英文:
Apache HttpClient v5.0 doesn't authenticate with NTLM on Windows
问题
我正在尝试通过 NTLM 代理发出请求,代码如下:
try (CloseableHttpClient httpClient = WinHttpClients.createDefault()) {
HttpHost target = HttpHost.create("http://example.com");
HttpHost proxy = new HttpHost("http", "localhost", 80);
RequestConfig config = RequestConfig.custom().setProxy(proxy).build();
HttpGet request = new HttpGet("/");
request.setConfig(config);
try (CloseableHttpResponse response = httpClient.execute(target, request)) {
StatusLine statusLine = new StatusLine(response);
if (statusLine.getStatusCode() == HttpStatus.SC_OK) {
System.out.println("Test OK");
} else if (statusLine.getStatusCode() == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED) {
throw new CredentialException(statusLine.getReasonPhrase());
}
}
} catch (Exception e) {
e.printStackTrace();
}
错误日志如下:
[主要] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ex-00000001: 准备请求执行
...
...
javax.security.auth.login.CredentialException: 需要代理授权
at org.kpax.http_client_5_testing.App.main(App.java:47)
环境:
- 操作系统:Windows 10
- JRE:AdoptOpenJdk v11
- 代理类型:NTLM(Wingate)
问题:上述代码是否存在问题?
注:相同的代码在 Apache Http Client v4.5.12 中正常工作。
<details>
<summary>英文:</summary>
I'm trying to make a request through a NTLM proxy like this:
try (CloseableHttpClient httpClient = WinHttpClients.createDefault()) {
HttpHost target = HttpHost.create("http://example.com");
HttpHost proxy = new HttpHost("http", "localhost", 80);
RequestConfig config = RequestConfig.custom().setProxy(proxy).build();
HttpGet request = new HttpGet("/");
request.setConfig(config);
try (CloseableHttpResponse response = httpClient.execute(target, request)) {
StatusLine statusLine = new StatusLine(response);
if (statusLine.getStatusCode() == HttpStatus.SC_OK) {
System.out.println("Test OK");
} else if (statusLine.getStatusCode() == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED) {
throw new CredentialException(statusLine.getReasonPhrase());
}
}
} catch (Exception e) {
e.printStackTrace();
}
but it fails, here is the log:
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ex-00000001: preparing request execution
[main] DEBUG org.apache.hc.client5.http.protocol.RequestAddCookies - Cookie spec selected: strict
[main] DEBUG org.apache.hc.client5.http.protocol.RequestAuthCache - Auth cache not set in the context
[main] DEBUG org.apache.hc.client5.http.impl.classic.ProtocolExec - ex-00000001: target auth state: UNCHALLENGED
[main] DEBUG org.apache.hc.client5.http.impl.classic.ProtocolExec - ex-00000001: proxy auth state: UNCHALLENGED
[main] DEBUG org.apache.hc.client5.http.impl.classic.ConnectExec - ex-00000001: acquiring connection with route {}->http://localhost:80->http://example.com:80
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ex-00000001: acquiring endpoint (3 MINUTES)
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ex-00000001: endpoint lease request (3 MINUTES) [route: {}->http://localhost:80->http://example.com:80][total available: 0; route allocated: 0 of 5; total allocated: 0 of 25]
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ex-00000001: endpoint leased [route: {}->http://localhost:80->http://example.com:80][total available: 0; route allocated: 1 of 5; total allocated: 1 of 25]
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ex-00000001: acquired ep-00000000
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ex-00000001: acquired endpoint ep-00000000
[main] DEBUG org.apache.hc.client5.http.impl.classic.ConnectExec - ex-00000001: opening connection {}->http://localhost:80->http://example.com:80
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: connecting endpoint (3 MINUTES)
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: connecting endpoint to http://localhost:80 (3 MINUTES)
[main] DEBUG org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator - http-outgoing-0: connecting to localhost/127.0.0.1:80
[main] DEBUG org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator - http-outgoing-0: connection established 127.0.0.1:57194<->127.0.0.1:80
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: connected http-outgoing-0
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: endpoint connected
[main] DEBUG org.apache.hc.client5.http.impl.classic.MainClientExec - ex-00000001: executing GET http://example.com/ HTTP/1.1
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: start execution ex-00000001
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: executing exchange ex-00000001 over http-outgoing-0
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 >> GET http://example.com/ HTTP/1.1
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 >> Accept-Encoding: gzip, x-gzip, deflate
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 >> Host: example.com
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/5.0 (Java/1.8.0_222)
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 >> "GET http://example.com/ HTTP/1.1[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 >> "Accept-Encoding: gzip, x-gzip, deflate[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 >> "Host: example.com[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 >> "User-Agent: Apache-HttpClient/5.0 (Java/1.8.0_222)[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 >> "[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "HTTP/1.1 407 Proxy authorization required[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Proxy-Authenticate: NTLM[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Proxy-Authenticate: Basic realm="/", charset="UTF-8"[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Proxy-Support: session-based-authentication[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Cache-control: no-store, no-cache[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Content-Type: text/html; charset=utf-8[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Content-Length: 855[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Date: Sun, 05 Apr 2020 06:15:20 GMT[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Server: WinGate Engine[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Connection: Keep-Alive[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><title>Proxy authorization required</title>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "<style>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "body { font-family:helvetica; font-size:11pt; color:#0071BB; margin:30px; padding:0px; }[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "h1 { color:#005395; margin:0px 0px 0px 0px; }[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "h2 { color:#005395; }[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "p { margin:6px 0px 6px 0px;}[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "p.footer { font-size:8pt; margin:3px 0px 0px 0px;}[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "b { font-weight:550; color:#7F7F7F; }[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "</style>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "</head>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "<body><h1>Proxy authorization required</h1>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "<div style="margin:12px 0px 12px 0px; padding:12px 0px 12px 0px; min-height:300px; border-top:1px solid #0071BB; border-bottom:1px solid #0071BB;">You must authenticate to gain access to this resource</div>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "<p class="footer"><a href="http://www.wingate.com">WinGate</a>&trade; &copy; Qbik New Zealand Limited 1995-2020[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "</p></body></html>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << HTTP/1.1 407 Proxy authorization required
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Proxy-Authenticate: NTLM
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Proxy-Authenticate: Basic realm="/", charset="UTF-8"
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Proxy-Support: session-based-authentication
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Cache-control: no-store, no-cache
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Content-Type: text/html; charset=utf-8
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Content-Length: 855
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Date: Sun, 05 Apr 2020 06:15:20 GMT
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Server: WinGate Engine
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Connection: Keep-Alive
[main] DEBUG org.apache.hc.client5.http.impl.classic.MainClientExec - ex-00000001: connection can be kept alive for 3 MINUTES
[main] DEBUG org.apache.hc.client5.http.impl.classic.ProtocolExec - Authentication required
[main] DEBUG org.apache.hc.client5.http.impl.classic.ProtocolExec - localhost:80 requested authentication
[main] DEBUG org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, Digest, Basic]
[main] DEBUG org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy - Challenge for Negotiate authentication scheme not available
[main] DEBUG org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
[main] DEBUG org.apache.hc.client5.http.impl.win.WindowsNegotiateScheme - Created WindowsNegotiateScheme using NTLM
[main] DEBUG org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy - Challenge for Digest authentication scheme not available
[main] WARN org.apache.hc.client5.http.impl.classic.ProtocolExec - Missing auth challenge
[main] DEBUG org.apache.hc.client5.http.impl.io.DefaultManagedHttpClientConnection - http-outgoing-0: close connection GRACEFUL
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: endpoint closed
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: endpoint closed
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: discarding endpoint
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: releasing endpoint
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: connection released [route: {}->http://localhost:80->http://example.com:80][total available: 0; route allocated: 0 of 5; total allocated: 0 of 25]
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - Shutdown connection pool GRACEFUL
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - Connection pool shut down
javax.security.auth.login.CredentialException: Proxy authorization required
at org.kpax.http_client_5_testing.App.main(App.java:47)
----------
**Environment**
- OS: Windows 10
- JRE: AdoptOpenJdk v11
- Proxy type: NTLM (Wingate)
----------
**Question** Is there something wrong with the above code?
----------
**Obs** The same code works fine with Apache Http Client v4.5.12
</details>
# 答案1
**得分**: 1
这是一个[轻微的错误][1],已在v5.0.1中解决。
[1]: https://issues.apache.org/jira/browse/HTTPCLIENT-2073
<details>
<summary>英文:</summary>
It is a [minor bug][1], solved now, for v5.0.1.
[1]: https://issues.apache.org/jira/browse/HTTPCLIENT-2073
</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论