12

I am getting

org.apache.commons.httpclient.auth.InvalidCredentialsException: Credentials cannot be used for NTLM authentication:

exception in eclipse

Whether it is possible mention eclipse to take system proxy settings directly?

public class HttpGetProxy {
    private static final String PROXY_HOST = "proxy.****.com";
    private static final int PROXY_PORT = 6050;

    public static void main(String[] args) {
        HttpClient client = new HttpClient();
        HttpMethod method = new GetMethod("https://kodejava.org");

        HostConfiguration config = client.getHostConfiguration();
        config.setProxy(PROXY_HOST, PROXY_PORT);

        String username = "*****";
        String password = "*****";
        Credentials credentials = new UsernamePasswordCredentials(username, password);
        AuthScope authScope = new AuthScope(PROXY_HOST, PROXY_PORT);

        client.getState().setProxyCredentials(authScope, credentials);

        try {
            client.executeMethod(method);

            if (method.getStatusCode() == HttpStatus.SC_OK) {
                String response = method.getResponseBodyAsString();
                System.out.println("Response = " + response);
            }
        } catch (IOException e) {
            e.printStackTrace();
        } finally {
            method.releaseConnection();
        }
    }
}

Exception:

Dec 08, 2017 1:41:39 PM org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme INFO: ntlm authentication scheme selected Dec 08, 2017 1:41:39 PM org.apache.commons.httpclient.HttpMethodDirector executeConnect SEVERE: Credentials cannot be used for NTLM authentication: org.apache.commons.httpclient.UsernamePasswordCredentials org.apache.commons.httpclient.auth.InvalidCredentialsException: Credentials cannot be used for NTLM authentication: enter code here org.apache.commons.httpclient.UsernamePasswordCredentials at org.apache.commons.httpclient.auth.NTLMScheme.authenticate(NTLMScheme.java:332) at org.apache.commons.httpclient.HttpMethodDirector.authenticateProxy(HttpMethodDirector.java:320) at org.apache.commons.httpclient.HttpMethodDirector.executeConnect(HttpMethodDirector.java:491) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:391) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) at HttpGetProxy.main(HttpGetProxy.java:31)
Dec 08, 2017 1:41:39 PM org.apache.commons.httpclient.HttpMethodDirector processProxyAuthChallenge INFO: Failure authenticating with NTLM @proxy.****.com:6050

Improve this question

3 Answers 3

Reset to default
1

According to the documentation the following authentication schemes are supported: Basic,Digest,NTLM,SPNEGO,Kerberos

In particular:

NTLM: NTLM is a proprietary authentication scheme developed by Microsoft and optimized for Windows platforms. NTLM is believed to be more secure than Digest.

So in order to avoid this warning use the following CredentialProvider:

CredentialsProvider provider = new BasicCredentialsProvider();
provider.setCredentials(AuthScope.ANY, new NTCredentials("user", "pwd", "", "domain"));
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The question mentions org.apache.commons.httpclient which is the old Apache HTTP client. BasicCredentialsProvider is in the new Apache HTTP client (org.apache.http.impl.client).
1

The Apache Commons HTTP client which you're using (org.apache.commons.httpclient) has support for NTLM via NTCredentials but it only supports NTLMv1 which is obsolete.

The best approach would be to upgrade to the new Apache HTTP client and use its NTCredentials instead. Here's a small example:

import org.apache.http.auth.AuthScope;
import org.apache.http.auth.NTCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.glassfish.jersey.apache.connector.ApacheClientProperties;
import org.glassfish.jersey.apache.connector.ApacheConnectorProvider;
import org.glassfish.jersey.client.ClientConfig;

import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;

ClientConfig clientConfig = new ClientConfig();

CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new NTCredentials(username, password, null, null));

clientConfig.property(ApacheClientProperties.CREDENTIALS_PROVIDER, credentialsProvider);
clientConfig.connectorProvider(new ApacheConnectorProvider());

Client client = ClientBuilder.newClient(clientConfig);

(Source: How to send NTLM authenticated post request using jersey?)

Improve this answer

Comments

0

I think you need to use credentials in the form of domain\username in the "username" field, for NTLM authentication to work properly.

Improve this answer

3 Comments

Still it is not working. I have added the domain and checked it not working
@bharathi There is even some configuration in Windows Server if BasicAuthentication can be used as fallback for NTLM (I am not sure if it is enabled by default). If would simplify your life very much if this option is enabled. Otherwise you will have to write your own AuthScheme
@bharathi Have you been able to resolve the issue, if so what is the fix for it ?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.