Apache HTTP Client 5.3 ~ NTCredentials no longer working

Question

I have a project that uses org.apache.httpcomponents.client5:httpclient5. I recently tried upgrading from version 5.2.3 to version 5.3, only to realize that the authentication was no longer working in the new version.

Here is how the relevant code looks:

        BasicCredentialsProvider credentialsProvider =
            new BasicCredentialsProvider();
        credentialsProvider.setCredentials(
            new AuthScope(host, port),
            new NTCredentials(username, password.toCharArray(), "", "")
        );
        httpclient = HttpClients.custom()
            .setDefaultCredentialsProvider(credentialsProvider)
            .build();
[...]
            final HttpGet httpget = new HttpGet(targetUrl);

            CloseableHttpResponse response = httpclient.execute(httpget);

Before the update from 5.2.3 to 5.3 this worked fine. However, when I use 5.3, I now get a 401 UNAUTHORIZED response.

I also tried the following variations to above code to pass the credentials along, but they all also return only 401 UNAUTHORIZED:

        httpclient = HttpClients.custom()
            .setDefaultCredentialsProvider(CredentialsProviderBuilder.create()
                .add(new HttpHost(host, port), username, password.toCharArray())
                .build())
            .build();

        credentialsProvider.setCredentials(
            new AuthScope(host, port),
            new UsernamePasswordCredentials(username, password.toCharArray())
        );

        SystemDefaultCredentialsProvider credentialsProvider =
            new SystemDefaultCredentialsProvider();
        credentialsProvider.setCredentials(
            new AuthScope(host, port),
            new NTCredentials(username, password.toCharArray(), "", "")
        );

Now I am stumped. Could this be a bug in 5.3? Or did something change to the way that the NTCredentialsProvider works? I could not find any release notes indicating so, and since this is only a minor version update that would surprise me.

Nonetheless, the fact it that it works with the old version but not with the new one. Does anyone has any suggestions as to what I can do about that?

Answer 1

We now managed to solve it by providing the httpclient with a default auth scheme registry like this:

        Lookup<AuthSchemeFactory> authSchemeRegistry = RegistryBuilder.<AuthSchemeFactory>create()
                .register(StandardAuthScheme.NTLM, new NTLMSchemeFactory()).build();

        httpclient = HttpClients.custom()
                .setDefaultCredentialsProvider(credentialsProvider)
                .setDefaultRequestConfig(config)
                .setDefaultAuthSchemeRegistry(authSchemeRegistry)
                .build();