描述
我正在尝试连接到通过需要身份验证的代理使用https的Web服务器,但它不起作用。
即使强制,HttpsURLConnection类也会发送第一个打开隧道的请求,而不使用“代理授权”标头。
在这种情况下,服务器将返回«407 Proxy Authentication Required»。
重现问题的代码
public class TestProxy {
@Test
public void testOne() throws IOException {
final String PROXY_USERNAME = "username";
final String PROXY_PASSWORD = "password";
final String PROXY_HOSTNAME = "hostname";
final int PROXY_PORT = 8080;
Authenticator.setDefault(
new Authenticator() {
@Override
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(PROXY_USERNAME, PROXY_PASSWORD.toCharArray());
}
});
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(PROXY_HOSTNAME, PROXY_PORT));
URL url = new URL("https://www.google.com");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(proxy);
assertNotEquals(407, connection.getResponseCode());
}
@Test
public void testTwo() throws IOException {
final String PROXY_USERNAME = "username";
final String PROXY_PASSWORD = "password";
final String PROXY_HOSTNAME = "hostname";
final int PROXY_PORT = 8080;
Authenticator.setDefault(
new Authenticator() {
@Override
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(PROXY_USERNAME, PROXY_PASSWORD.toCharArray());
}
});
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(PROXY_HOSTNAME, PROXY_PORT));
URL url = new URL("https://www.google.com");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(proxy);
String userCredentials = PROXY_USERNAME + ":" + PROXY_PASSWORD;
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
connection.setRequestProperty("Proxy-Authorization", basicAuth);
assertNotEquals(407, connection.getResponseCode());
}
}
请求已发送
CONNECT www.google.com:443 HTTP/1.1
User-Agent: Java/1.8.0_162
Host: www.google.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Proxy-Connection: keep-alive
可能的原因
我认为这种行为是由sun.net.www.protocol.http.HttpURLConnection.sendCONNECTRequest()方法引起的。它创建了一个新的“连接请求”而没有添加“代理授权”头。
解决方法
解决方法是首先连接到http地址,以便代理服务器注册用户代理并授权连接,而无需添加Proxy-Authorization标头
jdk版本是1.8.0_181-b13。
为了能够通过代理使用https连接到webservice,我们需要禁用系统属性。
这仅适用于jdk> 8u11
见Disable Basic authentication for HTTPS tunneling
在应用程序中设置系统属性将不起作用
private void allowAuthenticationForHttps() {
System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");
}
它应该作为命令行中的标志传递
-Djdk.http.auth.tunneling.disabledSchemes=""