Java代理身份验证 [英] Java Proxy Authentication

问题描述

我有一个在Tomcat 6中运行的Java webapp，它从远程URL加载RSS源。

I have a Java webapp, running in Tomcat 6, that loads RSS feeds from remote URLs.

我使用罗马为我处理RSS提要和不同的格式。连接部分如下所示：

I use Rome to handle the RSS feeds and different formats for me. The connection part looks like like that :

try{
  feedSource = new URL(rssObject.getAsset());
}catch(MalformedURLException mue){
  logger.error(...);
  throw mue;
}

try{
    URLConnection connection = feedSource.openConnection();
    feed = new SyndFeedInput().build(new XmlReader(connection));
}catch(Exception){handle...}

代码工作正常，除了在这个新客户端，他们使用代理。

The code works fine, except at this new client, where they use a proxy.

为了使用代理，我设置了http.proxyHost和proxyPort系统属性：

In order to use the proxy, I set the http.proxyHost and proxyPort system properties :

System.setProperty("http.proxyHost", proxyHost);
System.setProperty("http.proxyPort", proxyPort);
System.setProperty("https.proxyHost", proxyHost);
System.setProperty("https.proxyPort", proxyPort);

HTTP GET是代理好的，但现在我收到HTTP 502错误（网关不好或类似的事情。

HTTP GET is made to the proxy alright, but now I get a HTTP 502 error (bad gateway or something similar).

分析与Wireshark的HTTP交换，我注意到代理需要身份验证。它发送HTTP 507. Java以某种方式尝试进行身份验证，但它使用了错误的用户名和密码。它似乎使用主机名作为用户名，对于我不知道的密码。

Analysing the HTTP exchange with Wireshark, I noticed that the proxy is requiring authentication. It sends a HTTP 507. Java is somehow trying to authenticate but it uses the wrong username and passwords. It seems to use the host name as the username, as for the password I don't know.

所以我试图实现Authenticator方法来指定用户名+密码：

So I tried to implement the Authenticator method of specifying a username+password :

Authenticator.setDefault(new Authenticator() {
            @Override
            protected PasswordAuthentication getPasswordAuthentication() {
                logger.info(MessageFormat.format("Generating PasswordAuthentitcation for proxy authentication, using username={0} and password={1}.", username, password));
                return new PasswordAuthentication(username, password.toCharArray());
            }
        });

现在我的问题是它被忽略了。永远不会调用getPasswordAuthentication方法。我没有在日志文件中看到日志文件并使用Wireshark我可以看到它仍然使用主机名作为用户名。

Now my problem is that it is ignored. The getPasswordAuthentication method is never called. I don't see the logging statement in the log file and using Wireshark I can see that it still uses the host name as the user name.

为什么？似乎java在不咨询Authenticator的情况下试图自己进行身份验证。

Why ? It seems that java somehow tries to authenticate by itself without consulting the Authenticator.

代理似乎是使用NTLM进行身份验证的MS设备。 java中是否有一些内置机制来处理这个问题？应用程序运行的机器是Win Server 2008 R2。

The proxy seems to be a MS device that uses NTLM for authentication. Is there some built-in mechanism in java to handle this ? The machine on which the app runs is Win Server 2008 R2.

推荐答案

我们在这里做了同样的事情来验证基于NTLM的代理。

We did the same here for authenticating on a NTLM based proxy.

代理上的身份验证实际上是正常的 HTTP基本身份验证。

The authentication on the proxy is actually a normal HTTP Basic Authentication.

我们使用以下方法：

protected URLConnection newURLConnection(URL pURL) throws IOException {
    URLConnection urlConnection = super.newURLConnection(pURL);

    String auth = new String(Base64.base64Encode(new String("username:password").getBytes()));
    auth = "Basic " + auth;
    urlConnection.setRequestProperty("Proxy-Connection","Keep-Alive");
    urlConnection.setRequestProperty("Proxy-Authorization",auth);
    return urlConnection;
}

这与代理jvm设置一起完成了这个伎俩。

That, together with the proxy jvm settings, did the trick.

请参阅 http://en.wikipedia.org/wiki/ Basic_access_authentication 。

这篇关于Java代理身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！