On Tue, 2006-03-14 at 12:16 -0500, Wagner, John (MED US) wrote: > > Ok - I enabled the content/wire logging and noticed the following error: > Cannot find any provider supporting DES/ECB/NoPadding - What > does this mean? >
"DES encryption is not available" That means one and only thing: the JCE you are using is either misconfigured or does not support strong ciphers. Since you snipped the part of log that tell the JVM version and JCE providers available I am unable to tell you more Please in the future do reply to the mailing list, not to me directly Oleg > Here's the output: > > 2006/03/14 11:36:39:522 EST [DEBUG] DefaultHttpParams - -Set parameter > http.useragent = Jakarta Commons-HttpClient/3.0-rc4 > 2006/03/14 11:36:39:522 EST [DEBUG] DefaultHttpParams - -Set parameter > http.protocol.version = HTTP/1.1 > 2006/03/14 11:36:39:522 EST [DEBUG] DefaultHttpParams - -Set parameter > http.connection-manager.class = class > org.apache.commons.httpclient.SimpleHttpConnectionManager > 2006/03/14 11:36:39:522 EST [DEBUG] DefaultHttpParams - -Set parameter > http.protocol.cookie-policy = rfc2109 > 2006/03/14 11:36:39:522 EST [DEBUG] DefaultHttpParams - -Set parameter > http.protocol.element-charset = US-ASCII > 2006/03/14 11:36:39:522 EST [DEBUG] DefaultHttpParams - -Set parameter > http.protocol.content-charset = ISO-8859-1 > 2006/03/14 11:36:39:538 EST [DEBUG] DefaultHttpParams - -Set parameter > http.method.retry-handler = > [EMAIL PROTECTED] > 2006/03/14 11:36:39:538 EST [DEBUG] DefaultHttpParams - -Set parameter > http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, > dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy > HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE > dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy > HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, > EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy > HH:mm:ss z] > 2006/03/14 11:36:39:569 EST [DEBUG] DefaultHttpParams - -Set parameter > http.auth.scheme-priority = [NTLM] > 2006/03/14 11:36:39:616 EST [DEBUG] DefaultHttpParams - -Set parameter > http.method.retry-handler = > [EMAIL PROTECTED] > 2006/03/14 11:36:39:632 EST [DEBUG] HttpConnection - -Open connection to > usi00-proxy.ww005.siemens.net:8080 > 2006/03/14 11:36:39:710 EST [DEBUG] header - ->> "GET > http://www.google.com/ HTTP/1.1[\r][\n]" > 2006/03/14 11:36:39:710 EST [DEBUG] HttpMethodBase - -Adding Host > request header > 2006/03/14 11:36:39:741 EST [DEBUG] header - ->> "User-Agent: Jakarta > Commons-HttpClient/3.0-rc4[\r][\n]" > 2006/03/14 11:36:39:741 EST [DEBUG] header - ->> "Host: > www.google.com[\r][\n]" > 2006/03/14 11:36:39:741 EST [DEBUG] header - ->> "Proxy-Connection: > Keep-Alive[\r][\n]" > 2006/03/14 11:36:39:741 EST [DEBUG] header - ->> "[\r][\n]" > 2006/03/14 11:36:39:757 EST [DEBUG] header - -<< "HTTP/1.1 407 Proxy > Authentication Required ( The ISA Server requires authorization to > fulfill the request. Access to the Web Proxy service is denied. > )[\r][\n]" > 2006/03/14 11:36:39:757 EST [DEBUG] header - -<< "Via: 1.1 > MLVV9W3A[\r][\n]" > 2006/03/14 11:36:39:757 EST [DEBUG] header - -<< "Proxy-Authenticate: > NTLM[\r][\n]" > 2006/03/14 11:36:39:757 EST [DEBUG] header - -<< "Proxy-Authenticate: > Kerberos[\r][\n]" > 2006/03/14 11:36:39:757 EST [DEBUG] header - -<< "Proxy-Authenticate: > Negotiate[\r][\n]" > 2006/03/14 11:36:39:757 EST [DEBUG] header - -<< "Connection: > close[\r][\n]" > 2006/03/14 11:36:39:757 EST [DEBUG] header - -<< "Proxy-Connection: > close[\r][\n]" > 2006/03/14 11:36:39:757 EST [DEBUG] header - -<< "Pragma: > no-cache[\r][\n]" > 2006/03/14 11:36:39:757 EST [DEBUG] header - -<< "Cache-Control: > no-cache[\r][\n]" > 2006/03/14 11:36:39:757 EST [DEBUG] header - -<< "Content-Type: > text/html[\r][\n]" > 2006/03/14 11:36:39:757 EST [DEBUG] header - -<< "Content-Length: > 2377[\r][\n]" > 2006/03/14 11:36:39:757 EST [DEBUG] HttpMethodDirector - -Authorization > required > 2006/03/14 11:36:39:757 EST [DEBUG] AuthChallengeProcessor - -Supported > authentication schemes in the order of preference: [NTLM] > 2006/03/14 11:36:39:757 EST [INFO] AuthChallengeProcessor - -NTLM > authentication scheme selected > 2006/03/14 11:36:39:772 EST [DEBUG] AuthChallengeProcessor - -Using > authentication scheme: ntlm > 2006/03/14 11:36:39:772 EST [DEBUG] AuthChallengeProcessor - > -Authorization challenge processed > 2006/03/14 11:36:39:772 EST [DEBUG] HttpMethodDirector - -Proxy > authentication scope: NTLM <any > realm>@usi00-proxy.ww005.siemens.net:8080 > 2006/03/14 11:36:39:772 EST [DEBUG] HttpMethodDirector - -Retry > authentication > 2006/03/14 11:36:39:788 EST [DEBUG] HttpMethodBase - -Should close > connection in response to directive: close > 2006/03/14 11:36:39:788 EST [DEBUG] HttpConnection - -Connection is > locked. Call to releaseConnection() ignored. > 2006/03/14 11:36:39:788 EST [DEBUG] HttpMethodDirector - -Authenticating > with NTLM <any realm>@usi00-proxy.ww005.siemens.net:8080 > 2006/03/14 11:36:39:788 EST [DEBUG] HttpMethodParams - -Credential > charset not configured, using HTTP element charset > 2006/03/14 11:36:39:788 EST [DEBUG] HttpConnection - -Open connection to > usi00-proxy.ww005.siemens.net:8080 > 2006/03/14 11:36:39:788 EST [DEBUG] header - ->> "GET > http://www.google.com/ HTTP/1.1[\r][\n]" > 2006/03/14 11:36:39:788 EST [DEBUG] HttpMethodBase - -Adding Host > request header > 2006/03/14 11:36:39:788 EST [DEBUG] header - ->> "User-Agent: Jakarta > Commons-HttpClient/3.0-rc4[\r][\n]" > 2006/03/14 11:36:39:788 EST [DEBUG] header - ->> "Proxy-Connection: > Keep-Alive[\r][\n]" > 2006/03/14 11:36:39:788 EST [DEBUG] header - ->> "Proxy-Authorization: > NTLM TlRMTVNTUAABAAAABlIAAAUABQAgAAAAAAAAACAAAABXVzAwNQ==[\r][\n]" > 2006/03/14 11:36:39:788 EST [DEBUG] header - ->> "Host: > www.google.com[\r][\n]" > 2006/03/14 11:36:39:788 EST [DEBUG] header - ->> "[\r][\n]" > 2006/03/14 11:36:39:803 EST [DEBUG] header - -<< "HTTP/1.1 407 Proxy > Authentication Required ( Access is denied. )[\r][\n]" > 2006/03/14 11:36:39:803 EST [DEBUG] header - -<< "Via: 1.1 > MLVV9W3A[\r][\n]" > 2006/03/14 11:36:39:803 EST [DEBUG] header - -<< "Proxy-Authenticate: > NTLM > TlRMTVNTUAACAAAABQAFADgAAAAGAoECLA3YBB5IUf8AAAAAAAAAAIQAhAA9AAAABQCTCAAA > AA9XVzAwNQIACgBXAFcAMAAwADUAAQAQAE0ATABWAFYAOQBXADMAQQAEACIAdwB3ADAAMAA1 > AC4AcwBpAGUAbQBlAG4AcwAuAG4AZQB0AAMANABNAEwAVgBWADkAVwAzAEEALgB3AHcAMAAw > ADUALgBzAGkAZQBtAGUAbgBzAC4AbgBlAHQAAAAAAA==[\r][\n]" > 2006/03/14 11:36:39:803 EST [DEBUG] header - -<< "Pragma: > no-cache[\r][\n]" > 2006/03/14 11:36:39:803 EST [DEBUG] header - -<< "Cache-Control: > no-cache[\r][\n]" > 2006/03/14 11:36:39:803 EST [DEBUG] header - -<< "Content-Type: > text/html[\r][\n]" > 2006/03/14 11:36:39:803 EST [DEBUG] header - -<< "Content-Length: > 0[\r][\n]" > 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodDirector - -Authorization > required > 2006/03/14 11:36:39:803 EST [DEBUG] AuthChallengeProcessor - -Using > authentication scheme: ntlm > 2006/03/14 11:36:39:803 EST [DEBUG] AuthChallengeProcessor - > -Authorization challenge processed > 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodDirector - -Proxy > authentication scope: NTLM <any > realm>@usi00-proxy.ww005.siemens.net:8080 > 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodDirector - -Retry > authentication > 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodBase - -Resorting to > protocol version default close connection policy > 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodBase - -Should NOT close > connection, using HTTP/1.1 > 2006/03/14 11:36:39:803 EST [DEBUG] HttpConnection - -Connection is > locked. Call to releaseConnection() ignored. > 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodDirector - -Authenticating > with NTLM <any realm>@usi00-proxy.ww005.siemens.net:8080 > 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodParams - -Credential > charset not configured, using HTTP element charset > 2006/03/14 11:36:40:632 EST [ERROR] HttpMethodDirector - -DES encryption > is not available. > <org.apache.commons.httpclient.auth.AuthenticationException: DES > encryption is not > available.>org.apache.commons.httpclient.auth.AuthenticationException: > DES encryption is not available. > at > org.apache.commons.httpclient.auth.NTLM.getCipher(NTLM.java:118) > at > org.apache.commons.httpclient.auth.NTLM.encrypt(NTLM.java:164) > at > org.apache.commons.httpclient.auth.NTLM.hashPassword(NTLM.java:466) > at > org.apache.commons.httpclient.auth.NTLM.getType3Message(NTLM.java:417) > at > org.apache.commons.httpclient.auth.NTLMScheme.authenticate(NTLMScheme.ja > va:344) > at > org.apache.commons.httpclient.HttpMethodDirector.authenticateProxy(HttpM > ethodDirector.java:317) > at > org.apache.commons.httpclient.HttpMethodDirector.authenticate(HttpMethod > Director.java:230) > at > org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMetho > dDirector.java:169) > at > org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:3 > 96) > at > org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:3 > 24) > at HttpClientNTLM.main(HttpClientNTLM.java:51) > Caused by: java.security.NoSuchAlgorithmException: Cannot find any > provider supporting DES/ECB/NoPadding > at javax.crypto.Cipher.getInstance(Unknown Source) > at > org.apache.commons.httpclient.auth.NTLM.getCipher(NTLM.java:113) > ... 10 more > > 2006/03/14 11:36:40:632 EST [DEBUG] header - ->> "GET > http://www.google.com/ HTTP/1.1[\r][\n]" > 2006/03/14 11:36:40:632 EST [DEBUG] HttpMethodBase - -Adding Host > request header > 2006/03/14 11:36:40:632 EST [DEBUG] header - ->> "User-Agent: Jakarta > Commons-HttpClient/3.0-rc4[\r][\n]" > 2006/03/14 11:36:40:632 EST [DEBUG] header - ->> "Proxy-Connection: > Keep-Alive[\r][\n]" > 2006/03/14 11:36:40:632 EST [DEBUG] header - ->> "Host: > www.google.com[\r][\n]" > 2006/03/14 11:36:40:632 EST [DEBUG] header - ->> "[\r][\n]" > 2006/03/14 11:36:40:647 EST [DEBUG] header - -<< "HTTP/1.1 407 Proxy > Authentication Required ( The ISA Server requires authorization to > fulfill the request. Access to the Web Proxy service is denied. > )[\r][\n]" > 2006/03/14 11:36:40:647 EST [DEBUG] header - -<< "Via: 1.1 > MLVV9W3A[\r][\n]" > 2006/03/14 11:36:40:647 EST [DEBUG] header - -<< "Proxy-Authenticate: > NTLM[\r][\n]" > 2006/03/14 11:36:40:647 EST [DEBUG] header - -<< "Proxy-Authenticate: > Kerberos[\r][\n]" > 2006/03/14 11:36:40:647 EST [DEBUG] header - -<< "Proxy-Authenticate: > Negotiate[\r][\n]" > 2006/03/14 11:36:40:647 EST [DEBUG] header - -<< "Pragma: > no-cache[\r][\n]" > 2006/03/14 11:36:40:647 EST [DEBUG] header - -<< "Cache-Control: > no-cache[\r][\n]" > 2006/03/14 11:36:40:647 EST [DEBUG] header - -<< "Content-Type: > text/html[\r][\n]" > 2006/03/14 11:36:40:647 EST [DEBUG] header - -<< "Content-Length: > 2377[\r][\n]" > 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodDirector - -Authorization > required > 2006/03/14 11:36:40:647 EST [DEBUG] AuthChallengeProcessor - -Using > authentication scheme: ntlm > 2006/03/14 11:36:40:647 EST [DEBUG] AuthChallengeProcessor - > -Authorization challenge processed > 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodDirector - -Proxy > authentication scope: NTLM <any > realm>@usi00-proxy.ww005.siemens.net:8080 > 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodDirector - -Proxy > credentials required > 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodDirector - -Proxy > credentials provider not available > 2006/03/14 11:36:40:647 EST [INFO] HttpMethodDirector - -Failure > authenticating with NTLM <any realm>@usi00-proxy.ww005.siemens.net:8080 > Method failed: HTTP/1.1 407 Proxy Authentication Required ( The ISA > Server requires authorization to fulfill the request. Access to the Web > Proxy service is denied. ) > 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodBase - -Buffering response > body > 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodBase - -Resorting to > protocol version default close connection policy > 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodBase - -Should NOT close > connection, using HTTP/1.1 > 2006/03/14 11:36:40:647 EST [DEBUG] HttpConnection - -Releasing > connection back to connection manager. > > Thanks. > > -----Original Message----- > From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 14, 2006 11:26 AM > To: HttpClient Project > Cc: Wagner, John (MED US) > Subject: Re: NTLM proxy auth > > On Tue, 2006-03-14 at 11:02 -0500, Wagner, John (MED US) wrote: > > Hi, > > > > I am trying to access the web through our corporate proxy server with > > uses NTLM. I have not been able to authenticate - receive 407 error. > > Attached is the code I'm using. When viewing the proxy logs, they > said > > that I was not passing any credentials to the proxy server and that is > > why I failed. > > John, > > It is going to be pretty easy to tell if that is indeed the case if you > turn on the context/wire logging: > > http://jakarta.apache.org/commons/httpclient/logging.html > > If you need help interpreting the log, feel free to post it to this > list. You might want to remove security sensitive data (such as user > credentials) from the log prior to posting it > > Oleg > > > Where did I go wrong? > > > > import java.util.*; > > import java.io.*; > > > > import org.apache.commons.httpclient.*; > > import org.apache.commons.httpclient.methods.*; > > import org.apache.commons.httpclient.params.HttpMethodParams; > > import org.apache.commons.httpclient.auth.*; > > > > public class HttpClientNTLM { > > > > private static String url = "http://www.google.com/";; > > > > public static void main(String[] args) { > > // Create an instance of HttpClient. > > HttpClient client = new HttpClient(); > > > > String NTUser=username; > > String NTPwd=password; > > String NTDomain=domain; > > > > client.getHostConfiguration().setHost("www.google.com"); > > client.getHostConfiguration().setProxy(proxy host, 8080); > > > > List authPrefs = new ArrayList(); > > authPrefs.add(AuthPolicy.NTLM); > > > > client.getState().setProxyCredentials( > > new AuthScope(null, 8080, null), > > new NTCredentials(NTUser, NTPwd, "", NTDomain)); > > > > client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, > > authPrefs); > > > > // Create a method instance. > > GetMethod method = new GetMethod(url); > > > > // Provide custom retry handler is necessary > > method.getParams().setParameter(HttpMethodParams.RETRY_HANDLER, > > new DefaultHttpMethodRetryHandler(3, false)); > > > > try { > > // Execute the method. > > int statusCode = client.executeMethod(method); > > > > if (statusCode != HttpStatus.SC_OK) { > > System.err.println("Method failed: " + > method.getStatusLine()); > > } > > > > // Read the response body. > > byte[] responseBody = method.getResponseBody(); > > > > // Deal with the response. > > // Use caution: ensure correct character encoding and is not > > binary data > > System.out.println(new String(responseBody)); > > > > } catch (HttpException e) { > > System.err.println("Fatal protocol violation: " + > e.getMessage()); > > e.printStackTrace(); > > } catch (IOException e) { > > System.err.println("Fatal transport error: " + e.getMessage()); > > e.printStackTrace(); > > } finally { > > // Release the connection. > > method.releaseConnection(); > > } > > } > > } > > > > > > > ------------------------------------------------------------------------ > ------- > > This message and any included attachments are from Siemens Medical > Solutions > > USA, Inc. and are intended only for the addressee(s). > > The information contained herein may include trade secrets or > privileged or > > otherwise confidential information. Unauthorized review, forwarding, > printing, > > copying, distributing, or using such information is strictly > prohibited and may > > be unlawful. If you received this message in error, or have reason to > believe > > you are not authorized to receive it, please promptly delete this > message and > > notify the sender by e-mail with a copy to > [EMAIL PROTECTED] > > > > Thank you > > > ------------------------------------------------------------------------------- > This message and any included attachments are from Siemens Medical Solutions > USA, Inc. and are intended only for the addressee(s). > The information contained herein may include trade secrets or privileged or > otherwise confidential information. Unauthorized review, forwarding, > printing, > copying, distributing, or using such information is strictly prohibited and > may > be unlawful. If you received this message in error, or have reason to believe > you are not authorized to receive it, please promptly delete this message and > notify the sender by e-mail with a copy to [EMAIL PROTECTED] > > Thank you > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
