Hello,
I am using HttpClient 3.0. When I try to establish a HTTPS connection
through a proxy with Basic authentication, the connection fails, if the
credentials are not known and applied _before_ the first try.
What I try to do, is the following: I try to connect to the given URL. If
the proxy returns 407, I request proxy credentials from the user, set
them and retry, like in the following example code:
HttpClient client = new HttpClient(new MultiThreadedHttpConnectionManager());
URL url = new URL("https://examplehttpsurl";);
//first try
GetMethod get = new GetMethod(url.toExternalForm());
HostConfiguration hc = new HostConfiguration();
hc.setHost(url.getHost(), 443, "https");
hc.setProxy("proxyhost", 4711);
try {
client.executeMethod(hc, get);
} catch (Exception e){
LOG.error("",e);
} finally {
get.releaseConnection();
}
//returns 407 (expected)
LOG.debug("Answer: " + get.getStatusLine().toString());
//retry with credentials (normally requested from the user)
client.getState().setProxyCredentials(new AuthScope("proxyhost",4711),
new NTCredentials("USER", "PASS", "", ""));
get = new GetMethod(url.toExternalForm());
try {
client.executeMethod(hc, get);
} catch (Exception e) {
e.printStackTrace();
} finally {
get.releaseConnection();
}
//should be 200 but is 407
LOG.debug("Answer: " + get.getStatusLine().toString());
This fails, since the httpclient does not retry a CONNECT with Proxy
credentials but with a GET and does not apply the credentials:
CONNECT XXXXXXXXXXXXXXXXXXXXXXXXXX:443 HTTP/1.1
User-Agent: Jakarta Commons-HttpClient/3.0
Host: XXXXXXXXXXXXXXXXXXXXXXXXXX
Proxy-Connection: Keep-Alive
HTTP/1.0 407 Proxy Authentication Required
Server: squid/2.5.STABLE3
Mime-Version: 1.0
Date: Tue, 28 Feb 2006 16:45:21 GMT
Content-Type: text/html
Content-Length: 1334
Expires: Tue, 28 Feb 2006 16:45:21 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
X-Cache: MISS from XXXXXXXXXXXXXXXXX
X-Cache-Lookup: NONE from XXXXXXXXXXXXXXXXX:4711
Proxy-Connection: keep-alive
...
GET https://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX HTTP/1.1
User-Agent: Jakarta Commons-HttpClient/3.0
Host: XXXXXXXXXXXXXXXXXXXXXXXXXX
Proxy-Connection: Keep-Alive
HTTP/1.0 407 Proxy Authentication Required
Server: squid/2.5.STABLE3
Mime-Version: 1.0
Date: Tue, 28 Feb 2006 16:45:22 GMT
Content-Type: text/html
Content-Length: 1385
Expires: Tue, 28 Feb 2006 16:45:22 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
X-Cache: MISS from XXXXXXXXXXXXXXXXX
X-Cache-Lookup: NONE from XXXXXXXXXXXXXXXXX:4711
Proxy-Connection: keep-alive
...
According to http://issues.apache.org/bugzilla/show_bug.cgi?id=34740
this is a known issue that should have been fixed.
From what I see from HttpMethodDirector.executeWithRetry(final
HttpMethod method), the cause is, that the connection is kept open, and
thus the connect is never retried:
if (!this.conn.isOpen()) {
// this connection must be opened before it can be used
// This has nothing to do with opening a secure tunnel
this.conn.open();
if (this.conn.isProxied() && this.conn.isSecure()
&& !(method instanceof ConnectMethod)) {
// we need to create a secure tunnel before we can execute the real method
if (!executeConnect()) {
// abort, the connect method failed
return;
}
}
}
If I add a conn.close() before returning on !executeConnect(), the
above code will work, the CONNECT is reattempted.
Is this still a bug with CONNECT over SSL or me using HttpClient the
wrong way?
Thanks in advance.
Regards,
Olaf
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
