Hi Ortwin,
There is a problem:
In real scenario- I am using a design which looks something like this
Single instance of HttpClient->Single Instance of MultithreadedConnectionManger.
Now these are used by multiple threads to acquire instance of client(which is
created using a single instance of Multithreaded connection manager) and calls
something like
getSingletonInstance().executeMethod(hostconfig,method,state);
Where
HttpClient getSingletonInstance(){
//This is implmented as singleton and returns
new HttpClient(new MultithreadedConnectionManager());
}
Then each request is executed. Now until I undeploy(clean up) the whole
application the second thread using the same instance of HttpClient do not
authenticate for the second request.
I understand that if I were using the SimpleHttpConnectionMAnger I could have
used the new HttpClient(new SimpleHttpConnectionManager(true)); as suggested by
you to close the connection and would have worked for me. I have tried and it
do work for me.
But in this case while using multithreaded connection manager I don't know
what to do.
Also please note that I am using the stable version 3.0.1 which doesn't have
API call like you have just suggested.
Though I have tried your suggestion on 3.1rc1 and it worked well.
Will appreciate your thoughts on this.
Thanks,
Pankaj Arora
-----Original Message-----
From: Ortwin Glück [mailto:[EMAIL PROTECTED]
Sent: Friday, May 18, 2007 1:44 PM
To: HttpComponents Project
Subject: Re: FW: HttpClient authentication problem.
Pankaj,
BASIC auth authenticates only a request.
NTLM auth however authenticates a whole connection!
So if the connection is reused no further authentication will be requested.
That's what you are seeing. If you want to authenticate each request, you must
make sure that the connection is closed after the request. You can achieve this
by disabling connection pooling:
new HttpClient(new SimpleHttpConnectionManager(true));
Cheers
Ortwin
Pankaj Arora wrote:
>
>
> ________________________________
>
> From: Pankaj Arora
> Sent: Thursday, May 17, 2007 4:24 PM
> To: '[EMAIL PROTECTED]';
> '[EMAIL PROTECTED]'
> Subject: HttpClient authentication problem.
>
>
> Hi,
> I am using Http Client to authenticate to IIS web Server for doing
> NTLM authentication. Here's the description of sample codes I am using:
>
>
> Program1 :: This code create 2 state,method,host configuration and use
> a single instance of httpClient to execute method. Please not that in
> first go I give the correct credentials for NTLM authentication and in
> the second go I give the wrong credentials. In the response I observe
> that I get http code 200 and in second go I don't even see
> authentication happening when data is captured over ethereal.
>
> Program2:: This code also create 2 state,method,host configuration but
> use separate instance of httpClient to execute method. Please not that
> in first go I give the correct credentials for NTLM authentication and
> in the second go I give the wrong credentials. In the response I
> observe that I get http code 200 and in second go I get response code as 401.
>
> The problem is I want to use single instance of HttpClient and also
> want that session info is not maintained over the requests. Simply
> speaking I want behavior 2 to happen when their is single instance of
> HttpClient.
> Is there a way to do this?
>
>
>
> Code and response received from server for reference.
>
> Program1:
> ______________________________________________________________________
> __ ___________________________________________________________
> // Create an instance of HttpClient.
> HttpClient client1 = new HttpClient();
> HttpMethod _method1 = new GetMethod(url);
> HttpState _httpState1 = new HttpState();
> HostConfiguration hostConfig1 = new HostConfiguration();
> UsernamePasswordCredentials credentials1;
> credentials1 = new
> NTCredentials("administrator","password","host","domain");
>
> AuthScope authScope1 = new AuthScope("host",port,domain,"NTLM");
>
> _httpState1.setCredentials(authScope1,credentials1);
> hostConfig1.setHost("host"port);
>
> try {
> // Execute the method.
> int statusCode =
> client1.executeMethod(hostConfig1,_method1,_httpState1);
>
> System.out.println("Status code :" + statusCode);
> if (statusCode != HttpStatus.SC_OK) {
> System.err.println("Method failed: " +
> _method1.getStatusLine()
> + "StatusCode:" + statusCode);
> }
>
> // Read the response body.
> byte[] responseBody = _method1.getResponseBody();
>
>
> Header[] responseHeaders = _method1.getResponseHeaders();
> // Header header;
>
> System.out.println("--------------------------------------------------
> -- -----------------------------------");
> for( Header header : responseHeaders){
> System.out.println("Headers is " + header.getName() + "and the
> value is :" + header.getValue());
> }
>
>
> HttpMethod _method2 = new GetMethod(url);
> HttpState _httpState2 = new HttpState();
> HostConfiguration hostConfig2 = new HostConfiguration();
> UsernamePasswordCredentials credentials2;
> credentials2 = new NTCredentials("administrator","wrong
> password","host","domain");
>
> AuthScope authScope2 = new AuthScope("host",port,"host","domain");
>
> _httpState2.setCredentials(authScope2,credentials2);
> hostConfig2.setHost("host",port);
> _httpState2.setCredentials(authScope2,credentials2);
> statusCode =
> client1.executeMethod(hostConfig2,_method2,_httpState2);
>
> System.out.println("Status code :" + statusCode);
> if (statusCode != HttpStatus.SC_OK) {
> System.err.println("Method failed: " +
> _method2.getStatusLine()
> + "StatusCode:" + statusCode);
> }
>
> // Read the response body.
> responseBody = _method2.getResponseBody();
> responseHeaders = _method2.getResponseHeaders();
> // Header header;
>
> System.out.println("--------------------------------------------------
> -- -----------------------------------");
> for( Header header : responseHeaders){
> System.out.println("Headers is " + header.getName() + "and the
> value is :" + header.getValue());
> }
> ______________________________________________________________________
> __ __________________________________________________________________
>
> Response 1:
> ______________________________________________________________________
> __ ___________________________________________________________________
> May 17, 2007 2:40:17 AM
> org.apache.commons.httpclient.auth.AuthChallengeProcessor
> selectAuthScheme
> INFO: ntlm authentication scheme selected Status code :200
> ----------------------------------------------------------------------
> --
> ---------------
> Headers is Content-Lengthand the value is :51 Headers is
> Content-Typeand the value is :text/html Headers is Last-Modifiedand
> the value is :Sat, 14 Apr 2007 08:44:30 GMT Headers is
> Accept-Rangesand the value is :bytes Headers is ETagand the value is
> :"5cc42b1e717ec71:11d9"
> Headers is Serverand the value is :Microsoft-IIS/6.0 Headers is
> Dateand the value is :Thu, 17 May 2007 09:30:53 GMT Status code :200
> ----------------------------------------------------------------------
> --
> ---------------
> Headers is Content-Lengthand the value is :51 Headers is
> Content-Typeand the value is :text/html Headers is Last-Modifiedand
> the value is :Sat, 14 Apr 2007 08:44:30 GMT Headers is
> Accept-Rangesand the value is :bytes Headers is ETagand the value is
> :"5cc42b1e717ec71:11d9"
> Headers is Serverand the value is :Microsoft-IIS/6.0 Headers is
> Dateand the value is :Thu, 17 May 2007 09:30:53 GMT
> ______________________________________________________________________
> __ ____________________________________________________________
>
>
> Program2:
> ______________________________________________________________________
> __ ______________________________________________________________
>
> // Create an instance of HttpClient.
> HttpClient client1 = new HttpClient();
> HttpMethod _method1 = new GetMethod(url);
> HttpState _httpState1 = new HttpState();
> HostConfiguration hostConfig1 = new HostConfiguration();
> UsernamePasswordCredentials credentials1;
> credentials1 = new
> NTCredentials("administrator","password","host","domain");
>
> AuthScope authScope1 = new AuthScope("host",port,domain,"NTLM");
>
> _httpState1.setCredentials(authScope1,credentials1);
> hostConfig1.setHost("host"port);
>
> try {
> // Execute the method.
> int statusCode =
> client1.executeMethod(hostConfig1,_method1,_httpState1);
>
> System.out.println("Status code :" + statusCode);
> if (statusCode != HttpStatus.SC_OK) {
> System.err.println("Method failed: " +
> _method1.getStatusLine()
> + "StatusCode:" + statusCode);
> }
>
> // Read the response body.
> byte[] responseBody = _method1.getResponseBody();
>
>
> Header[] responseHeaders = _method1.getResponseHeaders();
> // Header header;
>
> System.out.println("--------------------------------------------------
> -- -----------------------------------");
> for( Header header : responseHeaders){
> System.out.println("Headers is " + header.getName() + "and the
> value is :" + header.getValue());
> }
>
> HttpClient client2 = new HttpClient();
> HttpMethod _method2 = new GetMethod(url);
> HttpState _httpState2 = new HttpState();
> HostConfiguration hostConfig2 = new HostConfiguration();
> UsernamePasswordCredentials credentials2;
> credentials2 = new NTCredentials("administrator","wrong
> password","host","domain");
>
> AuthScope authScope2 = new AuthScope("host",port,"host","domain");
>
> _httpState2.setCredentials(authScope2,credentials2);
> hostConfig2.setHost("host",port);
> _httpState2.setCredentials(authScope2,credentials2);
> statusCode =
> client2.executeMethod(hostConfig2,_method2,_httpState2);
>
> System.out.println("Status code :" + statusCode);
> if (statusCode != HttpStatus.SC_OK) {
> System.err.println("Method failed: " +
> _method2.getStatusLine()
> + "StatusCode:" + statusCode);
> }
>
> // Read the response body.
> responseBody = _method2.getResponseBody();
> responseHeaders = _method2.getResponseHeaders();
> // Header header;
>
> System.out.println("--------------------------------------------------
> -- -----------------------------------");
> for( Header header : responseHeaders){
> System.out.println("Headers is " + header.getName() + "and the
> value is :" + header.getValue());
> }
> ______________________________________________________________________
> __ __________________________________________________________________
>
> Response 2:
> ______________________________________________________________________
> __ ___________________________________________________________________
> May 17, 2007 3:43:07 AM
> org.apache.commons.httpclient.auth.AuthChallengeProcessor
> selectAuthScheme
> INFO: ntlm authentication scheme selected Status code :200
> ----------------------------------------------------------------------
> --
> ---------------
> Headers is Content-Lengthand the value is :51 Headers is
> Content-Typeand the value is :text/html Headers is Last-Modifiedand
> the value is :Sat, 14 Apr 2007 08:44:30 GMT Headers is
> Accept-Rangesand the value is :bytes Headers is ETagand the value is
> :"5cc42b1e717ec71:11e1"
> Headers is Serverand the value is :Microsoft-IIS/6.0 Headers is
> Dateand the value is :Thu, 17 May 2007 10:33:42 GMT May 17, 2007
> 3:43:08 AM org.apache.commons.httpclient.auth.AuthChallengeProcessor
> selectAuthScheme
> INFO: ntlm authentication scheme selected May 17, 2007 3:43:08 AM
> org.apache.commons.httpclient.HttpMethodDirector
> processWWWAuthChallenge
> INFO: Failure authenticating with NTLM <any realm>@vm3-ntlm-01:8589
> Status code :401 Method failed: HTTP/1.1 401
> UnauthorizedStatusCode:401
> ----------------------------------------------------------------------
> --
> ---------------
> Headers is Content-Lengthand the value is :1539 Headers is
> Content-Typeand the value is :text/html Headers is Serverand the value
> is :Microsoft-IIS/6.0 Headers is WWW-Authenticateand the value is
> :Negotiate Headers is WWW-Authenticateand the value is :NTLM Headers
> is Dateand the value is :Thu, 17 May 2007 10:33:42 GMT
> ______________________________________________________________________
> __ _______________________________________________________________
>
--
[web] http://www.odi.ch/
[blog] http://www.odi.ch/weblog/
[pgp] key 0x81CF3416
finger print F2B1 B21F F056 D53E 5D79 A5AF 02BE 70F5 81CF 3416
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
