DO NOT REPLY [Bug 7373] New: - HTTPSender does not support HTTPS through an Auth. Proxy

Fri, 22 Mar 2002 13:03:30 -0800 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7373>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7373

HTTPSender does not support HTTPS through an Auth. Proxy

           Summary: HTTPSender does not support HTTPS through an Auth. Proxy
           Product: Axis
           Version: beta-1
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Basic Architecture
        AssignedTo: [EMAIL PROTECTED]
        ReportedBy: [EMAIL PROTECTED]


HTTPSender needs to supply the Proxy-Authorization String when connecting to an 
Authenticating proxy when doing HTTPS.

Consider changing:
        out.print("CONNECT " + host + ":" + port + " HTTP/1.0\n"
                  + "User-Agent: AxisClient"
                  + "\r\n\r\n");

To:

        String tunnelUser = System.getProperty("https.proxyUser");
        String tunnelPassword = System.getProperty("https.proxyPassword");
        if (tunnelUser == null) tunnelUser = 
               System.getProperty("http.proxyUser");
        if (tunnelPassword == null) tunnelPassword = 
               System.getProperty("http.proxyPassword");

        String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n"
                 + "User-Agent: AxisClient";

        if (tunnelUser != null && tunnelPassword != null) {
            //add basic authentication header for the proxy
            sun.misc.BASE64Encoder enc = new sun.misc.BASE64Encoder();
            String encodedPassword = 
                 enc.encode((tunnelUser + ":" + tunnelPassword).getBytes());
            msg = msg + "\nProxy-Authorization: Basic " + encodedPassword;
        }
        msg = msg + "\nContent-Length: 0";
        msg = msg + "\nPragma: no-cache";
        msg = msg + "\r\n\r\n";
        out.print(msg);



Or even better lookup the UserName and Password from the java.net.Authenticator 
class instead of System Properties (more secure, cant see password with a ps)

        PasswordAuthentication pa = 
                  Authenticator.requestPasswordAuthentication(
                     InetAddress.getByName(tunnelHost),
                     tunnelPort, "SOCK", "Proxy","HTTP");
        if(pa == null){
                printDebug("No Authenticator set.");
        }else{
                printDebug("Using Authenticator.");
                tunnelUserName = pa.getUserName();
                tunnelPassword = new String(pa.getPassword());
        }

Reply via email to