Wednesday, May 28, 2008

Proxy authentication in Java

The usual corporate networks provide internet access via proxy servers and at times they require authentication as well. May applications do open the connections to servers which are external to the corporate intranet. So one has to do proxy authentication programmatically. Fortunately Java provides a transparent mechanism to do proxy authentications.

Create a simple class like below-

import java.net.Authenticator;

class ProxyAuthenticator extends Authenticator {

private String user, password;

public ProxyAuthenticator(String user, String password) {
this.user = user;
this.password = password;
}

protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(user, password.toCharArray());
}
}
and put these lines of code before your code opens an URLConnection-
Authenticator.setDefault(new ProxyAuthenticator("user", "password"));
System.setProperty("http.proxyHost", "proxy host");
System.setProperty("http.proxyPort", "port");

Now all calls will successfully pass through the proxy authentication.

28 Comments:

Anonymous said...

Hi

This works fine in case of stand alone program. But in case of a web application it is throwing

Proxy authentication requires error.

Is there any thing to change in the code, when run as a web application.

I am using weblogic 9.2 to run my application.

Can you please help me ijn this case.

Thanks in Advance
Praveen

Anonymous said...

Hi Praveen,

No Idea about WL 9.2, though it works fine on Tomcat.

Thanks,
Vinod

____ said...

i tried this. but i m getting following exception

can u help me out ????

*************************************************************

11:44:16,688 INFO [STDOUT] 2008-10-30 11:44:16,688 ERROR [HttpMethodDirector-authenticate-235]-Credentials cannot be used for NTLM authentication: org.apache.commons.httpclient.UsernamePasswordCredentials


org.apache.commons.httpclient.auth.InvalidCredentialsException: Credentials cannot be used for NTLM authentication: org.apache.commons.httpclient.UsernamePasswordCredentials


11:44:16,719 INFO [STDOUT] 2008-10-30 11:44:16,719 ERROR [searchTrip_jsp-_jspService-658]-Transport error: 407 Error: Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )
org.apache.axis2.AxisFault: Transport error: 407 Error: Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )




***************************************************************

subWiz said...

This example uses System properties. This is not ideal for web applications--as this system property will affect the complete JVM running the web application.

We ran into issues when we deployed two web-applications, one of which connected to a local HTTP server, and the other using proxy connected to a internet site. When we set the system properties, the one requiring local connection was also trying to go through the proxy.

Finally we used Apache HTTP Client:

http://hc.apache.org/httpcomponents-client/index.html

This has a neat proxy authentication implementation.

Anonymous said...

subWiz,

Thanks, for the update.

Anonymous said...

thanks Mr.vinod,i tried this and it worked properly.......

Anonymous said...

Would this work for ftp.proxy* as well?

Anonymous said...

I think it should, though I never tried it for ftp protocol hence no definitive answer ;-)

Anonymous said...

is there a way , where you can set proxyUser, and proxyPassword, without setting property in System class.
Because i have this issue on Weblogic, not able to set property in system class(i mean the system.setProperty has no effect)
I tried apach HttpClient as well, it doesnot support NTLM.

Tejas

Maciej said...

Do you need to set any SecurityManager in order for
Authenticator.setDefault(new ProxyAuthenticator("user", "password"));
to work?

Anonymous said...

NO, it works without that.

Anonymous said...

yeah...it worked for me....

- Anurag Verma

j0k3r said...

Is there any way to setting proxy config to particular class? Or else, is there any way to setting proxy config to jax-ws? I don't want to touch global jvm config(
System.setProperty("http.proxyHost", "proxy host");).
Because I concern it will effect to all other classes which are connecting to network things(various host and ip which are actually local). I don't want to exclude em by "http.nonProxyHosts" also. Is there any way? Thanks in adv for help.

Anonymous said...

Yes it worked for me.

But the problem is that its caching the credentials which are provided for the first call and is not picking up the new credentials.

Please suggest how we can reset the JVM cache for java.net.Authenticator object reference.

Thanks

Anonymous said...

Thank you very much!
It worked!

George said...

Thank you alot. Your solution worked perfectly well. It is accepted by the proxy without any hitches.

Anonymous said...

1. import java.net.Authenticator;
2.
3. class ProxyAuthenticator extends Authenticator {
4.
5. private String user, password;
6.
7. public ProxyAuthenticator(String user, String password) {
8. this.user = user;
9. this.password = password;
10. }
11.
12. protected PasswordAuthentication getPasswordAuthentication() {
13. return new PasswordAuthentication(user, password.toCharArray());
14. }
15. }

I have implemented above.

I want to verify that the provided username and password are correct for that proxy,
When password authorization is not needed means getPasswordAuthentication() will not call at this time.
I need this to ensure the username and password are correct when they needed means when getPasswordAuthentication() will call.

Anonymous said...

Hi,

Thanks a lot for the post.

Regards
Aditya

Poonam Kamboj said...

i am trying to acces SSRS 2008 web services using JAX-WS , tomcat 6, jdk1.6 form sun, on windows vista machine. but getPasswordAuthentication() is never called & client proxy pick up the loged in user credentials from the machine itself.. please help

Anonymous said...

Thanks a lot sir, Your solution worked gr8.

But i m struck at a point where i need to give the domain name as well ! where to set the same ?

Any help would be gr8.

Anonymous said...

Hi, Authenticator is invoked in unix platform but when comes to windows platform authenticator is not invoked instead system credentials are getting passed.

This document says

On Microsoft Windows platforms, NTLM authentication attempts to acquire the user credentials from the system without prompting the user's authenticator object. If these credentials are not accepted by the server then the user's authenticator will be called."

http://docs.oracle.com/javase/6/docs/technotes/guides/net/http-auth.html

I have set the proxy host and port in the client but still issue persists.

Can any one suggest me how to override this windows behaviour.

Anonymous said...

was spending half a day to realize that you MUST provide an authenticator if you get a 407 error

here's my code working now


private void setProxy()
{
class ProxyAuthenticator extends Authenticator
{
private String user, password;
public ProxyAuthenticator(String user, String password)
{
this.user = user;
this.password = password;
}
protected PasswordAuthentication getPasswordAuthentication()
{
return new PasswordAuthentication(user, password.toCharArray());
}
}

// if there are no credentials you MUST use empty user / password
Authenticator.setDefault(new ProxyAuthenticator("", ""));

System.setProperty("java.net.useSystemProxies", "true");
System.setProperty("http.nonProxyHosts", "*.localdomain.com|localhost");

// or use explicit proxy url and port
//System.setProperty("http.proxyHost", "proxyurl");
//System.setProperty("http.proxyPort", "port");


System.setProperty( "http.proxyUser", "" );
System.setProperty( "http.proxyPassword", "" );
}

Anonymous said...

In addition to my post earlier this day:

! don't include the proxy URL in the wildcard for "nonProxyHosts" !

Neets said...

Worked perfectly. Thanks!!

Anonymous said...

I received an error that PasswordAuthenticator cannot be resolved to a type.

Krishna said...

Vinod - I was interested in a script which will authenticate once for me the proxy so that I don't need to enter them manually everytime I connect via IE. This has been a headache and a routine job that I keep doing all the time. Please suggest an alternative.

Aravind said...

Vinod thanks a lot for the example . I tried the sample but it says Exception in thread "main" java.net.ProtocolException: Server redirected too many times (20) , I am unable to find out what is the issue . Kindly guide me

Regards
Arvind

aryan.ashwani said...

What if the site you are connecting to also requires a username/password to allow you. Setting a Default Authenticator(Authenticator.setDefault) will fail I guess when the external site will look for authenticated user.
Used this code earlier and was getting the error (407) Proxy Authentication Required.


I believe that was because the authentication was requested by different hosts. and when you set a default authenticator with one user/pass for one host, then the authentication will fail for other requesting host. I made the following change yesterday to SimpleAuthenticator class and now it works like a charm.

Can't paste complete class here ,so documented here: http://blog.ashwani.co.in/blog/2013-07-29/access-sharepoint-webservices-from-java-behind-proxy/