Re: Authentication with multiple realms.
Its looks like the first GET is challenged and the credentials are provided but when executing the second GET the authentication is requested for a different realm but because the AuthState already had credentials they were used. The member targetAuthState in DefaultRequestDirector holds the old credentials and although the realm changed they were not invalidated. On Mon, Mar 24, 2014 at 10:11 PM, Oleg Kalnichevski ol...@apache.orgwrote: On Mon, 2014-03-24 at 18:38 +0200, d_k wrote: I'm upgrading a Nutch plugin that used httpclient 3.x and because Nutch was already dependent on httpclient 4.1.1 I decided to avoid adding a new dependency on httpclient 4.3 and use the existing dependency on 4.1.1 I can take a look at the wire log tomorrow but I would strongly recommend upgrading regardless. HttpClient authentication code has undergone a fairly major rewrite in the 4.2 release. Upgrading at least to the latest release in the 4.2 series would probably be necessary anyway. Oleg On Mon, Mar 24, 2014 at 6:00 PM, Oleg Kalnichevski ol...@apache.org wrote: On Mon, 2014-03-24 at 17:54 +0200, d_k wrote: Hello. I'm using httpclient-4.1.1 and i'm trying to authenticate with different users on different realms but it seems to fail. Before I even start looking into this, is there a reason you are not using a newer version of HttpClient (preferably 4.3.x)? Oleg - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: Authentication with multiple realms.
On Tue, 2014-03-25 at 09:29 +0200, d_k wrote: Its looks like the first GET is challenged and the credentials are provided but when executing the second GET the authentication is requested for a different realm but because the AuthState already had credentials they were used. The member targetAuthState in DefaultRequestDirector holds the old credentials and although the realm changed they were not invalidated. The problem is that auth caches presently do not take auth realm into account, which is wrong. Please raise a JIRA for this defect. Oleg On Mon, Mar 24, 2014 at 10:11 PM, Oleg Kalnichevski ol...@apache.orgwrote: On Mon, 2014-03-24 at 18:38 +0200, d_k wrote: I'm upgrading a Nutch plugin that used httpclient 3.x and because Nutch was already dependent on httpclient 4.1.1 I decided to avoid adding a new dependency on httpclient 4.3 and use the existing dependency on 4.1.1 I can take a look at the wire log tomorrow but I would strongly recommend upgrading regardless. HttpClient authentication code has undergone a fairly major rewrite in the 4.2 release. Upgrading at least to the latest release in the 4.2 series would probably be necessary anyway. Oleg On Mon, Mar 24, 2014 at 6:00 PM, Oleg Kalnichevski ol...@apache.org wrote: On Mon, 2014-03-24 at 17:54 +0200, d_k wrote: Hello. I'm using httpclient-4.1.1 and i'm trying to authenticate with different users on different realms but it seems to fail. Before I even start looking into this, is there a reason you are not using a newer version of HttpClient (preferably 4.3.x)? Oleg - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: Authentication with multiple realms.
Thank you very much for the support. :-) So it appears that upgrading httpclient won't solve this issue? On Tue, Mar 25, 2014 at 11:27 AM, Oleg Kalnichevski ol...@apache.orgwrote: On Tue, 2014-03-25 at 09:29 +0200, d_k wrote: Its looks like the first GET is challenged and the credentials are provided but when executing the second GET the authentication is requested for a different realm but because the AuthState already had credentials they were used. The member targetAuthState in DefaultRequestDirector holds the old credentials and although the realm changed they were not invalidated. The problem is that auth caches presently do not take auth realm into account, which is wrong. Please raise a JIRA for this defect. Oleg On Mon, Mar 24, 2014 at 10:11 PM, Oleg Kalnichevski ol...@apache.org wrote: On Mon, 2014-03-24 at 18:38 +0200, d_k wrote: I'm upgrading a Nutch plugin that used httpclient 3.x and because Nutch was already dependent on httpclient 4.1.1 I decided to avoid adding a new dependency on httpclient 4.3 and use the existing dependency on 4.1.1 I can take a look at the wire log tomorrow but I would strongly recommend upgrading regardless. HttpClient authentication code has undergone a fairly major rewrite in the 4.2 release. Upgrading at least to the latest release in the 4.2 series would probably be necessary anyway. Oleg On Mon, Mar 24, 2014 at 6:00 PM, Oleg Kalnichevski ol...@apache.org wrote: On Mon, 2014-03-24 at 17:54 +0200, d_k wrote: Hello. I'm using httpclient-4.1.1 and i'm trying to authenticate with different users on different realms but it seems to fail. Before I even start looking into this, is there a reason you are not using a newer version of HttpClient (preferably 4.3.x)? Oleg - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: Authentication with multiple realms.
Alright. Thank you very much for the help! Currently JIRA (https://issues.apache.org/jira/browse/HTTPCLIENT) is down for maintenance but i'll open an issue when its back online. On Tue, Mar 25, 2014 at 12:02 PM, Oleg Kalnichevski ol...@apache.orgwrote: On March 25, 2014 10:55:20 AM CET, d_k mail...@gmail.com wrote: Thank you very much for the support. :-) So it appears that upgrading httpclient won't solve this issue? This problem can be solved in 4.4 only, so you will have to upgrade no matter what. Oleg - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Authentication with multiple realms.
Hello.
I'm using httpclient-4.1.1 and i'm trying to authenticate with different
users on different realms but it seems to fail.
i create several AuthScope objects with the same host and port and a
different realm for each one.
If I pass schema as null then httpclient will attempt to send the username
and password for every WWW-Authenticate header?
When the first request is asked to authenticate it is authenticated for
'realmx' with the user 'userx' and a password and the authentication is
successful and when I perform another request to the same host and port but
for a different realm the method getCredentials() of the authState in the
updateAuthState method in
org.apache.http.impl.client.DefaultRequestDirector returns the credentials
for 'userx' (line 1215) and because it is not null the authentication
fails, the credentials are set to null and the method handleResponse
returns null causing the method 'execute' to exit without authenticating.
Either the AuthState should be invalidated or am I missing something else?
What is the correct execution path for multiple request to the same host
for different realms?
This is the log, you can see the first request succeeds but the second one
fails.
2014-03-24 17:32:31,604 INFO main mortbay.log (Slf4jLog.java:info(67)) -
Logging to org.slf4j.impl.Log4jLoggerAdapter(org.mortbay.log) via
org.mortbay.log.Slf4jLog
2014-03-24 17:32:31,612 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
Container Server@4685d9a4 + org.mortbay.jetty.servlet.Context@7d93c227{/,null}
as handler
2014-03-24 17:32:31,612 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
Container SessionHandler@6fafced9 + ServletHandler@7f3541d7 as handler
2014-03-24 17:32:31,613 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
Container SessionHandler@6fafced9 +
org.mortbay.jetty.servlet.HashSessionManager@175cb80 as sessionManager
2014-03-24 17:32:31,613 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
Container org.mortbay.jetty.servlet.Context@7d93c227{/,null} +
SessionHandler@6fafced9 as handler
2014-03-24 17:32:31,622 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
Checking Resource aliases
2014-03-24 17:32:31,637 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
Container ServletHandler@7f3541d7 +
org.apache.jasper.servlet.JspServlet-2007433549 as servlet
2014-03-24 17:32:31,638 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
Container ServletHandler@7f3541d7 +
(S=org.apache.jasper.servlet.JspServlet-2007433549,[*.jsp]) as
servletMapping
2014-03-24 17:32:31,647 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
filterNameMap=null
2014-03-24 17:32:31,647 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
pathFilters=null
2014-03-24 17:32:31,648 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
servletFilterMap=null
2014-03-24 17:32:31,648 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
servletPathMap={*.jsp=org.apache.jasper.servlet.JspServlet-2007433549}
2014-03-24 17:32:31,648 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
servletNameMap={org.apache.jasper.servlet.JspServlet-2007433549=org.apache.jasper.servlet.JspServlet-2007433549}
2014-03-24 17:32:32,407 INFO main httpclient.Http
(HttpBase.java:logConf(289)) - http.proxy.host = null
2014-03-24 17:32:32,407 INFO main httpclient.Http
(HttpBase.java:logConf(290)) - http.proxy.port = 8080
2014-03-24 17:32:32,412 INFO main httpclient.Http
(HttpBase.java:logConf(291)) - http.timeout = 6
2014-03-24 17:32:32,412 INFO main httpclient.Http
(HttpBase.java:logConf(292)) - http.content.limit = 65536
2014-03-24 17:32:32,412 INFO main httpclient.Http
(HttpBase.java:logConf(293)) - http.agent = Nutch-Test/Nutch-2.2.1 (Nutch
protocol-httpclient test)
2014-03-24 17:32:32,412 INFO main httpclient.Http
(HttpBase.java:logConf(294)) - http.accept.language =
en-us,en-gb,en;q=0.7,*;q=0.3
2014-03-24 17:32:32,413 INFO main httpclient.Http
(HttpBase.java:logConf(295)) - http.accept =
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
2014-03-24 17:32:32,431 TRACE main httpclient.Http
(Http.java:setCredentials(383)) - Credentials - username: userx; set as
default for realm: ; scheme:
2014-03-24 17:32:32,432 ERROR main httpclient.Http (Http.java:setConf(174))
- Could not read httpclient-auth-test.xml : null
2014-03-24 17:32:32,486 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
Container Server@4685d9a4 + SelectChannelConnector@127.0.0.1:47500 as
connector
2014-03-24 17:32:32,490 INFO main mortbay.log (Slf4jLog.java:info(67)) -
jetty-6.1.26
2014-03-24 17:32:32,514 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
Container Server@4685d9a4 + org.mortbay.thread.QueuedThreadPool@50f2fd20 as
threadpool
2014-03-24 17:32:32,518 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
started org.mortbay.thread.QueuedThreadPool@50f2fd20
2014-03-24 17:32:32,547 DEBUG main mortbay.log (Slf4jLog.java:debug(40)) -
Container Server@4685d9a4 +
org.mortbay.jetty.servlet.HashSessionIdManager@7b7597b6 as sessionIdManager
2014-03-24
Re: Authentication with multiple realms.
On Mon, 2014-03-24 at 17:54 +0200, d_k wrote: Hello. I'm using httpclient-4.1.1 and i'm trying to authenticate with different users on different realms but it seems to fail. Before I even start looking into this, is there a reason you are not using a newer version of HttpClient (preferably 4.3.x)? Oleg - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: Authentication with multiple realms.
On Mon, 2014-03-24 at 18:38 +0200, d_k wrote: I'm upgrading a Nutch plugin that used httpclient 3.x and because Nutch was already dependent on httpclient 4.1.1 I decided to avoid adding a new dependency on httpclient 4.3 and use the existing dependency on 4.1.1 I can take a look at the wire log tomorrow but I would strongly recommend upgrading regardless. HttpClient authentication code has undergone a fairly major rewrite in the 4.2 release. Upgrading at least to the latest release in the 4.2 series would probably be necessary anyway. Oleg On Mon, Mar 24, 2014 at 6:00 PM, Oleg Kalnichevski ol...@apache.org wrote: On Mon, 2014-03-24 at 17:54 +0200, d_k wrote: Hello. I'm using httpclient-4.1.1 and i'm trying to authenticate with different users on different realms but it seems to fail. Before I even start looking into this, is there a reason you are not using a newer version of HttpClient (preferably 4.3.x)? Oleg - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
