DEBUG] DefaultClientConnection - Connection 
> 0.0.0.0:56462<->198.117.0.46:443 closed
> 2012/08/22 15:05:42:560 CDT [DEBUG] DefaultClientConnectionOperator - 
> Connecting to mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:703 CDT [DEBUG] RequestAddCookies - CookieSpec selected: 
> best-match
> 2012/08/22 15:05:42:704 CDT [DEBUG] RequestAuthCache - Auth cache not set in 
> the context
> 2012/08/22 15:05:42:704 CDT [DEBUG] RequestTargetAuthentication - Target auth 
> state: HANDSHAKE
> 2012/08/22 15:05:42:704 CDT [ERROR] RequestTargetAuthentication - NTLM 
> authentication error: Unexpected state: MSG_TYPE3_GENERATED
> 2012/08/22 15:05:42:704 CDT [DEBUG] RequestProxyAuthentication - Proxy auth 
> state: UNCHALLENGED
> 2012/08/22 15:05:42:705 CDT [DEBUG] DefaultHttpClient - Attempt 4 to execute 
> request
> 2012/08/22 15:05:42:705 CDT [DEBUG] DefaultClientConnection - Sending 
> request: GET /ews/Services.wsdl HTTP/1.1
> 2012/08/22 15:05:42:705 CDT [DEBUG] headers - >> GET /ews/Services.wsdl 
> HTTP/1.1
> 2012/08/22 15:05:42:705 CDT [DEBUG] headers - >> Host: mail02.ndc.nasa.gov:443
> 2012/08/22 15:05:42:705 CDT [DEBUG] headers - >> Connection: Keep-Alive
> 2012/08/22 15:05:42:706 CDT [DEBUG] headers - >> User-Agent: 
> Apache-HttpClient/4.2.1 (java 1.5)
> 2012/08/22 15:05:43:091 CDT [DEBUG] DefaultClientConnection - Receiving 
> response: HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:43:092 CDT [DEBUG] headers - << HTTP/1.1 401 Unauthorized
> 2012/08/22 15:05:43:092 CDT [DEBUG] headers - << Content-Length: 1656
> 2012/08/22 15:05:43:092 CDT [DEBUG] headers - << Content-Type: text/html
> 2012/08/22 15:05:43:092 CDT [DEBUG] headers - << Server: Microsoft-IIS/6.0
> 2012/08/22 15:05:43:093 CDT [DEBUG] headers - << WWW-Authenticate: Negotiate
> 2012/08/22 15:05:43:093 CDT [DEBUG] headers - << WWW-Authenticate: NTLM
> 2012/08/22 15:05:43:093 CDT [DEBUG] headers - << X-Powered-By: ASP.NET
> 2012/08/22 15:05:43:093 CDT [DEBUG] headers - << Date: Wed, 22 Aug 2012 
> 20:05:42 GMT
> 2012/08/22 15:05:43:093 CDT [DEBUG] DefaultHttpClient - Connection can be 
> kept alive indefinitely
> 2012/08/22 15:05:43:094 CDT [DEBUG] DefaultHttpClient - 
> mail02.ndc.nasa.gov:443 requested authentication
> 2012/08/22 15:05:43:094 CDT [DEBUG] DefaultHttpClient - Authorization 
> challenge processed
> 2012/08/22 15:05:43:094 CDT [DEBUG] DefaultHttpClient - Authentication failed
> Source breakpoint: NtlmTest1.java:229
> ----------------------------------------
> HTTP/1.1 401 Unauthorized
> Response content length: 1656
> 2012/08/22 15:05:48:626 CDT [DEBUG] BasicClientConnectionManager - Releasing 
> connection org.apache.http.impl.conn.ManagedClientConnectionImpl@18b1f8f
> 2012/08/22 15:05:48:626 CDT [DEBUG] BasicClientConnectionManager - Connection 
> can be kept alive indefinitely
> 2012/08/22 15:05:48:626 CDT [DEBUG] DefaultClientConnection - Connection 
> 0.0.0.0:56463<->198.117.0.46:443 closed

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to