-
Bug
-
Resolution: Unresolved
-
P3
-
None
-
17, 22
A DESCRIPTION OF THE PROBLEM :
I want send a HTTPS request via `java.net.http.HttpClient` like this:
HttpClient -> Proxy Server ( authentication required ) -> Target Server ( HTTP Header `Authorization` required ).
However, in JDK 17, this can NOT work fine.
This all works fine using the third-party HttpClient library. e.g. Apache HttpClient.
Because, JDK will forcibly delete the Authorization request header we set.
Proxy server's authentication requires HTTP header `Proxy-Authorization`, Target server's authentication requires HTTP header `Authorization`.
The two cannot be confused ! However, JDK 17 only allows one !
I've seenJDK-8306745 and JDK-8326949 have reported this issue.
However, developer Daniel Fuchs mistakenly interpreted this as being designed this way. This is an extremely wrong understanding !
REGRESSION : Last worked in version 11.0.24
---------- BEGIN SOURCE ----------
@Test
public void testProxy() throws IOException, InterruptedException {
// please input actual proxy server's info
String proxyIP = "1.1.1.1";
int proxyPort = 8899;
String proxyUsername = "proxyUsername", proxyPassword = "proxyPassword";
// enable basic authorization
System.setProperty("jdk.http.auth.proxying.disabledSchemes", "");
System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");
HttpClient client = HttpClient.newBuilder()
.proxy(ProxySelector.of(new InetSocketAddress(proxyIP, proxyPort)))
.authenticator(new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
if (getRequestorType() != RequestorType.PROXY) {
return null;
}
return new PasswordAuthentication(proxyUsername, proxyPassword.toCharArray());
}
})
.build();
HttpResponse<String> response = client.send(HttpRequest.newBuilder(URI.create("xxxxxxxx"))
.setHeader("Authorization", getBasicAuthenticationHeader("foo", "bar"))
.build(), HttpResponse.BodyHandlers.ofString());
System.out.println(response.statusCode());
System.out.println(response.body());
}
private static String getBasicAuthenticationHeader(String username, String password) {
String valueToEncode = username + ":" + password;
return "Basic " + Base64.getEncoder().encodeToString(valueToEncode.getBytes());
}
---------- END SOURCE ----------
FREQUENCY : always
I want send a HTTPS request via `java.net.http.HttpClient` like this:
HttpClient -> Proxy Server ( authentication required ) -> Target Server ( HTTP Header `Authorization` required ).
However, in JDK 17, this can NOT work fine.
This all works fine using the third-party HttpClient library. e.g. Apache HttpClient.
Because, JDK will forcibly delete the Authorization request header we set.
Proxy server's authentication requires HTTP header `Proxy-Authorization`, Target server's authentication requires HTTP header `Authorization`.
The two cannot be confused ! However, JDK 17 only allows one !
I've seen
However, developer Daniel Fuchs mistakenly interpreted this as being designed this way. This is an extremely wrong understanding !
REGRESSION : Last worked in version 11.0.24
---------- BEGIN SOURCE ----------
@Test
public void testProxy() throws IOException, InterruptedException {
// please input actual proxy server's info
String proxyIP = "1.1.1.1";
int proxyPort = 8899;
String proxyUsername = "proxyUsername", proxyPassword = "proxyPassword";
// enable basic authorization
System.setProperty("jdk.http.auth.proxying.disabledSchemes", "");
System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");
HttpClient client = HttpClient.newBuilder()
.proxy(ProxySelector.of(new InetSocketAddress(proxyIP, proxyPort)))
.authenticator(new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
if (getRequestorType() != RequestorType.PROXY) {
return null;
}
return new PasswordAuthentication(proxyUsername, proxyPassword.toCharArray());
}
})
.build();
HttpResponse<String> response = client.send(HttpRequest.newBuilder(URI.create("xxxxxxxx"))
.setHeader("Authorization", getBasicAuthenticationHeader("foo", "bar"))
.build(), HttpResponse.BodyHandlers.ofString());
System.out.println(response.statusCode());
System.out.println(response.body());
}
private static String getBasicAuthenticationHeader(String username, String password) {
String valueToEncode = username + ":" + password;
return "Basic " + Base64.getEncoder().encodeToString(valueToEncode.getBytes());
}
---------- END SOURCE ----------
FREQUENCY : always
- relates to
-
JDK-8326949 Authorization header is removed when a proxy Authenticator is set on HttpClient
-
- Resolved
-