On Tue, 2006-03-14 at 12:16 -0500, Wagner, John (MED US)
wrote:
>
> Ok - I enabled the content/wire logging and noticed the
following error:
> Cannot find any provider supporting DES/ECB/NoPadding
- What
> does this mean?
>
"DES encryption is not available"
That means one and only thing: the JCE you are using is
either
misconfigured or does not support strong ciphers.
Since you snipped the part of log that tell the JVM version
and JCE
providers available I am unable to tell you more
Please in the future do reply to the mailing list, not to me
directly
Oleg
> Here's the output:
>
> 2006/03/14 11:36:39:522 EST [DEBUG] DefaultHttpParams -
-Set parameter
> http.useragent = Jakarta Commons-HttpClient/3.0-rc4
> 2006/03/14 11:36:39:522 EST [DEBUG] DefaultHttpParams -
-Set parameter
> http.protocol.version = HTTP/1.1
> 2006/03/14 11:36:39:522 EST [DEBUG] DefaultHttpParams -
-Set parameter
> http.connection-manager.class = class
>
org.apache.commons.httpclient.SimpleHttpConnectionManager
> 2006/03/14 11:36:39:522 EST [DEBUG] DefaultHttpParams -
-Set parameter
> http.protocol.cookie-policy = rfc2109
> 2006/03/14 11:36:39:522 EST [DEBUG] DefaultHttpParams -
-Set parameter
> http.protocol.element-charset = US-ASCII
> 2006/03/14 11:36:39:522 EST [DEBUG] DefaultHttpParams -
-Set parameter
> http.protocol.content-charset = ISO-8859-1
> 2006/03/14 11:36:39:538 EST [DEBUG] DefaultHttpParams -
-Set parameter
> http.method.retry-handler =
>
org.apache.commons.httpclient.DefaultHttpMethodRetryHandler<
img src="/img/at.gif" align="middle" border="0"
alt="">31c233fc
> 2006/03/14 11:36:39:538 EST [DEBUG] DefaultHttpParams -
-Set parameter
> http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss
zzz, EEEE,
> dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE,
dd-MMM-yyyy
> HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy
HH:mm:ss z, EEE
> dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE
dd-MMM-yyyy
> HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy
HH:mm:ss z,
> EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z,
EEE, dd-MM-yyyy
> HH:mm:ss z]
> 2006/03/14 11:36:39:569 EST [DEBUG] DefaultHttpParams -
-Set parameter
> http.auth.scheme-priority = [NTLM]
> 2006/03/14 11:36:39:616 EST [DEBUG] DefaultHttpParams -
-Set parameter
> http.method.retry-handler =
>
org.apache.commons.httpclient.DefaultHttpMethodRetryHandler<
img src="/img/at.gif" align="middle" border="0"
alt="">199873ff
> 2006/03/14 11:36:39:632 EST [DEBUG] HttpConnection -
-Open connection to
> usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 11:36:39:710 EST [DEBUG] header - ->>
"GET
> http://www.google.com/
HTTP/1.1[\r][\n]"
> 2006/03/14 11:36:39:710 EST [DEBUG] HttpMethodBase -
-Adding Host
> request header
> 2006/03/14 11:36:39:741 EST [DEBUG] header - ->>
"User-Agent: Jakarta
> Commons-HttpClient/3.0-rc4[\r][\n]"
> 2006/03/14 11:36:39:741 EST [DEBUG] header - ->>
"Host:
> www.google.com[\r][\n]"
> 2006/03/14 11:36:39:741 EST [DEBUG] header - ->>
"Proxy-Connection:
> Keep-Alive[\r][\n]"
> 2006/03/14 11:36:39:741 EST [DEBUG] header - ->>
"[\r][\n]"
> 2006/03/14 11:36:39:757 EST [DEBUG] header - -<<
"HTTP/1.1 407 Proxy
> Authentication Required ( The ISA Server requires
authorization to
> fulfill the request. Access to the Web Proxy service is
denied.
> )[\r][\n]"
> 2006/03/14 11:36:39:757 EST [DEBUG] header - -<<
"Via: 1.1
> MLVV9W3A[\r][\n]"
> 2006/03/14 11:36:39:757 EST [DEBUG] header - -<<
"Proxy-Authenticate:
> NTLM[\r][\n]"
> 2006/03/14 11:36:39:757 EST [DEBUG] header - -<<
"Proxy-Authenticate:
> Kerberos[\r][\n]"
> 2006/03/14 11:36:39:757 EST [DEBUG] header - -<<
"Proxy-Authenticate:
> Negotiate[\r][\n]"
> 2006/03/14 11:36:39:757 EST [DEBUG] header - -<<
"Connection:
> close[\r][\n]"
> 2006/03/14 11:36:39:757 EST [DEBUG] header - -<<
"Proxy-Connection:
> close[\r][\n]"
> 2006/03/14 11:36:39:757 EST [DEBUG] header - -<<
"Pragma:
> no-cache[\r][\n]"
> 2006/03/14 11:36:39:757 EST [DEBUG] header - -<<
"Cache-Control:
> no-cache[\r][\n]"
> 2006/03/14 11:36:39:757 EST [DEBUG] header - -<<
"Content-Type:
> text/html[\r][\n]"
> 2006/03/14 11:36:39:757 EST [DEBUG] header - -<<
"Content-Length:
> 2377[\r][\n]"
> 2006/03/14 11:36:39:757 EST [DEBUG] HttpMethodDirector
- -Authorization
> required
> 2006/03/14 11:36:39:757 EST [DEBUG]
AuthChallengeProcessor - -Supported
> authentication schemes in the order of preference:
[NTLM]
> 2006/03/14 11:36:39:757 EST [INFO]
AuthChallengeProcessor - -NTLM
> authentication scheme selected
> 2006/03/14 11:36:39:772 EST [DEBUG]
AuthChallengeProcessor - -Using
> authentication scheme: ntlm
> 2006/03/14 11:36:39:772 EST [DEBUG]
AuthChallengeProcessor -
> -Authorization challenge processed
> 2006/03/14 11:36:39:772 EST [DEBUG] HttpMethodDirector
- -Proxy
> authentication scope: NTLM <any
> realm> usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 11:36:39:772 EST [DEBUG] HttpMethodDirector
- -Retry
> authentication
> 2006/03/14 11:36:39:788 EST [DEBUG] HttpMethodBase -
-Should close
> connection in response to directive: close
> 2006/03/14 11:36:39:788 EST [DEBUG] HttpConnection -
-Connection is
> locked. Call to releaseConnection() ignored.
> 2006/03/14 11:36:39:788 EST [DEBUG] HttpMethodDirector
- -Authenticating
> with NTLM <any realm>usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 11:36:39:788 EST [DEBUG] HttpMethodParams -
-Credential
> charset not configured, using HTTP element charset
> 2006/03/14 11:36:39:788 EST [DEBUG] HttpConnection -
-Open connection to
> usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 11:36:39:788 EST [DEBUG] header - ->>
"GET
> http://www.google.com/
HTTP/1.1[\r][\n]"
> 2006/03/14 11:36:39:788 EST [DEBUG] HttpMethodBase -
-Adding Host
> request header
> 2006/03/14 11:36:39:788 EST [DEBUG] header - ->>
"User-Agent: Jakarta
> Commons-HttpClient/3.0-rc4[\r][\n]"
> 2006/03/14 11:36:39:788 EST [DEBUG] header - ->>
"Proxy-Connection:
> Keep-Alive[\r][\n]"
> 2006/03/14 11:36:39:788 EST [DEBUG] header - ->>
"Proxy-Authorization:
> NTLM
TlRMTVNTUAABAAAABlIAAAUABQAgAAAAAAAAACAAAABXVzAwNQ==[\r][\
n]"
> 2006/03/14 11:36:39:788 EST [DEBUG] header - ->>
"Host:
> www.google.com[\r][\n]"
> 2006/03/14 11:36:39:788 EST [DEBUG] header - ->>
"[\r][\n]"
> 2006/03/14 11:36:39:803 EST [DEBUG] header - -<<
"HTTP/1.1 407 Proxy
> Authentication Required ( Access is denied.
)[\r][\n]"
> 2006/03/14 11:36:39:803 EST [DEBUG] header - -<<
"Via: 1.1
> MLVV9W3A[\r][\n]"
> 2006/03/14 11:36:39:803 EST [DEBUG] header - -<<
"Proxy-Authenticate:
> NTLM
>
TlRMTVNTUAACAAAABQAFADgAAAAGAoECLA3YBB5IUf8AAAAAAAAAAIQAhAA9
AAAABQCTCAAA
>
AA9XVzAwNQIACgBXAFcAMAAwADUAAQAQAE0ATABWAFYAOQBXADMAQQAEACIA
dwB3ADAAMAA1
>
AC4AcwBpAGUAbQBlAG4AcwAuAG4AZQB0AAMANABNAEwAVgBWADkAVwAzAEEA
LgB3AHcAMAAw
>
ADUALgBzAGkAZQBtAGUAbgBzAC4AbgBlAHQAAAAAAA==[\r][\n]"
;
> 2006/03/14 11:36:39:803 EST [DEBUG] header - -<<
"Pragma:
> no-cache[\r][\n]"
> 2006/03/14 11:36:39:803 EST [DEBUG] header - -<<
"Cache-Control:
> no-cache[\r][\n]"
> 2006/03/14 11:36:39:803 EST [DEBUG] header - -<<
"Content-Type:
> text/html[\r][\n]"
> 2006/03/14 11:36:39:803 EST [DEBUG] header - -<<
"Content-Length:
> 0[\r][\n]"
> 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodDirector
- -Authorization
> required
> 2006/03/14 11:36:39:803 EST [DEBUG]
AuthChallengeProcessor - -Using
> authentication scheme: ntlm
> 2006/03/14 11:36:39:803 EST [DEBUG]
AuthChallengeProcessor -
> -Authorization challenge processed
> 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodDirector
- -Proxy
> authentication scope: NTLM <any
> realm>usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodDirector
- -Retry
> authentication
> 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodBase -
-Resorting to
> protocol version default close connection policy
> 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodBase -
-Should NOT close
> connection, using HTTP/1.1
> 2006/03/14 11:36:39:803 EST [DEBUG] HttpConnection -
-Connection is
> locked. Call to releaseConnection() ignored.
> 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodDirector
- -Authenticating
> with NTLM <any realm>usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 11:36:39:803 EST [DEBUG] HttpMethodParams -
-Credential
> charset not configured, using HTTP element charset
> 2006/03/14 11:36:40:632 EST [ERROR] HttpMethodDirector
- -DES encryption
> is not available.
>
<org.apache.commons.httpclient.auth.AuthenticationExcepti
on: DES
> encryption is not
>
available.>org.apache.commons.httpclient.auth.Authenticat
ionException:
> DES encryption is not available.
> at
>
org.apache.commons.httpclient.auth.NTLM.getCipher(NTLM.java:
118)
> at
>
org.apache.commons.httpclient.auth.NTLM.encrypt(NTLM.java:16
4)
> at
>
org.apache.commons.httpclient.auth.NTLM.hashPassword(NTLM.ja
va:466)
> at
>
org.apache.commons.httpclient.auth.NTLM.getType3Message(NTLM
.java:417)
> at
>
org.apache.commons.httpclient.auth.NTLMScheme.authenticate(N
TLMScheme.ja
> va:344)
> at
>
org.apache.commons.httpclient.HttpMethodDirector.authenticat
eProxy(HttpM
> ethodDirector.java:317)
> at
>
org.apache.commons.httpclient.HttpMethodDirector.authenticat
e(HttpMethod
> Director.java:230)
> at
>
org.apache.commons.httpclient.HttpMethodDirector.executeMeth
od(HttpMetho
> dDirector.java:169)
> at
>
org.apache.commons.httpclient.HttpClient.executeMethod(HttpC
lient.java:3
> 96)
> at
>
org.apache.commons.httpclient.HttpClient.executeMethod(HttpC
lient.java:3
> 24)
> at HttpClientNTLM.main(HttpClientNTLM.java:51)
> Caused by: java.security.NoSuchAlgorithmException:
Cannot find any
> provider supporting DES/ECB/NoPadding
> at javax.crypto.Cipher.getInstance(Unknown Source)
> at
>
org.apache.commons.httpclient.auth.NTLM.getCipher(NTLM.java:
113)
> ... 10 more
>
> 2006/03/14 11:36:40:632 EST [DEBUG] header - ->>
"GET
> http://www.google.com/
HTTP/1.1[\r][\n]"
> 2006/03/14 11:36:40:632 EST [DEBUG] HttpMethodBase -
-Adding Host
> request header
> 2006/03/14 11:36:40:632 EST [DEBUG] header - ->>
"User-Agent: Jakarta
> Commons-HttpClient/3.0-rc4[\r][\n]"
> 2006/03/14 11:36:40:632 EST [DEBUG] header - ->>
"Proxy-Connection:
> Keep-Alive[\r][\n]"
> 2006/03/14 11:36:40:632 EST [DEBUG] header - ->>
"Host:
> www.google.com[\r][\n]"
> 2006/03/14 11:36:40:632 EST [DEBUG] header - ->>
"[\r][\n]"
> 2006/03/14 11:36:40:647 EST [DEBUG] header - -<<
"HTTP/1.1 407 Proxy
> Authentication Required ( The ISA Server requires
authorization to
> fulfill the request. Access to the Web Proxy service is
denied.
> )[\r][\n]"
> 2006/03/14 11:36:40:647 EST [DEBUG] header - -<<
"Via: 1.1
> MLVV9W3A[\r][\n]"
> 2006/03/14 11:36:40:647 EST [DEBUG] header - -<<
"Proxy-Authenticate:
> NTLM[\r][\n]"
> 2006/03/14 11:36:40:647 EST [DEBUG] header - -<<
"Proxy-Authenticate:
> Kerberos[\r][\n]"
> 2006/03/14 11:36:40:647 EST [DEBUG] header - -<<
"Proxy-Authenticate:
> Negotiate[\r][\n]"
> 2006/03/14 11:36:40:647 EST [DEBUG] header - -<<
"Pragma:
> no-cache[\r][\n]"
> 2006/03/14 11:36:40:647 EST [DEBUG] header - -<<
"Cache-Control:
> no-cache[\r][\n]"
> 2006/03/14 11:36:40:647 EST [DEBUG] header - -<<
"Content-Type:
> text/html[\r][\n]"
> 2006/03/14 11:36:40:647 EST [DEBUG] header - -<<
"Content-Length:
> 2377[\r][\n]"
> 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodDirector
- -Authorization
> required
> 2006/03/14 11:36:40:647 EST [DEBUG]
AuthChallengeProcessor - -Using
> authentication scheme: ntlm
> 2006/03/14 11:36:40:647 EST [DEBUG]
AuthChallengeProcessor -
> -Authorization challenge processed
> 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodDirector
- -Proxy
> authentication scope: NTLM <any
> realm>usi00-proxy.ww005.siemens.net:8080
> 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodDirector
- -Proxy
> credentials required
> 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodDirector
- -Proxy
> credentials provider not available
> 2006/03/14 11:36:40:647 EST [INFO] HttpMethodDirector -
-Failure
> authenticating with NTLM <any realm>usi00-proxy.ww005.siemens.net:8080
> Method failed: HTTP/1.1 407 Proxy Authentication
Required ( The ISA
> Server requires authorization to fulfill the request.
Access to the Web
> Proxy service is denied. )
> 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodBase -
-Buffering response
> body
> 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodBase -
-Resorting to
> protocol version default close connection policy
> 2006/03/14 11:36:40:647 EST [DEBUG] HttpMethodBase -
-Should NOT close
> connection, using HTTP/1.1
> 2006/03/14 11:36:40:647 EST [DEBUG] HttpConnection -
-Releasing
> connection back to connection manager.
>
> Thanks.
>
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegkapache.org]
> Sent: Tuesday, March 14, 2006 11:26 AM
> To: HttpClient Project
> Cc: Wagner, John (MED US)
> Subject: Re: NTLM proxy auth
>
> On Tue, 2006-03-14 at 11:02 -0500, Wagner, John (MED
US) wrote:
> > Hi,
> >
> > I am trying to access the web through our
corporate proxy server with
> > uses NTLM. I have not been able to authenticate -
receive 407 error.
> > Attached is the code I'm using. When viewing the
proxy logs, they
> said
> > that I was not passing any credentials to the
proxy server and that is
> > why I failed.
>
> John,
>
> It is going to be pretty easy to tell if that is indeed
the case if you
> turn on the context/wire logging:
>
> http://jakarta.apache.org/commons/httpclient/logging.ht
ml
>
> If you need help interpreting the log, feel free to
post it to this
> list. You might want to remove security sensitive data
(such as user
> credentials) from the log prior to posting it
>
> Oleg
>
> > Where did I go wrong?
> >
> > import java.util.*;
> > import java.io.*;
> >
> > import org.apache.commons.httpclient.*;
> > import org.apache.commons.httpclient.methods.*;
> > import
org.apache.commons.httpclient.params.HttpMethodParams;
> > import org.apache.commons.httpclient.auth.*;
> >
> > public class HttpClientNTLM {
> >
> > private static String url = "http://www.google.com/&qu
ot;;
> >
> > public static void main(String[] args) {
> > // Create an instance of HttpClient.
> > HttpClient client = new HttpClient();
> >
> > String NTUser=username;
> > String NTPwd=password;
> > String NTDomain=domain;
> >
> >
client.getHostConfiguration().setHost("www.google.com
");
> > client.getHostConfiguration().setProxy(proxy
host, 8080);
> >
> > List authPrefs = new ArrayList();
> > authPrefs.add(AuthPolicy.NTLM);
> >
> > client.getState().setProxyCredentials(
> > new AuthScope(null, 8080, null),
> > new NTCredentials(NTUser, NTPwd,
"", NTDomain));
> >
> >
client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIOR
ITY,
> > authPrefs);
> >
> > // Create a method instance.
> > GetMethod method = new GetMethod(url);
> >
> > // Provide custom retry handler is necessary
> >
method.getParams().setParameter(HttpMethodParams.RETRY_HANDL
ER,
> > new DefaultHttpMethodRetryHandler(3,
false));
> >
> > try {
> > // Execute the method.
> > int statusCode =
client.executeMethod(method);
> >
> > if (statusCode != HttpStatus.SC_OK) {
> > System.err.println("Method failed:
" +
> method.getStatusLine());
> > }
> >
> > // Read the response body.
> > byte[] responseBody =
method.getResponseBody();
> >
> > // Deal with the response.
> > // Use caution: ensure correct character
encoding and is not
> > binary data
> > System.out.println(new
String(responseBody));
> >
> > } catch (HttpException e) {
> > System.err.println("Fatal protocol
violation: " +
> e.getMessage());
> > e.printStackTrace();
> > } catch (IOException e) {
> > System.err.println("Fatal transport
error: " + e.getMessage());
> > e.printStackTrace();
> > } finally {
> > // Release the connection.
> > method.releaseConnection();
> > }
> > }
> > }
> >
> >
> >
>
------------------------------------------------------------
------------
> -------
> > This message and any included attachments are from
Siemens Medical
> Solutions
> > USA, Inc. and are intended only for the
addressee(s).
> > The information contained herein may include trade
secrets or
> privileged or
> > otherwise confidential information. Unauthorized
review, forwarding,
> printing,
> > copying, distributing, or using such information
is strictly
> prohibited and may
> > be unlawful. If you received this message in
error, or have reason to
> believe
> > you are not authorized to receive it, please
promptly delete this
> message and
> > notify the sender by e-mail with a copy to
> Central.SecurityOfficeshs.siemens.com
> >
> > Thank you
>
>
>
------------------------------------------------------------
-------------------
> This message and any included attachments are from
Siemens Medical Solutions
> USA, Inc. and are intended only for the addressee(s).
> The information contained herein may include trade
secrets or privileged or
> otherwise confidential information. Unauthorized
review, forwarding, printing,
> copying, distributing, or using such information is
strictly prohibited and may
> be unlawful. If you received this message in error, or
have reason to believe
> you are not authorized to receive it, please promptly
delete this message and
> notify the sender by e-mail with a copy to
Central.SecurityOfficeshs.siemens.com
>
> Thank you
>
------------------------------------------------------------
---------
To unsubscribe, e-mail: httpclient-dev-unsubscribejakarta.apache.org
For additional commands, e-mail: httpclient-dev-helpjakarta.apache.org
|