Apache HttpClient v5.0在Windows上无法使用NTLM进行身份验证。

huangapple go评论70阅读模式
英文:

Apache HttpClient v5.0 doesn't authenticate with NTLM on Windows

问题

我正在尝试通过 NTLM 代理发出请求代码如下

try (CloseableHttpClient httpClient = WinHttpClients.createDefault()) {
    HttpHost target = HttpHost.create("http://example.com");
    HttpHost proxy = new HttpHost("http", "localhost", 80);
    RequestConfig config = RequestConfig.custom().setProxy(proxy).build();
    HttpGet request = new HttpGet("/");
    request.setConfig(config);
    try (CloseableHttpResponse response = httpClient.execute(target, request)) {
        StatusLine statusLine = new StatusLine(response);
        if (statusLine.getStatusCode() == HttpStatus.SC_OK) {
            System.out.println("Test OK");
        } else if (statusLine.getStatusCode() == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED) {
            throw new CredentialException(statusLine.getReasonPhrase());
        }
    }
} catch (Exception e) {
    e.printStackTrace();
}

错误日志如下:

[主要] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ex-00000001: 准备请求执行
...
...
javax.security.auth.login.CredentialException: 需要代理授权
at org.kpax.http_client_5_testing.App.main(App.java:47)


环境:
- 操作系统:Windows 10
- JRE:AdoptOpenJdk v11
- 代理类型:NTLM(Wingate)
问题:上述代码是否存在问题?
注:相同的代码在 Apache Http Client v4.5.12 中正常工作。
<details>
<summary>英文:</summary>
I&#39;m trying to make a request through a NTLM proxy like this:
try (CloseableHttpClient httpClient = WinHttpClients.createDefault()) {
HttpHost target = HttpHost.create(&quot;http://example.com&quot;);
HttpHost proxy = new HttpHost(&quot;http&quot;, &quot;localhost&quot;, 80);
RequestConfig config = RequestConfig.custom().setProxy(proxy).build();
HttpGet request = new HttpGet(&quot;/&quot;);
request.setConfig(config);
try (CloseableHttpResponse response = httpClient.execute(target, request)) {
StatusLine statusLine = new StatusLine(response);
if (statusLine.getStatusCode() == HttpStatus.SC_OK) {
System.out.println(&quot;Test OK&quot;);
} else if (statusLine.getStatusCode() == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED) {
throw new CredentialException(statusLine.getReasonPhrase());
}
}
} catch (Exception e) {
e.printStackTrace();
}
but it fails, here is the log:
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ex-00000001: preparing request execution
[main] DEBUG org.apache.hc.client5.http.protocol.RequestAddCookies - Cookie spec selected: strict
[main] DEBUG org.apache.hc.client5.http.protocol.RequestAuthCache - Auth cache not set in the context
[main] DEBUG org.apache.hc.client5.http.impl.classic.ProtocolExec - ex-00000001: target auth state: UNCHALLENGED
[main] DEBUG org.apache.hc.client5.http.impl.classic.ProtocolExec - ex-00000001: proxy auth state: UNCHALLENGED
[main] DEBUG org.apache.hc.client5.http.impl.classic.ConnectExec - ex-00000001: acquiring connection with route {}-&gt;http://localhost:80-&gt;http://example.com:80
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ex-00000001: acquiring endpoint (3 MINUTES)
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ex-00000001: endpoint lease request (3 MINUTES) [route: {}-&gt;http://localhost:80-&gt;http://example.com:80][total available: 0; route allocated: 0 of 5; total allocated: 0 of 25]
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ex-00000001: endpoint leased [route: {}-&gt;http://localhost:80-&gt;http://example.com:80][total available: 0; route allocated: 1 of 5; total allocated: 1 of 25]
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ex-00000001: acquired ep-00000000
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ex-00000001: acquired endpoint ep-00000000
[main] DEBUG org.apache.hc.client5.http.impl.classic.ConnectExec - ex-00000001: opening connection {}-&gt;http://localhost:80-&gt;http://example.com:80
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: connecting endpoint (3 MINUTES)
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: connecting endpoint to http://localhost:80 (3 MINUTES)
[main] DEBUG org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator - http-outgoing-0: connecting to localhost/127.0.0.1:80
[main] DEBUG org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator - http-outgoing-0: connection established 127.0.0.1:57194&lt;-&gt;127.0.0.1:80
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: connected http-outgoing-0
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: endpoint connected
[main] DEBUG org.apache.hc.client5.http.impl.classic.MainClientExec - ex-00000001: executing GET http://example.com/ HTTP/1.1
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: start execution ex-00000001
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: executing exchange ex-00000001 over http-outgoing-0
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &gt;&gt; GET http://example.com/ HTTP/1.1
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &gt;&gt; Accept-Encoding: gzip, x-gzip, deflate
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &gt;&gt; Host: example.com
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &gt;&gt; User-Agent: Apache-HttpClient/5.0 (Java/1.8.0_222)
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &gt;&gt; &quot;GET http://example.com/ HTTP/1.1[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &gt;&gt; &quot;Accept-Encoding: gzip, x-gzip, deflate[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &gt;&gt; &quot;Host: example.com[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &gt;&gt; &quot;User-Agent: Apache-HttpClient/5.0 (Java/1.8.0_222)[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &gt;&gt; &quot;[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;HTTP/1.1 407 Proxy authorization required[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;Proxy-Authenticate: NTLM[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;Proxy-Authenticate: Basic realm=&quot;/&quot;, charset=&quot;UTF-8&quot;[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;Proxy-Support: session-based-authentication[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;Cache-control: no-store, no-cache[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;Content-Type: text/html; charset=utf-8[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;Content-Length: 855[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;Date: Sun, 05 Apr 2020 06:15:20 GMT[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;Server: WinGate Engine[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;Connection: Keep-Alive[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.01 Transitional//EN&quot; &quot;http://www.w3.org/TR/html4/strict.dtd&quot;&gt;&lt;html&gt;&lt;head&gt;&lt;title&gt;Proxy authorization required&lt;/title&gt;[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;&lt;style&gt;[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;body { font-family:helvetica; font-size:11pt; color:#0071BB; margin:30px; padding:0px; }[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;h1 { color:#005395; margin:0px 0px 0px 0px; }[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;h2 { color:#005395; }[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;p { margin:6px 0px 6px 0px;}[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;p.footer { font-size:8pt; margin:3px 0px 0px 0px;}[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;b { font-weight:550; color:#7F7F7F; }[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;&lt;/style&gt;[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;&lt;/head&gt;[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;&lt;body&gt;&lt;h1&gt;Proxy authorization required&lt;/h1&gt;[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;&lt;div style=&quot;margin:12px 0px 12px 0px; padding:12px 0px 12px 0px; min-height:300px; border-top:1px solid #0071BB; border-bottom:1px solid #0071BB;&quot;&gt;You must authenticate to gain access to this resource&lt;/div&gt;[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;&lt;p class=&quot;footer&quot;&gt;&lt;a href=&quot;http://www.wingate.com&quot;&gt;WinGate&lt;/a&gt;&amp;trade; &amp;copy; Qbik New Zealand Limited 1995-2020[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 &lt;&lt; &quot;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;[\r][\n]&quot;
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &lt;&lt; HTTP/1.1 407 Proxy authorization required
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &lt;&lt; Proxy-Authenticate: NTLM
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &lt;&lt; Proxy-Authenticate: Basic realm=&quot;/&quot;, charset=&quot;UTF-8&quot;
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &lt;&lt; Proxy-Support: session-based-authentication
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &lt;&lt; Cache-control: no-store, no-cache
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &lt;&lt; Content-Type: text/html; charset=utf-8
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &lt;&lt; Content-Length: 855
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &lt;&lt; Date: Sun, 05 Apr 2020 06:15:20 GMT
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &lt;&lt; Server: WinGate Engine
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 &lt;&lt; Connection: Keep-Alive
[main] DEBUG org.apache.hc.client5.http.impl.classic.MainClientExec - ex-00000001: connection can be kept alive for 3 MINUTES
[main] DEBUG org.apache.hc.client5.http.impl.classic.ProtocolExec - Authentication required
[main] DEBUG org.apache.hc.client5.http.impl.classic.ProtocolExec - localhost:80 requested authentication
[main] DEBUG org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, Digest, Basic]
[main] DEBUG org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy - Challenge for Negotiate authentication scheme not available
[main] DEBUG org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
[main] DEBUG org.apache.hc.client5.http.impl.win.WindowsNegotiateScheme - Created WindowsNegotiateScheme using NTLM
[main] DEBUG org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy - Challenge for Digest authentication scheme not available
[main] WARN org.apache.hc.client5.http.impl.classic.ProtocolExec - Missing auth challenge
[main] DEBUG org.apache.hc.client5.http.impl.io.DefaultManagedHttpClientConnection - http-outgoing-0: close connection GRACEFUL
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: endpoint closed
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: endpoint closed
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: discarding endpoint
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: releasing endpoint
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: connection released [route: {}-&gt;http://localhost:80-&gt;http://example.com:80][total available: 0; route allocated: 0 of 5; total allocated: 0 of 25]
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - Shutdown connection pool GRACEFUL
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - Connection pool shut down
javax.security.auth.login.CredentialException: Proxy authorization required
at org.kpax.http_client_5_testing.App.main(App.java:47)
----------
**Environment**
- OS: Windows 10 
- JRE: AdoptOpenJdk v11 
- Proxy type: NTLM (Wingate)
----------
**Question** Is there something wrong with the above code?
----------
**Obs** The same code works fine with Apache Http Client v4.5.12
</details>
# 答案1
**得分**: 1
这是一个[轻微的错误][1],已在v5.0.1中解决。
[1]: https://issues.apache.org/jira/browse/HTTPCLIENT-2073
<details>
<summary>英文:</summary>
It is a [minor bug][1], solved now, for v5.0.1.
[1]: https://issues.apache.org/jira/browse/HTTPCLIENT-2073
</details>

huangapple
  • 本文由 发表于 2020年4月5日 16:13:18
  • 转载请务必保留本文链接:https://go.coder-hub.com/61039771.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定