-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
1.4.2
-
x86
-
windows_xp
FULL PRODUCT VERSION :
java version "1.4.2_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_06-b03)
Java HotSpot(TM) Client VM (build 1.4.2_06-b03, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
Squid 2.5 proxy server with NTLM authentication enabled
A DESCRIPTION OF THE PROBLEM :
After moving his intranet site to an https url, our customer could no longer use embedded applets.
When trying to load jars from an https url via squid proxy with NTLM authentication, the plugin has trouble performing the NTLM handshake. Apparently the proxy closes the connection after the second handshake stage (announcing to do so in its http response), so the plugin has to open a new connection for the third stage. However, the request sent over this connection is garbled, missing the initial CONNECT... line.
Comparing the plugin's handshake attempts to the successful ones of the embedding browser (Firefox), one sees that the latter includes the http header "Proxy-Connection: keep-alive", and the proxy does not close the connection after the second stage. Moreover, when loading jars from a non-ssl site, the plugin also includes this header into its requests and handshake with the proxy succeeds.
Transcript of unsuccessful handshake attempt follows:
==== First Request ====
CONNECT somehost.somedomain.de:443 HTTP/1.1
cookie: JSESSIONID=0ae1041e2ee3df45fee861a540ad9308be93738b6b34
User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.4.2_05
Host: 192.192.42.43
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
==== First Response ====
HTTP/1.0 407 Proxy Authentication Required
Server: squid/2.5.STABLE5
Mime-Version: 1.0
Date: Fri, 10 Sep 2004 08:44:34 GMT
Content-Type: text/html
Content-Length: 1317
Expires: Fri, 10 Sep 2004 08:44:34 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
X-Cache: MISS from squid.mydomain.de
Proxy-Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><!-- Squid error page omitted --></HTML>
==== Second Request ====
CONNECT somehost.somedomain.de:443 HTTP/1.1
cookie: JSESSIONID=0ae1041e2ee3df45fee861a540ad9308be93738b6b34
User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.4.2_05
Host: 192.192.42.43
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Proxy-authorization: NTLM TlRMTVNTUAABAA... // Auth info omitted
==== Second Response ====
HTTP/1.0 407 Proxy Authentication Required
Server: squid/2.5.STABLE5
Mime-Version: 1.0
Date: Fri, 10 Sep 2004 08:44:34 GMT
Content-Type: text/html
Content-Length: 1317
Expires: Fri, 10 Sep 2004 08:44:34 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: NTLM TlRMTVNTUAACAA... // Auth info omitted
X-Cache: MISS from squid.mydomain.de
Proxy-Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><!-- Squid error page omitted --></HTML>
==== Third Request (garbled) ====
cookie: JSESSIONID=0ae1041e2ee3df45fee861a540ad9308be93738b6b34
User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.4.2_05
Host: 192.192.42.43
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Proxy-authorization: NTLM TlRMTVNTUAADAA... // Auth info omitted
==== Third Response ====
HTTP/1.0 400 Bad Request
Server: squid/2.5.STABLE5
Mime-Version: 1.0
Date: Fri, 10 Sep 2004 08:44:34 GMT
Content-Type: text/html
Content-Length: 1584
Expires: Fri, 10 Sep 2004 08:44:34 GMT
X-Squid-Error: ERR_INVALID_REQ 0
X-Cache: MISS from squid.mydomain.de
Proxy-Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><!-- Squid error page omitted --></HTML>
==============
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Set up squid proxy with NTLM authentication
Load applet from an https url
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Applet runs.
ACTUAL -
Loading applet fails.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Browser status line shows "Applet notinited" and the Java Console displays the following stack trace:
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.0 400 Bad Request"
at sun.net.www.protocol.http.HttpURLConnection.doTunneling(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.setProxiedClient(Unknown Source)
at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.superConnect(Unknown Source)
at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at sun.plugin.net.protocol.http.HttpUtils.followRedirects(Unknown Source)
at sun.plugin.cache.CachedJarLoader.isUpToDate(Unknown Source)
at sun.plugin.cache.CachedJarLoader.loadFromCache(Unknown Source)
at sun.plugin.cache.CachedJarLoader.load(Unknown Source)
at sun.plugin.cache.JarCache.get(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
at sun.misc.URLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getResource(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
java.lang.NullPointerException
at sun.net.www.protocol.http.HttpURLConnection.doTunneling(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.setProxiedClient(Unknown Source)
at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.superConnect(Unknown Source)
at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at sun.plugin.cache.CachedJarLoader.load(Unknown Source)
at sun.plugin.cache.JarCache.get(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
at sun.misc.URLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getResource(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
REPRODUCIBILITY :
This bug can be reproduced always.
###@###.### 2004-12-09 16:04:36 GMT
java version "1.4.2_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_06-b03)
Java HotSpot(TM) Client VM (build 1.4.2_06-b03, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
Squid 2.5 proxy server with NTLM authentication enabled
A DESCRIPTION OF THE PROBLEM :
After moving his intranet site to an https url, our customer could no longer use embedded applets.
When trying to load jars from an https url via squid proxy with NTLM authentication, the plugin has trouble performing the NTLM handshake. Apparently the proxy closes the connection after the second handshake stage (announcing to do so in its http response), so the plugin has to open a new connection for the third stage. However, the request sent over this connection is garbled, missing the initial CONNECT... line.
Comparing the plugin's handshake attempts to the successful ones of the embedding browser (Firefox), one sees that the latter includes the http header "Proxy-Connection: keep-alive", and the proxy does not close the connection after the second stage. Moreover, when loading jars from a non-ssl site, the plugin also includes this header into its requests and handshake with the proxy succeeds.
Transcript of unsuccessful handshake attempt follows:
==== First Request ====
CONNECT somehost.somedomain.de:443 HTTP/1.1
cookie: JSESSIONID=0ae1041e2ee3df45fee861a540ad9308be93738b6b34
User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.4.2_05
Host: 192.192.42.43
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
==== First Response ====
HTTP/1.0 407 Proxy Authentication Required
Server: squid/2.5.STABLE5
Mime-Version: 1.0
Date: Fri, 10 Sep 2004 08:44:34 GMT
Content-Type: text/html
Content-Length: 1317
Expires: Fri, 10 Sep 2004 08:44:34 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
X-Cache: MISS from squid.mydomain.de
Proxy-Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><!-- Squid error page omitted --></HTML>
==== Second Request ====
CONNECT somehost.somedomain.de:443 HTTP/1.1
cookie: JSESSIONID=0ae1041e2ee3df45fee861a540ad9308be93738b6b34
User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.4.2_05
Host: 192.192.42.43
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Proxy-authorization: NTLM TlRMTVNTUAABAA... // Auth info omitted
==== Second Response ====
HTTP/1.0 407 Proxy Authentication Required
Server: squid/2.5.STABLE5
Mime-Version: 1.0
Date: Fri, 10 Sep 2004 08:44:34 GMT
Content-Type: text/html
Content-Length: 1317
Expires: Fri, 10 Sep 2004 08:44:34 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: NTLM TlRMTVNTUAACAA... // Auth info omitted
X-Cache: MISS from squid.mydomain.de
Proxy-Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><!-- Squid error page omitted --></HTML>
==== Third Request (garbled) ====
cookie: JSESSIONID=0ae1041e2ee3df45fee861a540ad9308be93738b6b34
User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.4.2_05
Host: 192.192.42.43
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Proxy-authorization: NTLM TlRMTVNTUAADAA... // Auth info omitted
==== Third Response ====
HTTP/1.0 400 Bad Request
Server: squid/2.5.STABLE5
Mime-Version: 1.0
Date: Fri, 10 Sep 2004 08:44:34 GMT
Content-Type: text/html
Content-Length: 1584
Expires: Fri, 10 Sep 2004 08:44:34 GMT
X-Squid-Error: ERR_INVALID_REQ 0
X-Cache: MISS from squid.mydomain.de
Proxy-Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><!-- Squid error page omitted --></HTML>
==============
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Set up squid proxy with NTLM authentication
Load applet from an https url
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Applet runs.
ACTUAL -
Loading applet fails.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Browser status line shows "Applet notinited" and the Java Console displays the following stack trace:
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.0 400 Bad Request"
at sun.net.www.protocol.http.HttpURLConnection.doTunneling(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.setProxiedClient(Unknown Source)
at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.superConnect(Unknown Source)
at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at sun.plugin.net.protocol.http.HttpUtils.followRedirects(Unknown Source)
at sun.plugin.cache.CachedJarLoader.isUpToDate(Unknown Source)
at sun.plugin.cache.CachedJarLoader.loadFromCache(Unknown Source)
at sun.plugin.cache.CachedJarLoader.load(Unknown Source)
at sun.plugin.cache.JarCache.get(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
at sun.misc.URLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getResource(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
java.lang.NullPointerException
at sun.net.www.protocol.http.HttpURLConnection.doTunneling(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.setProxiedClient(Unknown Source)
at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.superConnect(Unknown Source)
at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at sun.plugin.cache.CachedJarLoader.load(Unknown Source)
at sun.plugin.cache.JarCache.get(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
at sun.misc.URLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getResource(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
REPRODUCIBILITY :
This bug can be reproduced always.
###@###.### 2004-12-09 16:04:36 GMT
- duplicates
-
-
- Resolved
-