From Java 8 Update 111, it seems that the default setting is that Basic authentication cannot be used for tunneling when connecting to HTTPS in the java.net package.
To avoid it, it is necessary to set an empty string in jdk.http.auth.tunneling.disabledSchemes.
When trying to access an https site from an environment inside an authenticated proxy using Java's java.net.HttpURLConnection, a 407 Proxy Authentication Required error occurs no matter how the proxy authentication information is given. Could not be resolved.
Sample.java
import java.util.*;
import java.net.*;
public class Sample {
private static String PROXY_HOST = "example.proxy.com";
private static String PROXY_PORT = "8080";
private static String PROXY_USER = "user";
private static String PROXY_PASSWORD = "password";
public static void main(String[] args) throws Exception {
String url = "https://news.google.com";
System.setProperty("proxySet", "true");
System.setProperty("proxyHost", PROXY_HOST);
System.setProperty("proxyPort", PROXY_PORT);
Authenticator.setDefault(new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(PROXY_USER, PROXY_PASSWORD.toCharArray());
}
});
HttpURLConnection urlconn = (HttpURLConnection) new URL(url).openConnection();
urlconn.setRequestMethod("GET");
urlconn.connect();
}
}
When I run the above Java code, I get the following error:
$ java Sample
Exception in thread "main" java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:2124)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at Sample.main(Sample.java:25)
I tried the following as well as the authentication proxy settings in the code, but the result is the same.
java -Dhttp.proxyHost =" example.proxy.com "-Dhttp.proxyPort = 8080 -Dhttp.proxyUser = user -Dhttp.proxyPassword = password (same setting for https) Samplejava -Djava.net.useSystemProxies = true SampleThe OS is Ubuntu 16.04, and the Java version is as follows.
$ java -version
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)
Starting with 8u111 released in October 2016, Basic authentication can no longer be used for tunneling when connecting via HTTPS as the default setting.
Java 8 Release Changes (https://www.java.com/en/download/faq/release_changes.xml)
Disable Basic Authentication for HTTPS Tunneling In some environments, certain authentication schemes may be inappropriate during HTTPS proxies. Therefore, the Basic authentication scheme is deactivated by default in the Oracle Java Runtime by adding Basic to the jdk.http.auth.tunneling.disabledSchemes network property. Proxies that require Basic authentication when configuring HTTPS tunnels will no longer succeed by default. If necessary, reactivate this authentication scheme by removing Basic from the jdk.http.auth.tunneling.disabledSchemes network property or setting the system property with the same name to "" (empty) on the command line. Can be converted. Also, the system properties with the same names as the jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes network properties are activated when configuring HTTPS tunnels or when proxiing plain HTTP, respectively. It can be used to disable other authentication schemes that may have been. JDK-8160838 (private)
If you look at the English version of the release notes, it says core-libs / java.net. , It seems to be a change in the default behavior when connecting to HTTPS using the functionality of the classes in the java.net package.
jdk.http.auth.tunneling.disabledSchemes="".java -Djdk.http.auth.tunneling.disabledSchemes =" "SampleSystem.setProperty ("jdk.http.auth.tunneling.disabledSchemes", ""); I tried sysouting System.getProperty ("jdk.http.auth.tunneling.disabledSchemes ") and the result was null.
Recommended Posts