Java Web Start: Unable to tunnel through proxy since Java 8 Update 111

Question

Some of our customers cannot run our Java Web Start client anymore since Java 8 Update 111. They get:

java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required

Looks like it has to do with this change:

Now, proxies requiring Basic authentication when setting up a tunnel for HTTPS will no longer succeed by default. If required, this authentication scheme can be reactivated by removing Basic from the jdk.http.auth.tunneling.disabledSchemes networking property, or by setting a system property of the same name to "" ( empty ) on the command line.

Is there any way if customers are not willing to change their proxy authentication method?

Note: Adding <property name="jdk.http.auth.tunneling.disabledSchemes" value=""/> to <resources> of the JNLP has no effect. This is because only a few properties are supported this way (there is a list near the bottom of this page). "jdk.http.auth.tunneling.disabledSchemes" is not among them.

Answer 1

I found out that there is one way, but not in the hands of the developer: The user can add

-Djdk.http.auth.tunneling.disabledSchemes=""

for Java 8 in Java Control Panel → Java → View... → Runtime Parameters

for Java 9 in Java Control Panel → Desktop Settings → Runtime Parameters

Answer 2

Beside the answer of mbee one can also configure this in the net.properties file of the jre:

C:\Program Files (x86)\Java\jre1.8.0_131\lib\net.properties

Currently last line 100 need to be commented out:

Before:

 #jdk.http.auth.proxying.disabledSchemes=
 jdk.http.auth.tunneling.disabledSchemes=Basic

After:

 #jdk.http.auth.proxying.disabledSchemes=
 #jdk.http.auth.tunneling.disabledSchemes=Basic

Note that both answers need to be repeated after a Java Update, although the Java Auto Update is deactivated with Basic Internet Proxy Authentication.

Answer 3

If you require to do this at runtime you can set the value of the jdk.http.auth.proxying.disabledSchemes property by adding

System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");

to the main method of your application.

Answer 4

I had this issue too while trying to access an external SOAP Webservice trough a Proxy-Server using BASIC-Authentification for an application running on Apache Tomcat.

Setting the property programmatically (System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");) during application initialization did not work. It had to be set as VM-Argument or (not very nice way of course :)) in [JRE_HOME]\lib\net.properties.