Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Java Web Start: Unable to tunnel through proxy since Java 8 Update 111

Some of our customers cannot run our Java Web Start client anymore since Java 8 Update 111. They get:

java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required

Looks like it has to do with this change:

Now, proxies requiring Basic authentication when setting up a tunnel for HTTPS will no longer succeed by default. If required, this authentication scheme can be reactivated by removing Basic from the jdk.http.auth.tunneling.disabledSchemes networking property, or by setting a system property of the same name to "" ( empty ) on the command line.

Is there any way if customers are not willing to change their proxy authentication method?

Note: Adding <property name="jdk.http.auth.tunneling.disabledSchemes" value=""/> to <resources> of the JNLP has no effect. This is because only a few properties are supported this way (there is a list near the bottom of this page). "jdk.http.auth.tunneling.disabledSchemes" is not among them.

like image 257
Marcus Avatar asked Jan 23 '17 12:01

Marcus


4 Answers

I found out that there is one way, but not in the hands of the developer: The user can add

-Djdk.http.auth.tunneling.disabledSchemes=""

for Java 8 in Java Control Panel → Java → View... → Runtime Parameters

for Java 9 in Java Control Panel → Desktop Settings → Runtime Parameters

like image 187
Marcus Avatar answered Nov 10 '22 03:11

Marcus


Beside the answer of mbee one can also configure this in the net.properties file of the jre:

C:\Program Files (x86)\Java\jre1.8.0_131\lib\net.properties

Currently last line 100 need to be commented out:

Before:

 #jdk.http.auth.proxying.disabledSchemes=
 jdk.http.auth.tunneling.disabledSchemes=Basic

After:

 #jdk.http.auth.proxying.disabledSchemes=
 #jdk.http.auth.tunneling.disabledSchemes=Basic

Note that both answers need to be repeated after a Java Update, although the Java Auto Update is deactivated with Basic Internet Proxy Authentication.

like image 20
jan Avatar answered Nov 10 '22 03:11

jan


If you require to do this at runtime you can set the value of the jdk.http.auth.proxying.disabledSchemes property by adding

System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");

to the main method of your application.

like image 7
bj03rnv0ss Avatar answered Nov 10 '22 02:11

bj03rnv0ss


I had this issue too while trying to access an external SOAP Webservice trough a Proxy-Server using BASIC-Authentification for an application running on Apache Tomcat.

Setting the property programmatically (System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");) during application initialization did not work. It had to be set as VM-Argument or (not very nice way of course :)) in [JRE_HOME]\lib\net.properties.

like image 1
David Elsener Avatar answered Nov 10 '22 04:11

David Elsener