Menu
We have a java client side application deployed in our customer (a java application, not an applet). This application checks connectivity with an url.openConnection() and calls web services (with CXF/JAX-WS) through internet.
Some of our customer network use proxies to access to the external world. The client side application sets the proxy parameter in java system properties :
System.setProperty("proxySet", "true"); //Obsolete ?
System.setProperty("http.keepAlive", "false");
System.setProperty("java.net.useSystemProxies", "false");
System.setProperty("https.proxyHost", httpsProxyHost);
System.setProperty("https.proxyPort", httpsProxyPort);
System.setProperty("https.proxyUser", httpsProxyUser);
System.setProperty("https.proxyPassword", httpsProxyPassword);
System.setProperty("http.proxyHost", httpProxyHost);
System.setProperty("http.proxyPort", httpProxyPort);
System.setProperty("http.proxyUser", httpProxyUser);
System.setProperty("http.proxyPassword", httpProxyPassword);
Authenticator.setDefault(new NtlmAuthenticator(httpsProxyUser, httpsProxyPassword));
The NtlmAuthenticator class :
public class NtlmAuthenticator extends Authenticator {
private final String username;
private final char[] password;
public NtlmAuthenticator(final String username, final String password) {
super();
this.username = username;
this.password = password.toCharArray();
}
public PasswordAuthentication getPasswordAuthentication() {
return (new PasswordAuthentication (username, password));
}
}
We're using Java 6 (client side application embbed a JRE 1.6.0_39), and application is deployed on Windows (XP / Seven). I read that NTLM protocol is supported since 1.4.2 on Windows platform. So we made tests with a Trend proxy and succeed to perform NTLM proxy authentication (we see the 3 packets with Wireshark NTLMSSP_NEGOCIATE (from app) / NTLMSSP_CHALLENGE (from proxy) / NTLMSSP_AUTH (from app))
But with one of our customers, who use a Bluecoat proxy, NTLM authentication failed after NTLMSSP_CHALLENGE. With Wireshark, we only see the 2 first packets NTLMSSP_NEGOCIATE (from app) and NTLMSSP_CHALLENGE (from proxy), NTLMSSP_AUTH is never sent by our application. In the application we catch a SocketException : socket is closed
We also try to use jCIFS HttpUrlNltmHandler, but authentication failed too (same diagnostic).
I found this thread with similar issue but it doesn't provide any clues. I found also this thread about NTLM session security
Any ideas ?
Thanks.
Find the solution just by setting http.keepalive to true : System.setProperty("http.keepAlive", "true");
But i don't know why, with false value, it works with our Trend proxy and doesn't work with our customer's bluecoat proxy
989
It's due to a bug on the underlying implementation. It's described on Java 6 NTLM proxy authentication and HTTPS - has anyone got it to work?
86
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
