Community
Participate
Working Groups
Currently, we only support username + password. We need to figure out how to detect whether a proxy requires NTLM authentication and where to obtain the authentication information. Research task: How does the p2 update mechnism solve this?
Tested with Squid, for which it works now. Unfortunately, I don't have access to a Windows AD setup that uses the Microsoft dialect of NTLM, so closing this as WORKSFORME now. Please reopen if you have trouble in such a setup.
Closing for 2.1
Based on the discussion on Bug 422665 and the fact that Eclipse Aether (which Code Recommenders uses since 2.1.0) uses the problematic Apache HttpComponents 4.2.x, it seems likely that this bug has to be reopenend. Unfortunately, we do not have a NTLM proxy setup (save for Squid's fakeauth) with which we can test things, so we have to rely on the user community (which proved to be really helpful on Bug 422665 already :-). If any user who knows he or she is behind an NTLM proxy could thus install the latest version of Eclipse Code Recommenders from our head update site [1] and assist in diagnosing the problem, that would be very much appreciated. To help us, please just follow the guide below (It takes only a few minutes): - Install Code Recommenders from [1]. - Open the "Model Repositories" view. - This triggers a download in a background job. - If the download finished successfully, you should see something like "3.775 known coordinates"). - If the download is unsuccessful, you should get a dialog that informs you about the problem and asks you to file a bug report. In either case, please just comment on this bug and tell us the following things about your proxy setup: - Did the download by Code Recommenders work? - Does you NTLM proxy require username/password or not? - Is you active provider under "General > Network Connections" set to "Manual" or "Native"? [1] <http://download.eclipse.org/recommenders/updates/head/>
Added Andrei and Saulo to this issue. Both helped diagnose Bug 422665 and volunteered (time permitting) to have a look at this one as well. @Andrei, Saulo: If you find time, please follow the instructions in Comment 3 and post your experiences here. Thank you.
Just got some very helpful from Andrei via e-mail. Here it is: === It took longer than expected but I tested it now. In order to install Code Recommenders I disabled authentication in the proxy, added the update side, installed and restarted. I then removed my Ip address from the proxy exception list so that authentication would again be required. I tried to run Help -> Install new software and I was again getting the proxy authentication error. All as expected. I then followed [3] to trigger a background download. As soon as I tried to open the view i got a pop-up entitled "Failed to Download Index" : We run a Cisco IronPort S170 proxy with NTLMSSP authentication,. The Eclipse Active provider is set to Native. Please note that after I install the fix from https://bugs.eclipse.org/bugs/show_bug.cgi?id=422665#c58 I can Eclipse Update and Market place client work BUT I get the Code Recomenders Pop-Up every time I start Eclispe :-( so I have un-installed Code Recommnders. I hope this helps. Best regards, Andrei === This is indeed very helpful. Thank you very much. There are IMHO two places where things can go wrong: First potential problem: We fail to read these settings correctly and pass wrong credentials to our network library. Andrei, can you thus please help us out a bit further? As none of the core Code Recommenders developers is at home under Windows, can you please tell us where (and under which Windows version) you have configured your NLTM proxy settings. As far as I know, there should be four settings you had to make *outside* of Eclipse (since you are using the "Native" proxy provider): * user name * password * workgroup * domain Second potential problem: the network library (under the covers it's Apache httpclient 4.2) has some problems with NTLM (see Bug 422665). Now, we don't use httpclient 4.2 directly, but through another layer called Eclipse Aether which currently insists on 4.2.x. However, if you are willing to test further, Andrei, I may be able to piece together a special version of Eclipse Aether that works with httpclient 4.1. You could then update Aether and thus downgrade httpclient and see whether things work. Another way to narrow it down is to exercise the one piece of code in Code Recommenders which still has to use httpclient *3.x*. If you could download the JUnit 4.11 JAR from Maven central [1], add it to a project's build path using "Build Path / Add External Archives" and then open the "Project Coordinates" view, you should see for Location "junit-4.11.jar" a coordinate of "junit:junit:4.11.0". If you hover over the coordinate, a tooltip should tell you "SHA-1 Fingerprint (Maven Central): junit:junit:4.11.0". If it says "unknown" instead, this indicates that httpclient 3.x doesn't work either. Last but not least, you can simply use the "silently ignore future download failures" checkbox if the popup is annoying but you still want to use those features of Code Recommenders that don't require model index (like Subwords completion or Snipmatch). No need to uninstall us just yet. ;-) Anyway, thank you very much for your effort, Andrei. It helps. [1] <http://search.maven.org/remotecontent?filepath=junit/junit/4.11/junit-4.11.jar>
what's our current state here, Andreas? Something to consider for Mars?
(In reply to Marcel Bruch from comment #6) > what's our current state here, Andreas? Something to consider for Mars? Given the current state of Apache HttpClient, I don't think we can get it to work in all cases where p2 (via ECF) does. Maybe its worth considering an Aether transport based on ECF? I'll ask on the Aether mailing list if such a thing already exists.
(In reply to Andreas Sewe from comment #7) > Maybe its worth considering an Aether transport based on ECF? I'll ask on > the Aether mailing list if such a thing already exists. For the record: <https://dev.eclipse.org/mhonarc/lists/aether-users/msg00594.html>
Hi, Snooping around to find a solution to this bug that causes the use of eclipse behind a corporate ntlmv2 to be very cumbersome, I came across this change to the httplclient4 http://stackoverflow.com/questions/916820/how-can-i-get-jcifs-to-play-nicely-with-apache-axis. I know most people use cntlm, but I cannot even install that. Java on the other hand is no problem. I am not an expert, but I hope this could lead to a solution. Thanks alot. Oyvind
I'm behind a NTLM proxy. Eclipse p2 works with native provider and disabling httpclient (https://wiki.eclipse.org/Disabling_Apache_Httpclient). Recommenders doesn't work. Recommenders version 2.4.10
(In reply to Ronald Sigmund from comment #10) > I'm behind a NTLM proxy. Eclipse p2 works with native provider and disabling > httpclient (https://wiki.eclipse.org/Disabling_Apache_Httpclient). > Recommenders doesn't work. > > Recommenders version 2.4.10 Hi Ronald, thank you for your report. The problem is that disabling Apache HttpClient only affects the p2 updater, but not Code Recommenders, which uses the Maven Resolver under the hood, which uses Apache HttpClient not matter what. I have opened Bug 525934 to track using a possible replacement of Apache HttpClient. It would be great if we could ping you once that replacement is ready to be tested, as we don't have a problematic NTLM setup available for testing ourselves. (Our only NTLM setup used the Squid proxy, which worked fine even with Apache HttpClient, but apparently some Microsoft(?) NTLM proxy upsets HttpClient.)
I'm behind a NTLM proxy. (proxy manual config with user/pass) Recommenders doesn't work. (MarketPlace and update checking are working) Recommenders version 2.5.3.v20180609-1554
