无法通过代理隧道连接。代理通过https返回“HTTP/1.1 407”。

Question

无法通过代理隧道连接。代理通过https返回“HTTP/1.1 407”。

authenticationhttpsproxyapache-winkhttp-tunneling

5

我尝试通过需要认证的https连接到服务器。此外，我在中间有一个需要认证的http代理。我使用ProxyAuthSecurityHandler与代理进行身份验证，并使用BasicAuthSecurityHandler与服务器进行身份验证。

收到java.io.IOException：无法通过代理进行隧道连接。

Proxy returns "HTTP/1.1 407 Proxy Auth Required"

at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:1525)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (AbstractDelegateHttpsURLConnection.java:164)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
at org.apache.wink.client.internal.handlers.HttpURLConnectionHandler.processRequest(HttpURLConnectionHandler.java:97)

我注意到ProxyAuthSecurityHandler的实现希望响应代码是407，但是在调试期间由于抛出的IOException，我们永远无法进入第二部分。

代码片段如下：

ClientConfig configuration = new ClientConfig();
configuration.connectTimeout(timeout);

MyBasicAuthenticationSecurityHandler basicAuthProps = new MyBasicAuthenticationSecurityHandler();
basicAuthProps.setUserName(user);
basicAuthProps.setPassword(password);
configuration.handlers(basicAuthProps);

if ("true".equals(System.getProperty("setProxy"))) {
    configuration.proxyHost(proxyHost);
    if ((proxyPort != null) && !proxyPort.equals("")) {
        configuration.proxyPort(Integer.parseInt(proxyPort));
    }

    MyProxyAuthSecurityHandler proxyAuthSecHandler =
            new MyProxyAuthSecurityHandler();
    proxyAuthSecHandler.setUserName(proxyUser);
    proxyAuthSecHandler.setPassword(proxyPass);
    configuration.handlers(proxyAuthSecHandler);
}

restClient = new RestClient(configuration);
// create the createResourceWithSessionCookies instance to interact with

Resource resource = getResource(loginUrl);

// Request body is empty
ClientResponse response = resource.post(null);

尝试使用wink客户端版本1.1.2和1.2.1，但问题在两个版本中都重复出现。

- Ilana Platonov

2个回答

0

如果Ilana Platonov的答案不起作用，尝试编辑变量：

jdk.http.auth.tunneling.disabledSchemes  
jdk.http.auth.proxying.disabledSchemes

- copbint

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Ilana Platonov · Accepted Answer

我发现当我们尝试使用https URL通过代理时，首先发送CONNECT，然后才尝试发送请求。代理服务器无法读取我们附加到请求中的任何头文件，因为它没有解密流量所需的密钥。这意味着CONNECT应该已经具有用户/密码以向代理传递此阶段。以下是我使用的代码片段-对我有效：

import sun.misc.BASE64Encoder;
import java.io.*;
import java.net.*;

public class ProxyPass {
    public ProxyPass(String proxyHost, int proxyPort, final String userid, final String password, String url) {

        try {
        /* Create a HttpURLConnection Object and set the properties */
            URL u = new URL(url);
            Proxy proxy =
            new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, proxyPort));
            HttpURLConnection uc = (HttpURLConnection)u.openConnection(proxy);

            Authenticator.setDefault(new Authenticator() {
            @Override
            protected PasswordAuthentication getPasswordAuthentication() {
            if (getRequestorType().equals(RequestorType.PROXY)) {
            return new PasswordAuthentication(userid, password.toCharArray());
            }
            return super.getPasswordAuthentication();
            }
            });

            uc.connect();

            /* Print the content of the url to the console. */
            showContent(uc);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    private void showContent(HttpURLConnection uc) throws IOException {
        InputStream i = uc.getInputStream();
        char c;
        InputStreamReader isr = new InputStreamReader(i);
        BufferedReader br = new BufferedReader(isr);
        String line;
        while ((line = br.readLine()) != null) {
            System.out.println(line);
        }
    }

    public static void main(String[] args) {

        String proxyhost = "proxy host";
        int proxyport = port;
        String proxylogin = "proxy username";
        String proxypass = "proxy password";
        String url = "https://....";
        new ProxyPass(proxyhost, proxyport, proxylogin, proxypass, url);

    }
    }

如果您正在使用像我一样的Wink，则需要在ClientConfig中设置代理，并在将其传递给RestClient之前设置默认验证器。

ClientConfig configuration = new ClientConfig();
    configuration.connectTimeout(timeout);

    BasicAuthenticationSecurityHandler basicAuthProps = new BasicAuthenticationSecurityHandler();
    basicAuthProps.setUserName(user);
    basicAuthProps.setPassword(password);
    configuration.handlers(basicAuthProps);

    if (proxySet()) {
        configuration.proxyHost(proxyHost);
        if ((proxyPort != null) && !proxyPort.equals("")) {
            configuration.proxyPort(Integer.parseInt(proxyPort));
        }
        Authenticator.setDefault(new Authenticator() {
            @Override
            protected PasswordAuthentication getPasswordAuthentication() {
                if (getRequestorType().equals(RequestorType.PROXY)) {
                    return new PasswordAuthentication(proxyUser), proxyPass.toCharArray());
                }
                return super.getPasswordAuthentication();
            }
        });
    }

    restClient = new RestClient(configuration);
    Resource resource = getResource(loginUrl);

    // Request body is empty
    ClientResponse response = resource.post(null);
    if (response.getStatusCode() != Response.Status.OK.getStatusCode()) {
        throw new RestClientException("Authentication failed for user " + user);
    }