JDK-4720715 : FTP with user and password doesn't work through proxy
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 1.4.0
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: linux
  • CPU: x86
  • Submitted: 2002-07-25
  • Updated: 2003-04-12
  • Resolved: 2002-08-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
1.4.2 mantisFixed
Related Reports
Relates :  
Description

Name: nt126004			Date: 07/25/2002


FULL PRODUCT VERSION :
java version "1.4.0_01"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0_01-b03)
Java HotSpot(TM) Client VM (build 1.4.0_01-b03, mixed mode)


FULL OPERATING SYSTEM VERSION : glibc 2.1.3, kernel 2.2.19,
Linux Mandrake 7.1


ADDITIONAL OPERATING SYSTEMS : glibc 2.2.4, kernel 2.4.9,
Red Hat Linux 7.2



EXTRA RELEVANT SYSTEM CONFIGURATION :
Tested with Squid 2.4.STABLE7

A DESCRIPTION OF THE PROBLEM :
Using URL.openConnection() to fetch an FTP URL that includes
user and password does not work through a proxy.

For example, if I attempt to fetch
"ftp://lrquinn:###@###.###" through the
Squid HTTP proxy cache from Java, I receive a 403 response
and an error page that indicates that Squid tried to log in
anonymously. In my Squid access_log, the URL is recorded as
"ftp://fitch.math.uwaterloo.ca". However, if I use Mozilla
1.0 to request
"ftp://lrquinn:###@###.###" through
Squid, it works and the URL in the access_log is
"ftp://###@###.###".

Thus it appears that Java omits the user and password when
doing FTP through a proxy.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Request, using Java,
ftp://lrquinn:###@###.### through a
Squid proxy.
2. Note that Squid's access_log records the request as
ftp://fitch.math.uwaterloo.ca, whereas the same request
through a browser such as Mozilla 1.0 would result in the
request being logged as ftp://###@###.###.

EXPECTED VERSUS ACTUAL BEHAVIOR :
I expected to see Squid's access_log record the URL as
ftp://###@###.### and return content
indicating an incorrect password. Instead, Squid records the
URL as ftp://fitch.math.uwaterloo.ca and returns content
indicating that the anonymous login failed.

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.net.*;
import java.io.*;

public class ftpTest {
    public static void main(String[] args) {
        // This example assumes an FTP proxy running on localhost:3128
        System.setProperty("ftp.proxyHost", "localhost");
        System.setProperty("ftp.proxyPort", "3128");

        URLConnection conn = null;
        InputStream is = null;

        try {
            URL url = new URL("ftp://lrquinn:###@###.###");
            conn = url.openConnection();

            // The password is incorrect, so this should and does throw
            // an exception.
            is = conn.getInputStream();

        } catch (IOException ioe) {
            if (conn instanceof HttpURLConnection) {
                try {
                    is = ((HttpURLConnection)conn).getErrorStream();

                    // Print out the response.  I expect the response to say
                    // incorrect password, but it actually says that the user
                    // "anonymous" was rejected.  Looking in the proxy's log, I
                    // see that the user "lrquinn" is missing from the logged
                    // URL, suggesting that Java excluded the user and password
                    // when making the request.
                    for (;;) {
                        int ch = is.read();
                        if (ch == -1) break;

                        System.out.print((char)ch);
                    }
                } catch (IOException ignore) {
                }
            }

        } finally {
            if (is != null) {
                try {
                    is.close();
                } catch (IOException ignore) {
                }
            }
        }
    }
}

---------- END SOURCE ----------
(Review ID: 159719) 
======================================================================

Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: mantis mantis-b02 FIXED IN: mantis mantis-b02 INTEGRATED IN: mantis mantis-b02
2004-06-14

EVALUATION It seems the HTTP code do rewrite the URL when proxying, thus losing extra information like username/password from the original FTP URL. It comes from the fact that older proxies, like the Netscape proxy servers don't recognize that construct anyway. Will fix in Mantis. ###@###.### 2002-07-25
2002-07-25