Java : HTTP(S)/WebServices connections through NTLM proxy
It's due to a bug on the underlying implementation. It's described on Java 6 NTLM proxy authentication and HTTPS - has anyone got it to work?
Admin
Updated on June 16, 2022Comments
-
Admin almost 2 years
We have a java client side application deployed in our customer (a java application, not an applet). This application checks connectivity with an url.openConnection() and calls web services (with CXF/JAX-WS) through internet.
Some of our customer network use proxies to access to the external world. The client side application sets the proxy parameter in java system properties :
System.setProperty("proxySet", "true"); //Obsolete ? System.setProperty("http.keepAlive", "false"); System.setProperty("java.net.useSystemProxies", "false"); System.setProperty("https.proxyHost", httpsProxyHost); System.setProperty("https.proxyPort", httpsProxyPort); System.setProperty("https.proxyUser", httpsProxyUser); System.setProperty("https.proxyPassword", httpsProxyPassword); System.setProperty("http.proxyHost", httpProxyHost); System.setProperty("http.proxyPort", httpProxyPort); System.setProperty("http.proxyUser", httpProxyUser); System.setProperty("http.proxyPassword", httpProxyPassword); Authenticator.setDefault(new NtlmAuthenticator(httpsProxyUser, httpsProxyPassword));
The NtlmAuthenticator class :
public class NtlmAuthenticator extends Authenticator { private final String username; private final char[] password; public NtlmAuthenticator(final String username, final String password) { super(); this.username = username; this.password = password.toCharArray(); } public PasswordAuthentication getPasswordAuthentication() { return (new PasswordAuthentication (username, password)); }
}
We're using Java 6 (client side application embbed a JRE 1.6.0_39), and application is deployed on Windows (XP / Seven). I read that NTLM protocol is supported since 1.4.2 on Windows platform. So we made tests with a Trend proxy and succeed to perform NTLM proxy authentication (we see the 3 packets with Wireshark NTLMSSP_NEGOCIATE (from app) / NTLMSSP_CHALLENGE (from proxy) / NTLMSSP_AUTH (from app))
But with one of our customers, who use a Bluecoat proxy, NTLM authentication failed after NTLMSSP_CHALLENGE. With Wireshark, we only see the 2 first packets NTLMSSP_NEGOCIATE (from app) and NTLMSSP_CHALLENGE (from proxy), NTLMSSP_AUTH is never sent by our application. In the application we catch a SocketException : socket is closed
We also try to use jCIFS HttpUrlNltmHandler, but authentication failed too (same diagnostic).
I found this thread with similar issue but it doesn't provide any clues. I found also this thread about NTLM session security
Any ideas ?
Thanks.
Find the solution just by setting http.keepalive to true : System.setProperty("http.keepAlive", "true");
But i don't know why, with false value, it works with our Trend proxy and doesn't work with our customer's bluecoat proxy