________________________________
From: Pankaj Arora
Sent: Thursday, May 17, 2007 4:24 PM
To: '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'
Subject: HttpClient authentication problem.
Hi,
I am using Http Client to authenticate to IIS web Server for doing NTLM
authentication. Here's the description of sample codes I am using:
Program1 :: This code create 2 state,method,host configuration and use a
single instance of httpClient to execute method. Please not that in
first go I give the correct credentials for NTLM authentication and in
the second go I give the wrong credentials. In the response I observe
that I get http code 200 and in second go I don't even see
authentication happening when data is captured over ethereal.
Program2:: This code also create 2 state,method,host configuration but
use separate instance of httpClient to execute method. Please not that
in first go I give the correct credentials for NTLM authentication and
in the second go I give the wrong credentials. In the response I observe
that I get http code 200 and in second go I get response code as 401.
The problem is I want to use single instance of HttpClient and also want
that session info is not maintained over the requests. Simply speaking I
want behavior 2 to happen when their is single instance of HttpClient.
Is there a way to do this?
Code and response received from server for reference.
Program1:
________________________________________________________________________
___________________________________________________________
// Create an instance of HttpClient.
HttpClient client1 = new HttpClient();
HttpMethod _method1 = new GetMethod(url);
HttpState _httpState1 = new HttpState();
HostConfiguration hostConfig1 = new HostConfiguration();
UsernamePasswordCredentials credentials1;
credentials1 = new
NTCredentials("administrator","password","host","domain");
AuthScope authScope1 = new AuthScope("host",port,domain,"NTLM");
_httpState1.setCredentials(authScope1,credentials1);
hostConfig1.setHost("host"port);
try {
// Execute the method.
int statusCode =
client1.executeMethod(hostConfig1,_method1,_httpState1);
System.out.println("Status code :" + statusCode);
if (statusCode != HttpStatus.SC_OK) {
System.err.println("Method failed: " + _method1.getStatusLine()
+ "StatusCode:" + statusCode);
}
// Read the response body.
byte[] responseBody = _method1.getResponseBody();
Header[] responseHeaders = _method1.getResponseHeaders();
// Header header;
System.out.println("----------------------------------------------------
-----------------------------------");
for( Header header : responseHeaders){
System.out.println("Headers is " + header.getName() + "and the value
is :" + header.getValue());
}
HttpMethod _method2 = new GetMethod(url);
HttpState _httpState2 = new HttpState();
HostConfiguration hostConfig2 = new HostConfiguration();
UsernamePasswordCredentials credentials2;
credentials2 = new NTCredentials("administrator","wrong
password","host","domain");
AuthScope authScope2 = new AuthScope("host",port,"host","domain");
_httpState2.setCredentials(authScope2,credentials2);
hostConfig2.setHost("host",port);
_httpState2.setCredentials(authScope2,credentials2);
statusCode =
client1.executeMethod(hostConfig2,_method2,_httpState2);
System.out.println("Status code :" + statusCode);
if (statusCode != HttpStatus.SC_OK) {
System.err.println("Method failed: " + _method2.getStatusLine()
+ "StatusCode:" + statusCode);
}
// Read the response body.
responseBody = _method2.getResponseBody();
responseHeaders = _method2.getResponseHeaders();
// Header header;
System.out.println("----------------------------------------------------
-----------------------------------");
for( Header header : responseHeaders){
System.out.println("Headers is " + header.getName() + "and the value
is :" + header.getValue());
}
________________________________________________________________________
__________________________________________________________________
Response 1:
________________________________________________________________________
___________________________________________________________________
May 17, 2007 2:40:17 AM
org.apache.commons.httpclient.auth.AuthChallengeProcessor
selectAuthScheme
INFO: ntlm authentication scheme selected
Status code :200
------------------------------------------------------------------------
---------------
Headers is Content-Lengthand the value is :51
Headers is Content-Typeand the value is :text/html
Headers is Last-Modifiedand the value is :Sat, 14 Apr 2007 08:44:30 GMT
Headers is Accept-Rangesand the value is :bytes
Headers is ETagand the value is :"5cc42b1e717ec71:11d9"
Headers is Serverand the value is :Microsoft-IIS/6.0
Headers is Dateand the value is :Thu, 17 May 2007 09:30:53 GMT
Status code :200
------------------------------------------------------------------------
---------------
Headers is Content-Lengthand the value is :51
Headers is Content-Typeand the value is :text/html
Headers is Last-Modifiedand the value is :Sat, 14 Apr 2007 08:44:30 GMT
Headers is Accept-Rangesand the value is :bytes
Headers is ETagand the value is :"5cc42b1e717ec71:11d9"
Headers is Serverand the value is :Microsoft-IIS/6.0
Headers is Dateand the value is :Thu, 17 May 2007 09:30:53 GMT
________________________________________________________________________
____________________________________________________________
Program2:
________________________________________________________________________
______________________________________________________________
// Create an instance of HttpClient.
HttpClient client1 = new HttpClient();
HttpMethod _method1 = new GetMethod(url);
HttpState _httpState1 = new HttpState();
HostConfiguration hostConfig1 = new HostConfiguration();
UsernamePasswordCredentials credentials1;
credentials1 = new
NTCredentials("administrator","password","host","domain");
AuthScope authScope1 = new AuthScope("host",port,domain,"NTLM");
_httpState1.setCredentials(authScope1,credentials1);
hostConfig1.setHost("host"port);
try {
// Execute the method.
int statusCode =
client1.executeMethod(hostConfig1,_method1,_httpState1);
System.out.println("Status code :" + statusCode);
if (statusCode != HttpStatus.SC_OK) {
System.err.println("Method failed: " + _method1.getStatusLine()
+ "StatusCode:" + statusCode);
}
// Read the response body.
byte[] responseBody = _method1.getResponseBody();
Header[] responseHeaders = _method1.getResponseHeaders();
// Header header;
System.out.println("----------------------------------------------------
-----------------------------------");
for( Header header : responseHeaders){
System.out.println("Headers is " + header.getName() + "and the value
is :" + header.getValue());
}
HttpClient client2 = new HttpClient();
HttpMethod _method2 = new GetMethod(url);
HttpState _httpState2 = new HttpState();
HostConfiguration hostConfig2 = new HostConfiguration();
UsernamePasswordCredentials credentials2;
credentials2 = new NTCredentials("administrator","wrong
password","host","domain");
AuthScope authScope2 = new AuthScope("host",port,"host","domain");
_httpState2.setCredentials(authScope2,credentials2);
hostConfig2.setHost("host",port);
_httpState2.setCredentials(authScope2,credentials2);
statusCode =
client2.executeMethod(hostConfig2,_method2,_httpState2);
System.out.println("Status code :" + statusCode);
if (statusCode != HttpStatus.SC_OK) {
System.err.println("Method failed: " + _method2.getStatusLine()
+ "StatusCode:" + statusCode);
}
// Read the response body.
responseBody = _method2.getResponseBody();
responseHeaders = _method2.getResponseHeaders();
// Header header;
System.out.println("----------------------------------------------------
-----------------------------------");
for( Header header : responseHeaders){
System.out.println("Headers is " + header.getName() + "and the value
is :" + header.getValue());
}
________________________________________________________________________
__________________________________________________________________
Response 2:
________________________________________________________________________
___________________________________________________________________
May 17, 2007 3:43:07 AM
org.apache.commons.httpclient.auth.AuthChallengeProcessor
selectAuthScheme
INFO: ntlm authentication scheme selected
Status code :200
------------------------------------------------------------------------
---------------
Headers is Content-Lengthand the value is :51
Headers is Content-Typeand the value is :text/html
Headers is Last-Modifiedand the value is :Sat, 14 Apr 2007 08:44:30 GMT
Headers is Accept-Rangesand the value is :bytes
Headers is ETagand the value is :"5cc42b1e717ec71:11e1"
Headers is Serverand the value is :Microsoft-IIS/6.0
Headers is Dateand the value is :Thu, 17 May 2007 10:33:42 GMT
May 17, 2007 3:43:08 AM
org.apache.commons.httpclient.auth.AuthChallengeProcessor
selectAuthScheme
INFO: ntlm authentication scheme selected
May 17, 2007 3:43:08 AM org.apache.commons.httpclient.HttpMethodDirector
processWWWAuthChallenge
INFO: Failure authenticating with NTLM <any realm>@vm3-ntlm-01:8589
Status code :401
Method failed: HTTP/1.1 401 UnauthorizedStatusCode:401
------------------------------------------------------------------------
---------------
Headers is Content-Lengthand the value is :1539
Headers is Content-Typeand the value is :text/html
Headers is Serverand the value is :Microsoft-IIS/6.0
Headers is WWW-Authenticateand the value is :Negotiate
Headers is WWW-Authenticateand the value is :NTLM
Headers is Dateand the value is :Thu, 17 May 2007 10:33:42 GMT
________________________________________________________________________
_______________________________________________________________
