JDK-8334079 : httpclient does not support kerberos authentication for proxies
  • Type: Enhancement
  • Component: core-libs
  • Sub-Component: java.net
  • Priority: P4
  • Status: New
  • Resolution: Unresolved
  • OS: generic
  • CPU: generic
  • Submitted: 2024-06-05
  • Updated: 2024-06-12
Description
A DESCRIPTION OF THE PROBLEM :
HttpURLConnection supports Negotiate (Kerberos) authentication out of the box when sun.security.jgss.native is enabled.
httpclient does not.

Please add Negotiate support to httpclient as well

Please support k
Comments
Additional information from the submitter: I did a quick test: I used the following JRE options: -Djavax.net.ssl.trustStoreType=WINDOWS-ROOT -Dsun.security.jgss.native=true -Djavax.security.auth.useSubjectCredsOnly=false String urlString = "https://google.de"; Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("proxy", 8080)); try { HttpURLConnection conn = (HttpURLConnection) new URL(urlString).openConnection(proxy); if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) { // success BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream())); String inputLine; StringBuffer response = new StringBuffer(); while ((inputLine = in.readLine()) != null) { response.append(inputLine); } in.close(); // print result System.out.println(response.toString()); } } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } -> Works with Kerberos out of the box HttpClient client = HttpClient.newBuilder() .version(Version.HTTP_2) .proxy(ProxySelector.of(new InetSocketAddress("proxy", 8080))) .build(); HttpRequest request = HttpRequest.newBuilder() .uri(URI.create("http://google.com")) .build(); client.sendAsync(request, BodyHandlers.ofString()) .thenApply(HttpResponse::body) .thenAccept(System.out::println) .join(); -> does not and /src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java seems to be used only by: src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java I cannot see a reference in httpclient code.
12-06-2024
Requested more details from the submitter. Moved to JDK.
12-06-2024