hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1458) SystemDefaultCredentialsProvider authenticates with wrong protocol for https requests
Date Fri, 07 Feb 2014 21:02:25 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13895036#comment-13895036
] 

Oleg Kalnichevski commented on HTTPCLIENT-1458:
-----------------------------------------------

> From the tutorials I've read, Squid is typically configured to handle both http and https
on port 3128.

Right, but in both cases the initial connection is established with plain HTTP. In case of
HTTPS the initial connection is established using HTTP CONNECT and then is used as a tunnel
that merely passes all incoming and outgoing packets without modifications.  

Oleg

> SystemDefaultCredentialsProvider authenticates with wrong protocol for https requests
> -------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1458
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1458
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth, HttpClient
>    Affects Versions: 4.3.2
>         Environment: Client: Oracle Java 6/7. 
>            Reporter: Mat Gessel
>
> Java has system property settings for specifying proxies. Java has different properties
for "http" and "https". The purpose of HttpClient's SystemDefaultCredentialsProvider is to
delegate authentication to a java.net.Authenticator. Authenticator implementations commonly
use the proxy system properties. However, SDCP loses the differentiation between "http" and
"https"; it always requests auth for "http". 
> SystemDefaultCredentialsProvider always passes "http" as the protocol to Authenticator.requestPasswordAuthentication().
This can result in an HTTP status 407 or other 3rd party errors due to a protocol mismatch.
> Here is an example of a default Authenticator that will fail because it relies on the
https.proxyXXX properties. 
> Authenticator.setDefault(new Authenticator()
> {
>   @Override
>   protected PasswordAuthentication getPasswordAuthentication()
>   {
>     if (getRequestorType() == RequestorType.PROXY)
>     {
>       if ("https".equals(getRequestingProtocol().toLowerCase()))
>       {
>         String host = System.getProperty("https.proxyHost", "");
>         String port = System.getProperty("https.proxyPort", "443");
>         String user = System.getProperty("https.proxyUser", "");
>         String password = System.getProperty("https.proxyPassword", "");
>         if (getRequestingHost().equalsIgnoreCase(host))
>         {
>           if (port != null && port.equals(Integer.toString(getRequestingPort())))
>           {
>             return new PasswordAuthentication(user, password.toCharArray());
>           }
>         }
>       }
>     }
>     return null;
>   }
> });
> JRE 7 Networking Properties: 
> http://docs.oracle.com/javase/7/docs/api/java/net/doc-files/net-properties.html
> Workaround: 
>   IF: a single proxy is used and it supports http and https on the same port
>   THEN: set http.proxyXXX and https.proxyXXX system properties to the same host/port.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message