United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-4433701 : some proxy authentication flavors not supported

Details
Type:
Enhancement
Submit Date:
2001-04-04
Status:
Closed
Updated Date:
2004-07-12
Project Name:
JDK
Resolved Date:
2004-07-12
Component:
deploy
OS:
windows_nt,windows_2000,windows_xp
Sub-Component:
webstart
CPU:
x86
Priority:
P4
Resolution:
Duplicate
Affected Versions:
1.0,1.2.0,1.4.2
Fixed Versions:

Related Reports
Duplicate:
Duplicate:
Duplicate:

Sub Tasks

Description
We only seem to support some flavors of proxy authentication.  We get a lot of
feedback about us not working with firewall A or proxy server B.  Here is one example

>From: ###@###.###
>Subject: Any conflict between JSSE and Java Webstart?
>To: ###@###.###
>MIME-version: 1.0
>Content-disposition: inline
>X-MIMETrack: Serialize by Router on AU-AAPMTA001/AU/INTL(Release 5.0.6 |December 14, 2000) at 04/04/2001 04:28:40 PM
>
>
>Steve,
>
>Thanks for your prompt reply.  Let me describe our problems more in
>details.
>
>Our Java application deployed by JavaWebstart1.0 got problem at client-side
>when it tried to establish HTTPS connection via client's password-protected
>firewall. ( NO ERROR with firewall without password protection).
>
>
>1.Client side Error message in  java webstart console:
>
>java.io.IOException: Unable to tunnel through 10.11.12.55:80.  Proxy returns "HTTP/1.1 407 Proxy authentication required"
>     at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
>     * * *
>
>details in nrmatest.txt
>(See attached file: nrmatest.txt)
>
>2. What we can get from our testing proxy (Basic authentication with base64
>encode)
>     Request sending to our proxy:
>
>     CONNECT 203.11.226.122:443 HTTP/1.0
>     User-Agent: JSSE
>
>     Response from our proxy
>
>     HTTP/1.0 407 Proxy Authentication Required
>     ................
>
>details in (See attached file: soap.test.txt)
>
>3.  Our Java application support HTTPS by using JSSE1.0.2.
>
>   public static void setupHTTPsSupport()
>  {
>
>     try
>     {
>      System.setProperty(
>        "java.protocol.handler.pkgs",
>        "com.sun.net.ssl.internal.www.protocol");
>
>      java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
>
>      // Work around for  JavaWebStart which requires this
>      // to be set as well. Note that in a usual application it wasn't required.
>      if (! isFactorySet)
>      {
>        URL.setURLStreamHandlerFactory(new URLStreamHandlerFactory() {
>        public URLStreamHandler createURLStreamHandler(final String protocol)
>        {
>          if (protocol!=null && protocol.equals("https")){
>            return new com.sun.net.ssl.internal.www.protocol.https.Handler();
>          }
>          return null;
>        }
>        });
>        isFactorySet = true;
>      }
>    }
>    catch (Exception ex)
>    {
>      System.err.println ("Failed to install SSL support in DefaultDecisionSystem.setupHTTPsSupport()");
>      ex.printStackTrace();
>    }
>  }
>
>
>4.  Welcome to our website to reproduce the error in HTTPS data
>communication via password-protected proxy firewall.
>
>          http://www.pwcdecision.com
>
>          user:          webstart
>          password:      webstart
>
>ERROR happened when you try the menu "Actions/run"  and choose
>"pwcdecision.com" from  combo box "solver" and click OK button.
>
>
>
>We just wondering whether Java Webstart1.0  is compatible to JSSE1.0.2
>component. And whether we made any mistakes in our code?
>
>Thanks for your kind attention. And your help will enable us to stick to
>Java Webstart.
>
>Hongbo Jin
>
>Java Developer
>PricewaterhouseCoopers (Sydney)
>

                                    

Comments
EVALUATION

Also just received a feedback saying some user agents (browsers) were not allowed to do http requests through a particular firewall!

>I've just traced the traffic and found out that our proxy checks the
>User-Agent mime header and only allows approved 'browsers'.  So I suppose
>this should change to a feature request to allow configuration of the
>User-Agent string.

-stephen.bohne@East 2001-04-05

the http.agent property was added to the list of secure properties in tiger as part of 5025084: allow http.agent property..

by setting this property in the jnlp file, applications can now control the user agent passed in http headers.
###@###.### 2004-07-12
                                     
2004-07-12



Hardware and Software, Engineered to Work Together