Java Proxy Authentication

Question

I have a Java webapp, running in Tomcat 6, that loads RSS feeds from remote URLs.

I use Rome to handle the RSS feeds and different formats for me. The connection part looks like like that :

try{
  feedSource = new URL(rssObject.getAsset());
}catch(MalformedURLException mue){
  logger.error(...);
  throw mue;
}

try{
    URLConnection connection = feedSource.openConnection();
    feed = new SyndFeedInput().build(new XmlReader(connection));
}catch(Exception){handle...}

The code works fine, except at this new client, where they use a proxy.

In order to use the proxy, I set the http.proxyHost and proxyPort system properties :

System.setProperty("http.proxyHost", proxyHost);
System.setProperty("http.proxyPort", proxyPort);
System.setProperty("https.proxyHost", proxyHost);
System.setProperty("https.proxyPort", proxyPort);

HTTP GET is made to the proxy alright, but now I get a HTTP 502 error (bad gateway or something similar).

Analysing the HTTP exchange with Wireshark, I noticed that the proxy is requiring authentication. It sends a HTTP 507. Java is somehow trying to authenticate but it uses the wrong username and passwords. It seems to use the host name as the username, as for the password I don't know.

So I tried to implement the Authenticator method of specifying a username+password :

Authenticator.setDefault(new Authenticator() {
            @Override
            protected PasswordAuthentication getPasswordAuthentication() {
                logger.info(MessageFormat.format("Generating PasswordAuthentitcation for proxy authentication, using username={0} and password={1}.", username, password));
                return new PasswordAuthentication(username, password.toCharArray());
            }
        });

Now my problem is that it is ignored. The getPasswordAuthentication method is never called. I don't see the logging statement in the log file and using Wireshark I can see that it still uses the host name as the user name.

Why ? It seems that java somehow tries to authenticate by itself without consulting the Authenticator.

The proxy seems to be a MS device that uses NTLM for authentication. Is there some built-in mechanism in java to handle this ? The machine on which the app runs is Win Server 2008 R2.

Answer 1

We did the same here for authenticating on a NTLM based proxy.

The authentication on the proxy is actually a normal HTTP Basic Authentication.

We used the following method:

protected URLConnection newURLConnection(URL pURL) throws IOException {
    URLConnection urlConnection = super.newURLConnection(pURL);

    String auth = new String(Base64.base64Encode(new String("username:password").getBytes()));
    auth = "Basic " + auth;
    urlConnection.setRequestProperty("Proxy-Connection","Keep-Alive");
    urlConnection.setRequestProperty("Proxy-Authorization",auth);
    return urlConnection;
}

That, together with the proxy jvm settings, did the trick.

See http://en.wikipedia.org/wiki/Basic_access_authentication.