httpclient: basic authentication problem

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

httpclient: basic authentication problem

Zhaohua Meng
I used the following code to post a SOAP request. Some information are
provided as following. I used my username/password that I use to long on
to network. But I don't know if I can use the same credential to
log on to the machine I was trying to auth against. By looking at the
response, can anyone tell me the following:

1. Am I authenticated?
2. For basic auth, should I be a configured local user on the target


    public static void postWithSupportedAuth() throws IOException,
HttpException, IllegalAccessException, InstantiationException,
ClassNotFoundException {
        String secProviderName = "com.sun.crypto.provider.SunJCE"; secProvider =
        String strURL =
        String strXMLFilename = "C:/project/junk/Test/Java
        File input = new File(strXMLFilename);
        // Prepare HTTP post
        PostMethod post = new PostMethod(strURL);
        post.setRequestEntity(new InputStreamRequestEntity(
            new FileInputStream(input)));
        post.setRequestHeader("Content-type", "text/xml; charset=UTF-8");
        HttpClient httpclient = new HttpClient();
//              httpclient.getParams().setAuthenticationPreemptive(true);
            new AuthScope("", 80, ""),
            new NTCredentials("mylogin","mypassword","driman8","")
        List authPrefs = new ArrayList(3);
        // Execute request

        try {
            int result = httpclient.executeMethod(post);
            // Display status code
            System.out.println("Response status code: " + result);
            // Display response
            System.out.println("Response body: ");
        } finally {
            // Release current connection to the connection pool once you
are done

-------------------- the response headers captured by Axis TCP/IP monitor

HTTP/1.1 401 Unauthorized
Date: Fri, 29 Jul 2005 20:53:39 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm=""
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=z30oaw55lagdav55bhjfnlbq; path=/
Set-Cookie: virtualPath=/WorkSite; path=/
Set-Cookie: virtualRoot=; path=/
Set-Cookie: keyCode=; path=/
Cache-Control: private
Content-Length: 0
------------------- end of the response headers --------------------------

----------- System.out.println() --------

[INFO] AuthChallengeProcessor - -Basic authentication scheme selected
[INFO] HttpMethodDirector - -Failure authenticating with BASIC
Response status code: 401
Response body:
<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
  BODY { font: 8pt/12pt verdana }
  H1 { font: 13pt/15pt verdana }
  H2 { font: 8pt/12pt verdana }
  A:link { color: red }
  A:visited { color: maroon }
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>You are not authorized to view this page</h1>
You do not have permission to view this directory or page using the
credentials that you supplied.
<p>Please try the following:</p>
<li>Contact the Web site administrator if you believe you should be able
to view this directory or page.</li>
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to
try again with different credentials.</li>
<h2>HTTP Error 401.1 - Unauthorized: Access is denied due to invalid
credentials.<br>Internet Information Services (IIS)</h2>
<p>Technical Information (for support personnel)</p>
<li>Go to <a href="">Microsoft
Product Support Services</a> and perform a title search for the words
<b>HTTP</b> and <b>401</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
 and search for topics titled <b>Authentication</b>, <b>Access
Control</b>, and <b>About Custom Error Messages</b>.</li>


This message is being sent from a law firm and may contain confidential or privileged information.  If you are not the intended recipient, please advise the sender immediately by reply e-mail and delete this message and any attachments without retaining a copy.