7

I have a Java webapp, running in Tomcat 6, that loads RSS feeds from remote URLs.

I use Rome to handle the RSS feeds and different formats for me. The connection part looks like like that :

try{
  feedSource = new URL(rssObject.getAsset());
}catch(MalformedURLException mue){
  logger.error(...);
  throw mue;
}

try{
    URLConnection connection = feedSource.openConnection();
    feed = new SyndFeedInput().build(new XmlReader(connection));
}catch(Exception){handle...}

The code works fine, except at this new client, where they use a proxy.

In order to use the proxy, I set the http.proxyHost and proxyPort system properties :

System.setProperty("http.proxyHost", proxyHost);
System.setProperty("http.proxyPort", proxyPort);
System.setProperty("https.proxyHost", proxyHost);
System.setProperty("https.proxyPort", proxyPort);

HTTP GET is made to the proxy alright, but now I get a HTTP 502 error (bad gateway or something similar).

Analysing the HTTP exchange with Wireshark, I noticed that the proxy is requiring authentication. It sends a HTTP 507. Java is somehow trying to authenticate but it uses the wrong username and passwords. It seems to use the host name as the username, as for the password I don't know.

So I tried to implement the Authenticator method of specifying a username+password :

Authenticator.setDefault(new Authenticator() {
            @Override
            protected PasswordAuthentication getPasswordAuthentication() {
                logger.info(MessageFormat.format("Generating PasswordAuthentitcation for proxy authentication, using username={0} and password={1}.", username, password));
                return new PasswordAuthentication(username, password.toCharArray());
            }
        });

Now my problem is that it is ignored. The getPasswordAuthentication method is never called. I don't see the logging statement in the log file and using Wireshark I can see that it still uses the host name as the user name.

Why ? It seems that java somehow tries to authenticate by itself without consulting the Authenticator.

The proxy seems to be a MS device that uses NTLM for authentication. Is there some built-in mechanism in java to handle this ? The machine on which the app runs is Win Server 2008 R2.

Improve this question

1 Answer 1

Reset to default
13

We did the same here for authenticating on a NTLM based proxy.

The authentication on the proxy is actually a normal HTTP Basic Authentication.

We used the following method:

protected URLConnection newURLConnection(URL pURL) throws IOException {
    URLConnection urlConnection = super.newURLConnection(pURL);

    String auth = new String(Base64.base64Encode(new String("username:password").getBytes()));
    auth = "Basic " + auth;
    urlConnection.setRequestProperty("Proxy-Connection","Keep-Alive");
    urlConnection.setRequestProperty("Proxy-Authorization",auth);
    return urlConnection;
}

That, together with the proxy jvm settings, did the trick.

See http://en.wikipedia.org/wiki/Basic_access_authentication.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.