hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From simone pacilli <dindonde...@yahoo.com>
Subject Re: how to execute CONNECT through an authenticated proxy to gain a plain socket
Date Fri, 07 Oct 2011 11:43:29 GMT
just to complete this thread:

opened issue
https://issues.apache.org/jira/browse/HTTPCLIENT-1132
on porting of ProxyClient to 4.x API
already resolved by Oleg Kalnichevski
thank you Oleg



________________________________
From: Oleg Kalnichevski <olegk@apache.org>
To: simone pacilli <dindondero0@yahoo.com>
Cc: "httpclient-users@hc.apache.org" <httpclient-users@hc.apache.org>
Sent: Monday, October 3, 2011 12:35 PM
Subject: Re: how to execute CONNECT through an authenticated proxy to gain a plain socket

On Sun, 2011-10-02 at 05:36 -0700, simone pacilli wrote:
> I am writing a program (with a server side and a client side) to establish a transport
layer for existing remote control programs like ssh, remote desktop, vnc etc. to connect between
client and server also if they are behind a proxy and or a firewall.
> To work with proxy, since i need to transport generic underling protocols, i need to
establish a http tunnel through proxy between the client side and the server side of my system.
So I need to gain a plain socket after establishing the tunnel, then construct over it an
SSLSocket and transmit data as simple bytes.
> First I used commons-httpclient 3.0 because i used the example http://svn.apache.org/repos/asf/httpcomponents/oac.hc3x/branches/COOKIE_2_BRANCH/src/examples/ProxyTunnelDemo.java
and it worked with squid and basic authentication in a test environment
> 
> Then, because in my production system there is a proxy with kerberos and ntlmv2 authentication,
and httpclient version 3 dosn't support this kind of authentication, I decided to use version
http-components 4.1.2.
> I started by the class OperatorConnectProxy in the exemples directory because it uses
an OperatedClientConnection that has a method getSocket() that works well for me and that
the ManagedConnections does not have it. I report the class OperatorConnectProxy here after.
> 

...

> Starting from this class I also need to perform authentication over the firewall. I tried
reading other examples and javadoc to suceed performing authentication, the following is the
actual code where I tried to have the tunnel with authentication out of the box but it does
not work.
> 
> 

...

> 
> Can you suggest me how do such a tunneling to the server through firewall with authentication
?

Simone,

HTTP authentication is a fairly complex subject. You can see how proxy
authentication is done by looking at the source of
DefaultRequestDirector 

http://hc.apache.org/httpcomponents-client-ga/httpclient/xref/org/apache/http/impl/client/DefaultRequestDirector.html#808

It is non-trivial, but doable.

Alternatively you can open a request in JIRA to have ProxyClient ported
from 3.1 to 4.x API in the next feature release.

Oleg
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message