JDK-6973030 : NTLM proxy authentication fails with https
Type:Bug
Component:core-libs
Sub-Component:java.net
Affected Version:6u14
Priority:P3
Status:Closed
Resolution:Fixed
OS:windows
CPU:x86
Submitted:2010-07-29
Updated:2011-03-08
Resolved:2011-03-08
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
When a client running under Java 32 bit, 1.6.0_14, tries to connect to a server via https, and the Internet traffic goes through a NTLM authenticating proxy, this will fails. The client is using java.net.HttpUrlConnection.
EVALUATION
Send the "Proxy-Connection: keep-alive" header with HTTP CONNECT requests for compatibility with HTTP/1.0 proxies such as Squid. This is required for NTLM authentication.
Links for more context/reference on this bug:
http://bugs.squid-cache.org/show_bug.cgi?id=2022
https://bugzilla.mozilla.org/show_bug.cgi?id=201054
http://code.google.com/p/chromium/issues/detail?id=8771
29-07-2010
SUGGESTED FIX
As described on http://stackoverflow.com/questions/1326849/java-6-ntlm-proxy-authentication-and-https-has-anyone-got-it-to-work
add the following code to HttpURLConnection.java
if (http.getHttpKeepAliveSet()) {
if (http.usingProxy) {
requests.setIfNotSet("Proxy-Connection", "keep-alive");
}
}
in HttpURLConnection.sendCONNECTRequest()
before
setPreemptiveProxyAuthentication(requests);
http.writeRequests(requests, null);
at line 1574