Apache Jakarta ProxyClient problem

I am trying to use the org.apache.commons.httpclient.ProxyClient class to tunnel our applications protocol through a http proxy.

However for some reason this does not work correctly and all i keep getting is a 403 forbidden error, most likely from the proxy.

The proxy I use for testing is squid/2.5.STABLE13-NT (Windows XP port) configured for basic authentication using win32_auth.

CODE:

package de.symmedia.webclient;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.Socket;
import java.util.ArrayList;
import java.util.List;

import org.apache.commons.httpclient.HostConfiguration;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpState;
import org.apache.commons.httpclient.ProxyClient;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthPolicy;
import org.apache.commons.httpclient.auth.AuthScope;

public class TestProxyConnection {

      public static void main(String[] args) {
            
            ProxyClient client = new ProxyClient();
            
            HostConfiguration config = client.getHostConfiguration();
            
            config.setHost("www.google.de");
            
            config.setProxy("thor", 8128);
            
        // This is to make HttpClient pick the Basic authentication scheme over NTLM & Digest
        List authPrefs = new ArrayList(3);
        authPrefs.add(AuthPolicy.BASIC);
//        client.getParams().setAuthenticationPreemptive(true);
        client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs);
            
            HttpState httpState = client.getState();
            
            AuthScope scope = new AuthScope("192.168.1.132",8128,AuthScope.ANY_REALM,AuthScope.ANY_SCHEME);
            
            UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("administrator","password");
            
            httpState.setProxyCredentials(scope, credentials);

            ProxyClient.ConnectResponse response;
            
            try {
                  response = client.connect();
                  
                  if ( response.getSocket() != null ) {
                        Socket socket = response.getSocket();      
                        try {
                              OutputStreamWriter out = new OutputStreamWriter(socket.getOutputStream(), "ISO-8859-1");
                   
                              out.write("GET http://www.google.de/ HTTP/1.1\r\n");  
                    out.write("Host: www.google.de\r\n");  
                    out.write("Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)\r\n");  
                    out.write("\r\n");  
                    out.flush();
                   
                    BufferedReader in = new BufferedReader(
                        new InputStreamReader(socket.getInputStream(), "ISO-8859-1"));
                   
                    String line = null;
                    while ((line = in.readLine()) != null) {
                        System.out.println(line);
                    }      
                        } finally {
                              socket.close();
                        }
                  } else {
                  // the proxy connect was not successful, check connect method for reasons why
                  System.out.println("Connect failed: " + response.getConnectMethod().getStatusLine());
                  System.out.println(response.getConnectMethod().getResponseBodyAsString());
                  }

            } catch (HttpException e) {
                  // TODO Auto-generated catch block
                  e.printStackTrace();
            } catch (IOException e) {
                  // TODO Auto-generated catch block
                  e.printStackTrace();
            }
            
            
            
      }
      
}


I would be very grateful for some quick help.

Thank you in advance everybody.
ProfessorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mayank SAssociate Director - Product EngineeringCommented:
>> UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("administrator","password");

Is this a domain account or a local system account? Try with a domain account with and without the "DOMAIN_NAME\" prefix in the user-name.
0
ProfessorAuthor Commented:
It is a local system account. I have also tried other accounts on the system as well as domain accounts.
0
CEHJCommented:
Can you authenticate through your browser when you set its proxy to Squid?
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Mayank SAssociate Director - Product EngineeringCommented:
No need to try local accounts. You should use domain accounts because I guess they will be the ones authenticated on the proxy-server.
0
ProfessorAuthor Commented:
The same credentials do actually work when using squid as a proxy for firefox. Same local credentials.
0
ProfessorAuthor Commented:
This is what the squid log says:

1144247192.584     16 192.168.1.23 TCP_DENIED/403 1451 CONNECT www.google.de:80 - NONE/- text/html
0
CEHJCommented:
Why don't you just directly set the http.proxyHost/Port system properties?
0
Mayank SAssociate Director - Product EngineeringCommented:
>> The same credentials do actually work when using squid as a proxy for firefox.

Did you check test with the same URL?
0
ProfessorAuthor Commented:
There was some reason for not setting the system properties ... however right now i cannot think of one. i was just told to do it the way i do it ... i think it might be something about the supported authentication types, the dynamic configurability and the fact that it does not necessarily need to be a http proxy, it might be socks too.

I just noticed something: When using IE, i cannot actually log in with the credentials i was using.
0
ProfessorAuthor Commented:
sorry, appears to be some sort of IE7 problem ...
0
ProfessorAuthor Commented:
the IE not working i mean ...
0
CEHJCommented:
Personally i would do the following:

a. set the proxy directly unless there's a *good* reason for not doing
b. make sure you can authenticate with 'ready made' clients first
0
Mayank SAssociate Director - Product EngineeringCommented:
>> however right now i cannot think of one

Then did you try with them now?
0
ProfessorAuthor Commented:
There is DEFINITELY a good reason for using the apache httpclient; therefore i do not really see the point in even trying the system properties.

I tried with most clients i have here and also with the example that comes with the httpclient. The ready made clients like IE6, Firefox etc. all work, but even the example coming with the httpclient library does not work. :/
0
CEHJCommented:
>>There is DEFINITELY a good reason for using the apache httpclient

There's some confusion here. It doesn't mean you have to abandon using HttpClient. It just means you don't have to write proxying code - all you need to do is write standard client code
0
Mayank SAssociate Director - Product EngineeringCommented:
>>  therefore i do not really see the point in even trying the system properties.

You weren't told to remove everything else that you have there. Just the part for setting the proxy - set it in the system properties.
0
ProfessorAuthor Commented:
I just talked with the lead developer again and there IS a very good reason for not using the system properties :) Sorry for the confusion. The problem is that when we use the system properties, _all_ sockets created will be proxied; however we need to have control over which sockets use the proxy and which dont.
0
CEHJCommented:
>>however we need to have control over which sockets use the proxy and which dont.

OK, but AFAICS there's still no need to be writing raw http over sockets. Shall look into it
0
CEHJCommented:
...although:

>>to tunnel our applications protocol

what exactly do you mean here?
0
ProfessorAuthor Commented:
The raw ftp isnt really the issue here; thats just in there for testing. The actual point of the testing is to get our applications TCP based protocol tunneled through an http proxy:

client :: proxy :: internet :: server :: proxy :: internet :: central server

which is necessary for some of our customers' network architectures.

Therefore right now i am testing around trying to find out what the most effective way is to tunnel our protocol through an http based proxy. SOCKS implementations are all ready and functional; only the http based proxy implementation is currently based on raw http code AND additionally only working for basic authentication. I am trying to find a way to allow the application to authenticate against basic and digest as well as ntlm based proxies like MS ISA Server.

I hope this clarifies the situation a little bit :)
0
ProfessorAuthor Commented:
It appears that I have solved the issue.

The problem was that the ProxyClient only authenticates against the proxy server proxyclient.getParams().setAuthenticationPreemptive(true); is set.
0
Mayank SAssociate Director - Product EngineeringCommented:
Great. Looks like you can get a PAQ/ Refund.
0
GranModCommented:
PAQed with points refunded (250)

GranMod
Community Support Moderator
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.