HTTP proxy authentication scheme priorities

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

HTTP proxy authentication scheme priorities


I'm refering to Adam's comment here:

Our problem is that JCIFS does not seem to be able to authenticate against our corporate HTTP proxy (for reasons unknown to me). Basically, Apache HTTP client goes into an infinite loop on NTLM, because it does this:

[DEBUG] [org.apache.http.headers] << Proxy-Authenticate: NTLM
[DEBUG] [org.apache.http.headers] << Proxy-Authenticate: Basic realm="the Proxy server"
[DEBUG] [org.apache.http.impl.client.ProxyAuthenticationStrategy] Authentication schemes in the order of preference: [NTLM, Basic]

In four words - Basic works, NTLM doesn't.

Seems that the simplest thing to do for us would be to extend the code to enable it to change the authentication scheme priorities, using 


param to instrument Apache HttpClient, as documented here:

so that we can force it to use Basic before NTLM.

I hacked that quickly against Gradle v1.10, by adding the following hardcoded settings to

    List<String> authpref = new ArrayList<String>();
    authpref.add( AuthPolicy.BASIC );
    authpref.add( AuthPolicy.NTLM );
    httpClient.getParams().setParameter( "", authpref );
    httpClient.getParams().setParameter( "http.auth.proxy-scheme-pref", authpref );

It works as expected, so the log shows

[DEBUG] [org.apache.http.impl.client.ProxyAuthenticationStrategy] Authentication schemes in the order of preference: [Basic, NTLM]

As I stated on JIRA, I can submit a pull request - a solution could be to pass it from systemProp properties to the client parameters, for example.

Let me know what's your preference.