407 error when trying to access an HTTPS site in Java via an authenticated proxy

Introduction

From Java 8 Update 111, it seems that the default setting is that Basic authentication cannot be used for tunneling when connecting to HTTPS in the java.net package. To avoid it, it is necessary to set an empty string in jdk.http.auth.tunneling.disabledSchemes.

Event

background

When trying to access an https site from an environment inside an authenticated proxy using Java's java.net.HttpURLConnection, a 407 Proxy Authentication Required error occurs no matter how the proxy authentication information is given. Could not be resolved.

Sample.java


import java.util.*;
import java.net.*;

public class Sample {
        private static String PROXY_HOST = "example.proxy.com";
        private static String PROXY_PORT = "8080";
        private static String PROXY_USER = "user";
        private static String PROXY_PASSWORD = "password";

        public static void main(String[] args) throws Exception {
                String url = "https://news.google.com";
                System.setProperty("proxySet", "true");
                System.setProperty("proxyHost", PROXY_HOST);
                System.setProperty("proxyPort", PROXY_PORT);

                Authenticator.setDefault(new Authenticator() {
                        @Override
                        protected PasswordAuthentication getPasswordAuthentication() {
                                return new PasswordAuthentication(PROXY_USER, PROXY_PASSWORD.toCharArray());
                        }
                });

                HttpURLConnection urlconn = (HttpURLConnection) new URL(url).openConnection();
                urlconn.setRequestMethod("GET");
                urlconn.connect();
        }
}

phenomenon

When I run the above Java code, I get the following error:

$ java Sample
Exception in thread "main" java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
        at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:2124)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
        at Sample.main(Sample.java:25)

I tried the following as well as the authentication proxy settings in the code, but the result is the same.

  1. Set proxy in Java startup option
  1. Set to refer to System defaults

environment

The OS is Ubuntu 16.04, and the Java version is as follows.

$ java -version
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

Conclusion

Starting with 8u111 released in October 2016, Basic authentication can no longer be used for tunneling when connecting via HTTPS as the default setting.

Java 8 Release Changes (https://www.java.com/en/download/faq/release_changes.xml)

Disable Basic Authentication for HTTPS Tunneling In some environments, certain authentication schemes may be inappropriate during HTTPS proxies. Therefore, the Basic authentication scheme is deactivated by default in the Oracle Java Runtime by adding Basic to the jdk.http.auth.tunneling.disabledSchemes network property. Proxies that require Basic authentication when configuring HTTPS tunnels will no longer succeed by default. If necessary, reactivate this authentication scheme by removing Basic from the jdk.http.auth.tunneling.disabledSchemes network property or setting the system property with the same name to "" (empty) on the command line. Can be converted. Also, the system properties with the same names as the jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes network properties are activated when configuring HTTPS tunnels or when proxiing plain HTTP, respectively. It can be used to disable other authentication schemes that may have been. JDK-8160838 (private)

If you look at the English version of the release notes, it says core-libs / java.net. , It seems to be a change in the default behavior when connecting to HTTPS using the functionality of the classes in the java.net package.

Workaround

  1. Set the JVM option jdk.http.auth.tunneling.disabledSchemes="".
  1. Use another library

Supplement

I tried sysouting System.getProperty ("jdk.http.auth.tunneling.disabledSchemes ") and the result was null.

Recommended Posts

407 error when trying to access an HTTPS site in Java via an authenticated proxy
Solution that gives an error when trying to connect to DB (MySQL) in Java
Summary when trying to use Solr in Java and getting an error (Solr 6.x)
[Java] Use jsoup to access HTTPS via a proxy that requires authentication
Resolved the error that occurred when trying to use Spark in an environment where Java 8 and Java 11 coexist.
How to solve the unknown error when using slf4j in Java
Error when trying to use heroku command
I want to display an error message when registering in the database
How to pass a proxy when throwing REST over SSL in Java
I get an error when I try to use "^" or "$" in ruby ​​regular expression
[Error resolution] Occurs when trying to build an environment for spring with docker
When you want to notify an error somewhere when using graphql-spring-boot in Spring Boot
When using a list in Java, java.awt.List comes out and an error occurs
NoClassDefFoundError occurred when trying to call an Android function from Unity via jar
I want to send an email in Java.
When deploying to Heroku, OpenApp causes an error
How to solve an Expression Problem in Java
I got an error when trying to install sbt to build a Scala development environment
Summary of how to use the proxy set in IE when connecting with Java
When you want to dynamically replace Annotation in Java8
When trying to insert a specific gem (levenshtein) with Docker, an error occurred without ruby-dev
Resolve CreateProcess error = 206 when running Java in a Windows environment
What happened in "Java 8 to Java 11" and how to build an environment
Things to be aware of when writing code in Java
How to dynamically switch JDK when building Java in Gradle
An error occurs when codedeploy-agent is installed in Ubuntu Server 20.04
Show detailed error in Logger when running Java on server
What to do if you get a JNI shared library error when trying to build in Eclipse
What to do if an error occurs when doing npm install axios in React + Typescript project