United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-4720715 : FTP with user and password doesn't work through proxy

Details
Type:
Bug
Submit Date:
2002-07-25
Status:
Resolved
Updated Date:
2003-04-12
Project Name:
JDK
Resolved Date:
2002-08-15
Component:
core-libs
OS:
linux
Sub-Component:
java.net
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
1.4.0
Fixed Versions:
1.4.2 (mantis)

Related Reports
Relates:

Sub Tasks

Description

Name: nt126004			Date: 07/25/2002


FULL PRODUCT VERSION :
java version "1.4.0_01"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0_01-b03)
Java HotSpot(TM) Client VM (build 1.4.0_01-b03, mixed mode)


FULL OPERATING SYSTEM VERSION : glibc 2.1.3, kernel 2.2.19,
Linux Mandrake 7.1


ADDITIONAL OPERATING SYSTEMS : glibc 2.2.4, kernel 2.4.9,
Red Hat Linux 7.2



EXTRA RELEVANT SYSTEM CONFIGURATION :
Tested with Squid 2.4.STABLE7

A DESCRIPTION OF THE PROBLEM :
Using URL.openConnection() to fetch an FTP URL that includes
user and password does not work through a proxy.

For example, if I attempt to fetch
"ftp://lrquinn:###@###.###" through the
Squid HTTP proxy cache from Java, I receive a 403 response
and an error page that indicates that Squid tried to log in
anonymously. In my Squid access_log, the URL is recorded as
"ftp://fitch.math.uwaterloo.ca". However, if I use Mozilla
1.0 to request
"ftp://lrquinn:###@###.###" through
Squid, it works and the URL in the access_log is
"ftp://###@###.###".

Thus it appears that Java omits the user and password when
doing FTP through a proxy.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Request, using Java,
ftp://lrquinn:###@###.### through a
Squid proxy.
2. Note that Squid's access_log records the request as
ftp://fitch.math.uwaterloo.ca, whereas the same request
through a browser such as Mozilla 1.0 would result in the
request being logged as ftp://###@###.###.

EXPECTED VERSUS ACTUAL BEHAVIOR :
I expected to see Squid's access_log record the URL as
ftp://###@###.### and return content
indicating an incorrect password. Instead, Squid records the
URL as ftp://fitch.math.uwaterloo.ca and returns content
indicating that the anonymous login failed.

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.net.*;
import java.io.*;

public class ftpTest {
    public static void main(String[] args) {
        // This example assumes an FTP proxy running on localhost:3128
        System.setProperty("ftp.proxyHost", "localhost");
        System.setProperty("ftp.proxyPort", "3128");

        URLConnection conn = null;
        InputStream is = null;

        try {
            URL url = new URL("ftp://lrquinn:###@###.###");
            conn = url.openConnection();

            // The password is incorrect, so this should and does throw
            // an exception.
            is = conn.getInputStream();

        } catch (IOException ioe) {
            if (conn instanceof HttpURLConnection) {
                try {
                    is = ((HttpURLConnection)conn).getErrorStream();

                    // Print out the response.  I expect the response to say
                    // incorrect password, but it actually says that the user
                    // "anonymous" was rejected.  Looking in the proxy's log, I
                    // see that the user "lrquinn" is missing from the logged
                    // URL, suggesting that Java excluded the user and password
                    // when making the request.
                    for (;;) {
                        int ch = is.read();
                        if (ch == -1) break;

                        System.out.print((char)ch);
                    }
                } catch (IOException ignore) {
                }
            }

        } finally {
            if (is != null) {
                try {
                    is.close();
                } catch (IOException ignore) {
                }
            }
        }
    }
}

---------- END SOURCE ----------
(Review ID: 159719) 
======================================================================

                                    

Comments
EVALUATION

It seems the HTTP code do rewrite the URL when proxying, thus losing extra information like username/password from the original FTP URL.
It comes from the fact that older proxies, like the Netscape proxy servers don't recognize that construct anyway.

Will fix in Mantis.

###@###.### 2002-07-25
                                     
2002-07-25
CONVERTED DATA

BugTraq+ Release Management Values

COMMIT TO FIX:
mantis
mantis-b02

FIXED IN:
mantis
mantis-b02

INTEGRATED IN:
mantis
mantis-b02


                                     
2004-06-14



Hardware and Software, Engineered to Work Together