3

I'm trying to connect to an url by proxy with NTLM authentication.

    proxy = new Proxy( Proxy.Type.HTTP, new InetSocketAddress( host, 80 ) );
    Authenticator.setDefault(new Authenticator() {
        @Override
        protected PasswordAuthentication getPasswordAuthentication() {
            logger.info("Getting password authentication...");
            return new PasswordAuthentication(
                    "DOMAIN\\user",
                    "password".toCharArray() ) ;
        }
    });
    connection = (HttpURLConnection) url.openConnection( proxy );
    String credentials = username + ":" + password;
    String basicAuth = "Basic " + Base64.encode( credentials.getBytes() );
    connection.setRequestProperty( "Authorization", basicAuth );
    connection.setRequestMethod( "GET" );

    //username/password above != user/pass below
    String proxyAuth = Base64.encode( ("user:pass").getBytes() );
    proxyAuth = "Basic " + proxyAuth;
    connection.setRequestProperty( "Proxy-Connection", "Keep-Alive" );
    connection.setRequestProperty( "Proxy-Authorization", proxyAuth );

    connection.connect();

Everyting works fine on Windows, but its because of:

JDK-Based NTLM Authentication

When Sun released the 1.4.2 version of the JDK, they slipped in support for native NTLM authentication on Windows.

But on configuration:

Red Hat Enterprise Linux Server release 6.8

java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9.x86_64

or

java-1.8.0_162 oracle

Im getting this error:

java.lang.NullPointerException
    at com.sun.security.ntlm.Client.type3(Client.java:161)
    at sun.net.www.protocol.http.ntlm.NTLMAuthentication.buildType3Msg(NTLMAuthentication.java:250)
    at sun.net.www.protocol.http.ntlm.NTLMAuthentication.setHeaders(NTLMAuthentication.java:225)
    at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:2114)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)

Found this bug described: JDK-8151788 where clearly says:

Resolved In Build: b128

Am I missing something very simple about that? Is there any way I can deal with that problem by HttpURLConnection or should I find something else? Any suggestions are appreciated!

@Edit

I added logging to getPasswordAuthentication() and it seems like its never inside. It led me to this topic and actually NullPointerException is no longer there. Now I'm getting:

java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 authenticationrequired"

Improve this question
5
  • Have you checked that ntlm authentication works on the local machine without java? Commented Jan 19, 2018 at 16:48
  • You mean if credentials are correct? Yes, Im using this proxy in some other apps Commented Jan 19, 2018 at 17:06
  • You can provide a tcpdump capture ? Commented Jan 22, 2018 at 13:52
  • 1
    Here you can find openjdk's implementation : river-tiger.com/ntlm/NTLM.zip . Unzip and run with the jar file from this archive. Commented Jan 22, 2018 at 13:53
  • Sorry, I don't have access to provide tcpdump and also can't download your zip (company firewall), but thanks a lot for your time ;) Commented Jan 23, 2018 at 12:34

2 Answers 2

Reset to default
1

The build b128 is a Java 9 build, and unluckily it seems it was not ported on Java 8 (I can't find any NTLM bug in any of the Java 8 bug fixes list such as http://www.oracle.com/technetwork/java/javase/2col/8u161-bugfixes-4021380.html ) Maybe could you try running your app with an old openjdk's ntlm implementation that is working well. I have one with me but I'm not sure how to send you this jar file.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I added again here ntlm-openjdk.zip , Base64.java and this example NTLM_ProxyClient.java. I won't give support, if you need information please check davenport documentation first.
-1

I found little workaround for my problem.

StringBuilder commandBuilder = new StringBuilder();
    commandBuilder.append( "curl -s " )
            .append( "--proxy $PXHOST:$PXPORT " )
            .append( "--proxy-user $PXUSER:$PXPASS " )
            .append( "--user $SNUSER:$SNPASS " )
            .append( "--url \"" ).append( requestURL ).append( "\" " )
            .append( "--request GET " )
            .append( "--header \"Accept:application/json\" " )
            .append( "--header \"Content-Type:application/json\"" );
ProcessBuilder processBuilder = new ProcessBuilder( "/bin/bash", 
            "-c", commandBuilder.toString() );

I don't find this solution any good, but its enough for me at this moment.

Improve this answer

2 Comments

It's awful. Did you try with "my" ntlm jar file ?
And where is above "String Builder" solution do you use NTLM ??

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.