[
https://issues.apache.org/jira/browse/HTTPCLIENT-1458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13895036#comment-13895036
]
Oleg Kalnichevski commented on HTTPCLIENT-1458:
-----------------------------------------------
> From the tutorials I've read, Squid is typically configured to handle both
> http and https on port 3128.
Right, but in both cases the initial connection is established with plain HTTP.
In case of HTTPS the initial connection is established using HTTP CONNECT and
then is used as a tunnel that merely passes all incoming and outgoing packets
without modifications.
Oleg
> SystemDefaultCredentialsProvider authenticates with wrong protocol for https
> requests
> -------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1458
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1458
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.3.2
> Environment: Client: Oracle Java 6/7.
> Reporter: Mat Gessel
>
> Java has system property settings for specifying proxies. Java has different
> properties for "http" and "https". The purpose of HttpClient's
> SystemDefaultCredentialsProvider is to delegate authentication to a
> java.net.Authenticator. Authenticator implementations commonly use the proxy
> system properties. However, SDCP loses the differentiation between "http" and
> "https"; it always requests auth for "http".
> SystemDefaultCredentialsProvider always passes "http" as the protocol to
> Authenticator.requestPasswordAuthentication(). This can result in an HTTP
> status 407 or other 3rd party errors due to a protocol mismatch.
> Here is an example of a default Authenticator that will fail because it
> relies on the https.proxyXXX properties.
> Authenticator.setDefault(new Authenticator()
> {
> @Override
> protected PasswordAuthentication getPasswordAuthentication()
> {
> if (getRequestorType() == RequestorType.PROXY)
> {
> if ("https".equals(getRequestingProtocol().toLowerCase()))
> {
> String host = System.getProperty("https.proxyHost", "");
> String port = System.getProperty("https.proxyPort", "443");
> String user = System.getProperty("https.proxyUser", "");
> String password = System.getProperty("https.proxyPassword", "");
> if (getRequestingHost().equalsIgnoreCase(host))
> {
> if (port != null &&
> port.equals(Integer.toString(getRequestingPort())))
> {
> return new PasswordAuthentication(user, password.toCharArray());
> }
> }
> }
> }
> return null;
> }
> });
> JRE 7 Networking Properties:
> http://docs.oracle.com/javase/7/docs/api/java/net/doc-files/net-properties.html
> Workaround:
> IF: a single proxy is used and it supports http and https on the same port
> THEN: set http.proxyXXX and https.proxyXXX system properties to the same
> host/port.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
