httpclient: basic authentication problem

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

httpclient: basic authentication problem

Zhaohua Meng
Gurus,
I used the following code to post a SOAP request. Some information are
provided as following. I used my username/password that I use to long on
to cgsh.com network. But I don't know if I can use the same credential to
log on to the machine I was trying to auth against. By looking at the
response, can anyone tell me the following:

1. Am I authenticated?
2. For basic auth, should I be a configured local user on the target
machine?

thanks,

    public static void postWithSupportedAuth() throws IOException,
HttpException, IllegalAccessException, InstantiationException,
ClassNotFoundException {
        String secProviderName = "com.sun.crypto.provider.SunJCE";
        java.security.Provider secProvider =
(java.security.Provider)Class.forName(secProviderName).newInstance();
        Security.addProvider(secProvider);
        String strURL =
"http://driman8.cgsh.com/worksite/services/factory.asmx";
        String strXMLFilename = "C:/project/junk/Test/Java
Source/request.xml";
        File input = new File(strXMLFilename);
        // Prepare HTTP post
        PostMethod post = new PostMethod(strURL);
        post.setRequestEntity(new InputStreamRequestEntity(
            new FileInputStream(input)));
        post.setRequestHeader("Content-type", "text/xml; charset=UTF-8");
        post.setRequestHeader("SOAPAction",
                        "\"http://worksite.imanage.com/CreateWorkspace\""
);
        HttpClient httpclient = new HttpClient();
//              httpclient.getParams().setAuthenticationPreemptive(true);
        httpclient.getState().setCredentials(
            new AuthScope("driman8.cgsh.com", 80, "driman8.cgsh.com"),
            new NTCredentials("mylogin","mypassword","driman8","cgsh.com")
                );
        List authPrefs = new ArrayList(3);
                authPrefs.add(AuthPolicy.BASIC);
                authPrefs.add(AuthPolicy.DIGEST);
                authPrefs.add(AuthPolicy.NTLM);
 httpclient.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY,
authPrefs);
        // Execute request

        try {
            int result = httpclient.executeMethod(post);
            // Display status code
            System.out.println("Response status code: " + result);
            // Display response
            System.out.println("Response body: ");
            System.out.println(post.getResponseBodyAsString());
        } finally {
            // Release current connection to the connection pool once you
are done
            post.releaseConnection();
        }
     }

-------------------- the response headers captured by Axis TCP/IP monitor
---------------------

HTTP/1.1 401 Unauthorized
Date: Fri, 29 Jul 2005 20:53:39 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="driman8.cgsh.com"
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=z30oaw55lagdav55bhjfnlbq; path=/
Set-Cookie: virtualPath=/WorkSite; path=/
Set-Cookie: virtualRoot=http://driman8.cgsh.com/WorkSite; path=/
Set-Cookie: keyCode=; path=/
Cache-Control: private
Content-Length: 0
------------------- end of the response headers --------------------------


----------- System.out.println() --------

[INFO] AuthChallengeProcessor - -Basic authentication scheme selected
[INFO] HttpMethodDirector - -Failure authenticating with BASIC
'driman8.cgsh.com'@driman8.cgsh.com:80
Response status code: 401
Response body:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
  BODY { font: 8pt/12pt verdana }
  H1 { font: 13pt/15pt verdana }
  H2 { font: 8pt/12pt verdana }
  A:link { color: red }
  A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>You are not authorized to view this page</h1>
You do not have permission to view this directory or page using the
credentials that you supplied.
<hr>
<p>Please try the following:</p>
<ul>
<li>Contact the Web site administrator if you believe you should be able
to view this directory or page.</li>
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to
try again with different credentials.</li>
</ul>
<h2>HTTP Error 401.1 - Unauthorized: Access is denied due to invalid
credentials.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft
Product Support Services</a> and perform a title search for the words
<b>HTTP</b> and <b>401</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
 and search for topics titled <b>Authentication</b>, <b>Access
Control</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

This message is being sent from a law firm and may contain confidential or privileged information.  If you are not the intended recipient, please advise the sender immediately by reply e-mail and delete this message and any attachments without retaining a copy.