DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-12-09 08:49 --- What do you think? I think I screwed up. Corrected patches to follow soon. Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-12-09 11:11 --- Created an attachment (id=9461) Patch against CVS HEAD (take 3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-12-09 11:15 --- Problem corrected. I could test NTLM host authentication and seems to work fine. Unfortunately I do not have access to a NTLM proxy, so this remains to be tested yet. Let me know what you think. Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
[EMAIL PROTECTED] wrote: Unfortunately I do not have access to a NTLM proxy, so this remains to be tested yet. Isn't that an excellent occasion to use our new Proxy testing tools? Can't be too difficult... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Odi, yes, it is. If someone could post the wirelog of NTLM proxy + basic host authentication as a reference. It is hard to mimic behaviour of a proxy server which you have on access to. BTW, do you mind using a bit more exotic port number for the proxy testing framework than 8080? Oleg -Original Message- From: Ortwin Glück [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:19 To: Commons HttpClient Project Subject: Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization [EMAIL PROTECTED] wrote: Unfortunately I do not have access to a NTLM proxy, so this remains to be tested yet. Isn't that an excellent occasion to use our new Proxy testing tools? Can't be too difficult... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Kalnichevski, Oleg wrote: Odi, yes, it is. If someone could post the wirelog of NTLM proxy + basic host authentication as a reference. It is hard to mimic behaviour of a proxy server which you have on access to. BTW, do you mind using a bit more exotic port number for the proxy testing framework than 8080? Oleg Uhm.. I don't think 8080 is hardcoded. You can query the Proxy class for the port it listens on and it will just use a free one. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Odi, TestProxy#testSimpleGet and TestProxy#testAuthGet fail on me when Tomcat is running locally and 'httpclient.test.localPort' system property is not set (which is quite often the case with me). Can we pick just any other less common number per default? 8088? 8880? Oleg -Original Message- From: Ortwin Glück [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:41 To: Commons HttpClient Project Subject: Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization Kalnichevski, Oleg wrote: Odi, yes, it is. If someone could post the wirelog of NTLM proxy + basic host authentication as a reference. It is hard to mimic behaviour of a proxy server which you have on access to. BTW, do you mind using a bit more exotic port number for the proxy testing framework than 8080? Oleg Uhm.. I don't think 8080 is hardcoded. You can query the Proxy class for the port it listens on and it will just use a free one. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Kalnichevski, Oleg wrote: Odi, TestProxy#testSimpleGet and TestProxy#testAuthGet fail on me when Tomcat is running locally and 'httpclient.test.localPort' system property is not set (which is quite often the case with me). Can we pick just any other less common number per default? 8088? 8880? Oleg Ah I guess there is a misunderstanding. The proxy test currently runs against the Webapp! Only the proxy is local but the final request goes to the webapp. Just make sure there is something on localhost:8080/. Maybe the Get should use a simple server as well instead of the webapp. Odi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Odi You are right. Unfortunately the problem is still there and is somehow JDK dependent. These two tests pass when running on Sun JDK 1.4 but fail on Sun JDK 1.2.2 Sun JDK 1.3.1 with the following exception (which led me to believe that the proxy was trying to listen on port 8080): java.net.BindException: Cannot assign requested address: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:350) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:137) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:124) at java.net.Socket.init(Socket.java:268) at java.net.Socket.init(Socket.java:95) at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:105) at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:682) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:298) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:172) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:468) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:355) at org.apache.commons.httpclient.TestProxy.testSimpleGet(TestProxy.java:107) Can it be that the proxy uses some 1.4 specific methods? Oleg -Original Message- From: Ortwin Glück [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 13:41 To: Commons HttpClient Project Subject: Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization Kalnichevski, Oleg wrote: Odi, TestProxy#testSimpleGet and TestProxy#testAuthGet fail on me when Tomcat is running locally and 'httpclient.test.localPort' system property is not set (which is quite often the case with me). Can we pick just any other less common number per default? 8088? 8880? Oleg Ah I guess there is a misunderstanding. The proxy test currently runs against the Webapp! Only the proxy is local but the final request goes to the webapp. Just make sure there is something on localhost:8080/. Maybe the Get should use a simple server as well instead of the webapp. Odi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
I am using Win2k, JDK 1.3.1 for both Tomcat 4.1.24 and for running the tests. I get no exceptions from TestProxy. The proxy code does not use any 1.4 specific stuff either. During development of the patch I was using Linux and JDK 1.4.x So I don't think it is a JDK issue. Maybe it's a platform issue though. There is only one line which may be problematic in TestProxy: hc.setProxy(proxy.getLocalAddress(), proxy.getLocalPort()); Maybe proxy.getLocalAddress() does not return anything useful on your machine? HTH Odi Kalnichevski, Oleg wrote: Odi You are right. Unfortunately the problem is still there and is somehow JDK dependent. These two tests pass when running on Sun JDK 1.4 but fail on Sun JDK 1.2.2 Sun JDK 1.3.1 with the following exception (which led me to believe that the proxy was trying to listen on port 8080): java.net.BindException: Cannot assign requested address: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:350) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:137) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:124) at java.net.Socket.init(Socket.java:268) at java.net.Socket.init(Socket.java:95) at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:105) at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:682) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:298) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:172) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:468) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:355) at org.apache.commons.httpclient.TestProxy.testSimpleGet(TestProxy.java:107) Can it be that the proxy uses some 1.4 specific methods? Oleg -Original Message- From: Ortwin Glück [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 13:41 To: Commons HttpClient Project Subject: Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization Kalnichevski, Oleg wrote: Odi, TestProxy#testSimpleGet and TestProxy#testAuthGet fail on me when Tomcat is running locally and 'httpclient.test.localPort' system property is not set (which is quite often the case with me). Can we pick just any other less common number per default? 8088? 8880? Oleg Ah I guess there is a misunderstanding. The proxy test currently runs against the Webapp! Only the proxy is local but the final request goes to the webapp. Just make sure there is something on localhost:8080/. Maybe the Get should use a simple server as well instead of the webapp. Odi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- _ NOSE applied intelligence ag ortwin glück [www] http://www.nose.ch software engineer [email] [EMAIL PROTECTED] hardturmstrasse 171 [pgp key] 0x81CF3416 8005 zürich [office] +41-1-277 57 35 switzerland [fax] +41-1-277 57 12 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
I believe I get consistent results (the said exception) on both Win2K and Redhat 9 Linux. I'll figure it out, no worries. Oleg -Original Message- From: Ortwin Glück [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 14:25 To: Commons HttpClient Project Subject: Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization I am using Win2k, JDK 1.3.1 for both Tomcat 4.1.24 and for running the tests. I get no exceptions from TestProxy. The proxy code does not use any 1.4 specific stuff either. During development of the patch I was using Linux and JDK 1.4.x So I don't think it is a JDK issue. Maybe it's a platform issue though. There is only one line which may be problematic in TestProxy: hc.setProxy(proxy.getLocalAddress(), proxy.getLocalPort()); Maybe proxy.getLocalAddress() does not return anything useful on your machine? HTH Odi Kalnichevski, Oleg wrote: Odi You are right. Unfortunately the problem is still there and is somehow JDK dependent. These two tests pass when running on Sun JDK 1.4 but fail on Sun JDK 1.2.2 Sun JDK 1.3.1 with the following exception (which led me to believe that the proxy was trying to listen on port 8080): java.net.BindException: Cannot assign requested address: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:350) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:137) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:124) at java.net.Socket.init(Socket.java:268) at java.net.Socket.init(Socket.java:95) at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:105) at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:682) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:298) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:172) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:468) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:355) at org.apache.commons.httpclient.TestProxy.testSimpleGet(TestProxy.java:107) Can it be that the proxy uses some 1.4 specific methods? Oleg -Original Message- From: Ortwin Glück [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 13:41 To: Commons HttpClient Project Subject: Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization Kalnichevski, Oleg wrote: Odi, TestProxy#testSimpleGet and TestProxy#testAuthGet fail on me when Tomcat is running locally and 'httpclient.test.localPort' system property is not set (which is quite often the case with me). Can we pick just any other less common number per default? 8088? 8880? Oleg Ah I guess there is a misunderstanding. The proxy test currently runs against the Webapp! Only the proxy is local but the final request goes to the webapp. Just make sure there is something on localhost:8080/. Maybe the Get should use a simple server as well instead of the webapp. Odi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- _ NOSE applied intelligence ag ortwin glück [www] http://www.nose.ch software engineer [email] [EMAIL PROTECTED] hardturmstrasse 171 [pgp key] 0x81CF3416 8005 zürich [office] +41-1-277 57 35 switzerland [fax] +41-1-277 57 12 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-12-08 20:38 --- Created an attachment (id=9451) Patch against 2.0 (take 5) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352
NLTM Proxy and basic host authorization
--- Additional Comments From [EMAIL PROTECTED] 2003-12-09 04:13 ---
Hi Oleg,
Does the 2.0 patch work with NTLM authentication? I haven't been able to try it but
from scanning
the code I think there may be a problem. I'm looking at the following section in
execute():
while (forwardCount++ MAX_FORWARDS) {
cleanAuthHeaders();
//write the request and read the response, will retry
processRequest(state, conn);
if (!isRetryNeeded(statusLine.getStatusCode(), state, conn)) {
// nope, no retry needed, exit loop.
break;
}
} //end of retry loop
It seems that the NTLM authorization headers are removed before they can be sent in
processRequest(). They are added in isRetryNeeded() when challenged and then removed
again by
cleanAuthHeaders() before sent to the server in processRequest(). What do you think?
Mike
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-12-05 14:29 --- I'm currently unable to test it and it could take a couple of weeks to test. Will that be still be useful for you ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-12-05 14:47 --- Alfonso, Of course, we will not be able to wait that long before committing the patch, but it would still be interesting to hear from you, whenever you happen to have time. Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Oleg Kalnichevski wrote: What's up, folks? I have never seen HttpClient mailing list so quiet for so long. My excuse: I had a great time and lots of party in Zurich and I made a short trip to Barcelona yesterday - thanks to EasyJet :-) My proxy work should continue this week and I will get some patch ready by the beginning of next week. Cheers Odi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-12-04 17:05 --- The patch should take care of the problem for HttpClient 2.0. It ain't not pretty, but that appears to be the only option we have that does not require API changes. Alfonso, if you are still monitoring this bug report, I would really appreciate if you test the patch a little bit. If works for me, but a second option would be quite welcome. Meanwhile, I'll be working on a more elegant fix for the CVS HEAD Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Hi Odi Been to Barcelona? Lucky you. It is a wonderful place to visit, even shortly. I am looking forward to getting my hands on your proxy patch Cheers Oleg -Original Message- From: Ortwin Glück [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 10:15 To: Commons HttpClient Project Subject: Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization Oleg Kalnichevski wrote: What's up, folks? I have never seen HttpClient mailing list so quiet for so long. My excuse: I had a great time and lots of party in Zurich and I made a short trip to Barcelona yesterday - thanks to EasyJet :-) My proxy work should continue this week and I will get some patch ready by the beginning of next week. Cheers Odi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-12-05 00:27 --- Hi Oleg, I tested with basic and digest authentication using a proxy and all seems to work for me. Nice job. The fix is not the prettiest, but I think it's the only real choice for 2.0. Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
What's up, folks? I have never seen HttpClient mailing list so quiet for so long. The last week was REALLY rough. I had some really miserable time at work. But with my project (the one that helps pay my bills) finally back on track, I can finally turn my attention to HttpClient development. As of tomorrow patches should start trickling in again. Oleg On Mon, 2003-11-24 at 20:34, Kalnichevski, Oleg wrote: I agree. I'll try to come up with another try within a few days (most likely tomorrow) Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Hi Oleg, Yes, it was pretty quiet this last week. My reason, and probably that of others in the US, is that Thursday was Thanksgiving. Most businesses are closed the Thursday and Friday of Thanksgiving, and many people travel. I was fortunate enough to avoid the traveling masses but was entertaining visiting family. Things should be back to normal for me this week. Hopefully we can get this auth/proxy thing taken care of in the next few days. I look forward to the incoming flood of patches:) Mike Oleg Kalnichevski wrote: What's up, folks? I have never seen HttpClient mailing list so quiet for so long. The last week was REALLY rough. I had some really miserable time at work. But with my project (the one that helps pay my bills) finally back on track, I can finally turn my attention to HttpClient development. As of tomorrow patches should start trickling in again. Oleg On Mon, 2003-11-24 at 20:34, Kalnichevski, Oleg wrote: I agree. I'll try to come up with another try within a few days (most likely tomorrow) Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Oleg, You're discarding the possibility that HttpClient is approaching perfection, and doesn't need much in the way of email commentary, because it works so well. Ah, er, sorry, I just had to day-dream for a moment there. -Eric. Oleg Kalnichevski wrote: What's up, folks? I have never seen HttpClient mailing list so quiet for so long. The last week was REALLY rough. I had some really miserable time at work. But with my project (the one that helps pay my bills) finally back on track, I can finally turn my attention to HttpClient development. As of tomorrow patches should start trickling in again. Oleg On Mon, 2003-11-24 at 20:34, Kalnichevski, Oleg wrote: I agree. I'll try to come up with another try within a few days (most likely tomorrow) Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-24 12:57 --- Mike, Unfortunately the patch would bring us exactly where we had started in the first place :( NTLM proxy + target host authentication would still be left broken Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-24 13:29 --- Yes, it seems we're back to where we started from. What exactly about that behavior is causing problems? Why does the proxy try to re-authenticate in the fourth request? Also, is this a problem if preemptive authentication is used? Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-24 14:07 --- Mike, my assumption is that the presence of (extra) Proxy-Authorization header prompts the NTLM proxy to invalidate the authorization for the given connection and force re-authentication. As HttpClient assumes that it has already attempted authentication against the said proxy, it just gives up. I do not know NTLM authentication in great details, so I may be wrong here, but the main difference to digest and basic authentication schemes is that NTLM scheme is connection oriented. Once the agent has been successfully authenticated with an NTLM authentication authority, user identity is propagated to all the following requests as long as connection is kept alive, whereas digest and basic authentication schemes are request oriented and thus must include Proxy-Authorization | Authorization directive with every request. Currently HttpClient does not differenciate connection and request oriented schemes. I can well be wrong in my assumptions, but the empirical evidence seems to support them so far. After all, my initial patch did fix the problem with NTLM authentication. Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-24 18:35 --- Oleg, I agree, it does seem that the presence of the Proxy-Authorization header on the already authenticated connection causes re-authentication. So, for NTLM to work the proxy-auth header must be removed once authenticated. I don't think either patch 2 or 3 handles this case, unless (in the case of patch 2) the host also uses NTLM. What we really need is a way to remove NTLM headers after the authentication has succeeded. Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352
NLTM Proxy and basic host authorization
--- Additional Comments From [EMAIL PROTECTED] 2003-11-24 19:11 ---
What we really need is a way to remove NTLM headers after the
authentication has succeeded.
Agreed. However, that still poses the same problem: how do we tell NTLM
authentication from all others? I do not see a way around that ugly test for the
2.0 branch at least:
if (NTLM.equalsIgnoreCase(authscheme.getSchemeName())) {
// clean up
}
As far as HEAD CVS goes, there are more elegant solutions, which would require
AuthScheme interface extension, though.
What are your thoughts?
Oleg
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
[EMAIL PROTECTED] wrote:
Agreed. However, that still poses the same problem: how do we tell NTLM
authentication from all others? I do not see a way around that ugly test for the
2.0 branch at least:
if (NTLM.equalsIgnoreCase(authscheme.getSchemeName())) {
// clean up
}
As far as HEAD CVS goes, there are more elegant solutions, which would require
AuthScheme interface extension, though.
What are your thoughts?
Hi Oleg,
In HEAD I agree that we have better options. Most likely we will need
to extend AuthScheme as you mention to include a flag for
connection/request based authentication.
As far as 2.0 goes, I think that testing for NTLM is acceptable for now,
but I think the patch as it is will not handle all cases. In particular
I think NTLM proxy and Basic host will fail. This is because on the
fourth request, when the proxy has authenticated,
authscheme.getSchemeName() will return BASIC, and the NTLM header will
not be removed. The NTLM headers should only have a lifetime of a
single request, we need some way to remove them every time. We may have
to just explicitly remove any NTLM Proxy-Authentication or
Authentication headers on every request.
Mike
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-24 03:03 --- Created an attachment (id=9255) 2.0 Patch 3 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Michael Becke wrote: Odi, Eric, I think a combination of these techniques would be great. One level to handle the socket management(as Odi outlined) and another to handle the content creation/validation (Eric's idea). These two methods in tandem should be sufficient to mimic any combination of servers/configurations. Mike I will still use real Sockets. Mimicking a socket is just too an unreal test. I will take Chris Kohlschütters Code as a starting point. I would also love to have a test suite running against a local Tomcat SSL connector. But for the moment the proxy implementation will eat up all my free time... Odi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
On Monday 17 November 2003 20:33, Oleg Kalnichevski wrote: [Disregard my previous post. I responded to a wrong message by mistake] Odi, That would be REALLY cool! A simple authenticating proxy (or a proxy that could effectively 'fake' popular authentication schemes) would be a very much appreciated contribution. By the way, have a look at the Christian Kohlschütter's SimpleHttpServer: http://nagoya.apache.org/bugzilla/showattachment.cgi?attach_id=9066 I think that can be a good starting point for a better framework than SimpleHttpconnection. Please have a look at the latest version (see http://nagoya.apache.org/bugzilla/showattachment.cgi?attach_id=9093 ). It is more abstract than the BadHTTPServer example for Bug 24560 and truly test independent. Christian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Christian Kohlschütter wrote: Please have a look at the latest version (see http://nagoya.apache.org/bugzilla/showattachment.cgi?attach_id=9093 ). It is more abstract than the BadHTTPServer example for Bug 24560 and truly test independent. What sort of file is that? It seems binary... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
On Tuesday 18 November 2003 11:26, Ortwin Glück wrote: Christian Kohlschütter wrote: Please have a look at the latest version (see http://nagoya.apache.org/bugzilla/showattachment.cgi?attach_id=9093 ). It is more abstract than the BadHTTPServer example for Bug 24560 and truly test independent. What sort of file is that? It seems binary... tar.gz Christian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Christian Kohlschütter wrote: On Tuesday 18 November 2003 11:26, Ortwin Glück wrote: Christian Kohlschütter wrote: Please have a look at the latest version (see http://nagoya.apache.org/bugzilla/showattachment.cgi?attach_id=9093 ). It is more abstract than the BadHTTPServer example for Bug 24560 and truly test independent. What sort of file is that? It seems binary... tar.gz Thanks. I am gonna check your server package in in a minute. Please confirm that the code in attachment 9093 is meant to be published under the Apache License and is not copyright by any third party. I will then include the Apache License. Odi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
On Tuesday 18 November 2003 11:53, Ortwin Glück wrote: Christian Kohlschütter wrote: On Tuesday 18 November 2003 11:26, Ortwin Glück wrote: Christian Kohlschütter wrote: Please have a look at the latest version (see http://nagoya.apache.org/bugzilla/showattachment.cgi?attach_id=9093 ). It is more abstract than the BadHTTPServer example for Bug 24560 and truly test independent. What sort of file is that? It seems binary... tar.gz Thanks. I am gonna check your server package in in a minute. Please confirm that the code in attachment 9093 is meant to be published under the Apache License and is not copyright by any third party. I will then include the Apache License. Odi I own the copyright for this code and I am willing to contribute / publish it under the conditions of the Apache License. Christian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Christian Kohlschütter wrote: I own the copyright for this code and I am willing to contribute / publish it under the conditions of the Apache License. Thanks a lot! I will check it in on the 2.0 branch since it is related to a 2.0 bug. As soon as it is ready we can promote it to CVS HEAD. Odi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
[EMAIL PROTECTED] wrote: Oleg, I agree, our lack of auth/proxy tests is a continuous source of problems. One of our goals for 2.1 should be an effective method for testing all of the various combinations of proxy, authentication and SSL. Ideally it would be best to make this setup as simple as possible. Do you have any thoughts about how we can best accomplish this? Mike The various authentication methods should be tested against servlets in the Test-Webapp. As to proxies, we must implement a couple of tiny local servers running on different ports. Like: TCP 81: Proxy TCP 82: SSL Proxy Those servers should be started and stopped by the test fixtures (setup / teardown). The servers must be configurable as to which authentication method they use. This will also ensure quality of the various authentication methods, as currently their test cases are somewhat minimalistic. I'd love to hack up some code for the server side this week. Odi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
My take is slightly different (and I wish I had time to implement it) Start by virtualizing the access to the connection, and then, rather than having multiple servers, just have different implementations of a virtualized socket interface, for example. Then see to writing test cases that look something like this: # This marks what the server is supposed to receive, note that this is not # literally what is received, because headers might be sent in a different order # for example. GET /foo HTTP/1.1 @Host: http://localhost:8080 @Content-Length: 30 @End-Headers # Note that on content lines, the CRLF (or just LF) should be # discarded. Instead, CRLF pairs should be explicitly encoded, perhaps # with %CRLF%? Content should (must?) allow substitutions, for example # multi-part boundaries. Perhaps do substitution with something like # %BOUNDARY% @Content: Content goes here # the following would wait for three seconds before sending more # content... @Wait: 3000 @Content: Yet more content here... HTTP/1.1 # Note, here since the test case knows the response it is supposed to # send, it can (by and large) simply send it. @Content: . and so on I spend a lot of time working with XML, so I thought about doing some sort of test-framework like the above using XML instead. which would get rid of some of the bizarre syntax that I suggest above, but I'm not sure whether that makes sense in the context of HttpClient. My idea would be to take cases where we want to talk to actual servers, and replace them with test cases like the above, wherein we could mimick (or exactly duplicate) the odd behavior of various servers. Hopefully this gives someone else an idea -Eric. Ortwin Gluck wrote: [EMAIL PROTECTED] wrote: Oleg, I agree, our lack of auth/proxy tests is a continuous source of problems. One of our goals for 2.1 should be an effective method for testing all of the various combinations of proxy, authentication and SSL. Ideally it would be best to make this setup as simple as possible. Do you have any thoughts about how we can best accomplish this? Mike The various authentication methods should be tested against servlets in the Test-Webapp. As to proxies, we must implement a couple of tiny local servers running on different ports. Like: TCP 81: Proxy TCP 82: SSL Proxy Those servers should be started and stopped by the test fixtures (setup / teardown). The servers must be configurable as to which authentication method they use. This will also ensure quality of the various authentication methods, as currently their test cases are somewhat minimalistic. I'd love to hack up some code for the server side this week. Odi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Eric Johnson wrote: My take is slightly different (and I wish I had time to implement it) Start by virtualizing the access to the connection, and then, rather than having multiple servers, just have different implementations of a virtualized socket interface, for example. Eric, we can easily implement that by writing a special connection manager or socket factory. No need to introduce addition abstraction here. Socket is already a nice interface :-) Odi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
Odi, Eric, I think a combination of these techniques would be great. One level to handle the socket management(as Odi outlined) and another to handle the content creation/validation (Eric's idea). These two methods in tandem should be sufficient to mimic any combination of servers/configurations. Mike On Nov 17, 2003, at 9:50 AM, Ortwin Glück wrote: Eric Johnson wrote: My take is slightly different (and I wish I had time to implement it) Start by virtualizing the access to the connection, and then, rather than having multiple servers, just have different implementations of a virtualized socket interface, for example. Eric, we can easily implement that by writing a special connection manager or socket factory. No need to introduce addition abstraction here. Socket is already a nice interface :-) Odi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization [EMAIL PROTECTED] changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2003-11-13 22:25 --- Patch committed to CVS HEAD Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-10 17:43 --- Folks, any objections to committing this one? Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-10 19:14 --- Oleg, I haven't had a chance to try this patch out, but if it works for you that's good enough for me. Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-10 22:37 --- Mike, It all can wait. There is no rush. I'd feel better if someone else had a look. Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-08 11:14 --- The patch against CVS HEAD is virtually identical to that for 2.0 branch. The patch also solves the problem with auto-generated headers by restricting headers cleanup to 'Cookie' headers only. Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-03 12:30 --- Created an attachment (id=8887) Debug log of the problem (edited to hide names) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352
NLTM Proxy and basic host authorization
--- Additional Comments From [EMAIL PROTECTED] 2003-11-03 12:36 ---
As I can see, one possible way of solving the problem is to forget the list of
realms used for proxy authentication when trying the validation after receiving
the 401 from the remote host. This can be done by changing in
HttpMethodBase#processAuthenticationResponse.
In lines 2476-2484 it says
case HttpStatus.SC_UNAUTHORIZED:
challenges =
getResponseHeaderGroup().getHeaders(HttpAuthenticator.WWW_AUTH);
realmsUsed = realms;
host = conn.getVirtualHost();
if (host == null) {
host = conn.getHost();
}
break;
Clearing the list of realms used for the proxy could be something like
case HttpStatus.SC_UNAUTHORIZED:
challenges =
getResponseHeaderGroup().getHeaders(HttpAuthenticator.WWW_AUTH);
proxyRealms.clear();
realmsUsed = realms;
host = conn.getVirtualHost();
if (host == null) {
host = conn.getHost();
}
break;
Recompiling after this change and trying again the test case retrieves the page
just fine (do I have to attach a log?)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-03 13:43 --- Yes, please. The log would be quite of some help. Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization [EMAIL PROTECTED] changed: What|Removed |Added Severity|Minor |Blocker Status|NEW |ASSIGNED Priority|Other |High Target Milestone|--- |2.0 Final --- Additional Comments From [EMAIL PROTECTED] 2003-11-03 18:17 --- Alfonso, Can you test if the patch below fixes the problem? Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-03 18:18 --- Created an attachment (id=8895) Possible fix. Please test - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-03 21:24 --- Oleg, Wow!!! again, thanks. Applied the patch and re-tested. It now works as expected. As with the previous bug, should I close this or it is something you should do?. Thanks again Alfonso - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 24352] - NLTM Proxy and basic host authorization
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24352 NLTM Proxy and basic host authorization --- Additional Comments From [EMAIL PROTECTED] 2003-11-03 23:35 --- Patch committed to 2.0 branch. I just realized that one of my recent patches (auto-generated headers cleanup) complete broke authentication in CVS HEAD. My bad. I'll provide a fix for CVS HEAD tomorrow. My apologies. Oleg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
