You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by bu...@apache.org on 2002/03/22 22:22:06 UTC

DO NOT REPLY [Bug 7373] New: - HTTPSender does not support HTTPS through an Auth. Proxy

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7373>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7373

HTTPSender does not support HTTPS through an Auth. Proxy

           Summary: HTTPSender does not support HTTPS through an Auth. Proxy
           Product: Axis
           Version: beta-1
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Basic Architecture
        AssignedTo: axis-dev@xml.apache.org
        ReportedBy: dale5540@hotmail.com


HTTPSender needs to supply the Proxy-Authorization String when connecting to an 
Authenticating proxy when doing HTTPS.

Consider changing:
        out.print("CONNECT " + host + ":" + port + " HTTP/1.0\n"
                  + "User-Agent: AxisClient"
                  + "\r\n\r\n");

To:

        String tunnelUser = System.getProperty("https.proxyUser");
        String tunnelPassword = System.getProperty("https.proxyPassword");
        if (tunnelUser == null) tunnelUser = 
               System.getProperty("http.proxyUser");
        if (tunnelPassword == null) tunnelPassword = 
               System.getProperty("http.proxyPassword");

        String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n"
                 + "User-Agent: AxisClient";

        if (tunnelUser != null && tunnelPassword != null) {
            //add basic authentication header for the proxy
            sun.misc.BASE64Encoder enc = new sun.misc.BASE64Encoder();
            String encodedPassword = 
                 enc.encode((tunnelUser + ":" + tunnelPassword).getBytes());
            msg = msg + "\nProxy-Authorization: Basic " + encodedPassword;
        }
        msg = msg + "\nContent-Length: 0";
        msg = msg + "\nPragma: no-cache";
        msg = msg + "\r\n\r\n";
        out.print(msg);



Or even better lookup the UserName and Password from the java.net.Authenticator 
class instead of System Properties (more secure, cant see password with a ps)

	PasswordAuthentication pa = 
                  Authenticator.requestPasswordAuthentication(
                     InetAddress.getByName(tunnelHost),
                     tunnelPort, "SOCK", "Proxy","HTTP");
	if(pa == null){
		printDebug("No Authenticator set.");
	}else{
		printDebug("Using Authenticator.");
		tunnelUserName = pa.getUserName();
		tunnelPassword = new String(pa.getPassword());
	}