Professor
asked on
Apache Jakarta ProxyClient problem
I am trying to use the org.apache.commons.httpcli ent.ProxyC lient class to tunnel our applications protocol through a http proxy.
However for some reason this does not work correctly and all i keep getting is a 403 forbidden error, most likely from the proxy.
The proxy I use for testing is squid/2.5.STABLE13-NT (Windows XP port) configured for basic authentication using win32_auth.
CODE:
package de.symmedia.webclient;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter ;
import java.net.Socket;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.httpcli ent.HostCo nfiguratio n;
import org.apache.commons.httpcli ent.HttpEx ception;
import org.apache.commons.httpcli ent.HttpSt ate;
import org.apache.commons.httpcli ent.ProxyC lient;
import org.apache.commons.httpcli ent.Userna mePassword Credential s;
import org.apache.commons.httpcli ent.auth.A uthPolicy;
import org.apache.commons.httpcli ent.auth.A uthScope;
public class TestProxyConnection {
public static void main(String[] args) {
ProxyClient client = new ProxyClient();
HostConfiguration config = client.getHostConfiguratio n();
config.setHost("www.google.de");
config.setProxy("thor", 8128);
// This is to make HttpClient pick the Basic authentication scheme over NTLM & Digest
List authPrefs = new ArrayList(3);
authPrefs.add(AuthPolicy.B ASIC);
// client.getParams().setAuth entication Preemptive (true);
client.getParams().setPara meter(Auth Policy.AUT H_SCHEME_P RIORITY, authPrefs);
HttpState httpState = client.getState();
AuthScope scope = new AuthScope("192.168.1.132", 8128,AuthS cope.ANY_R EALM,AuthS cope.ANY_S CHEME);
UsernamePasswordCredential s credentials = new UsernamePasswordCredential s("adminis trator","p assword");
httpState.setProxyCredenti als(scope, credentials);
ProxyClient.ConnectRespons e response;
try {
response = client.connect();
if ( response.getSocket() != null ) {
Socket socket = response.getSocket();
try {
OutputStreamWriter out = new OutputStreamWriter(socket. getOutputS tream(), "ISO-8859-1");
out.write("GET http://www.google.de/ HTTP/1.1\r\n");
out.write("Host: www.google.de\r\n");
out.write("Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)\r\n");
out.write("\r\n");
out.flush();
BufferedReader in = new BufferedReader(
new InputStreamReader(socket.g etInputStr eam(), "ISO-8859-1"));
String line = null;
while ((line = in.readLine()) != null) {
System.out.println(line);
}
} finally {
socket.close();
}
} else {
// the proxy connect was not successful, check connect method for reasons why
System.out.println("Connec t failed: " + response.getConnectMethod( ).getStatu sLine());
System.out.println(respons e.getConne ctMethod() .getRespon seBodyAsSt ring());
}
} catch (HttpException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
I would be very grateful for some quick help.
Thank you in advance everybody.
However for some reason this does not work correctly and all i keep getting is a 403 forbidden error, most likely from the proxy.
The proxy I use for testing is squid/2.5.STABLE13-NT (Windows XP port) configured for basic authentication using win32_auth.
CODE:
package de.symmedia.webclient;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter
import java.net.Socket;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.httpcli
import org.apache.commons.httpcli
import org.apache.commons.httpcli
import org.apache.commons.httpcli
import org.apache.commons.httpcli
import org.apache.commons.httpcli
import org.apache.commons.httpcli
public class TestProxyConnection {
public static void main(String[] args) {
ProxyClient client = new ProxyClient();
HostConfiguration config = client.getHostConfiguratio
config.setHost("www.google.de");
config.setProxy("thor", 8128);
// This is to make HttpClient pick the Basic authentication scheme over NTLM & Digest
List authPrefs = new ArrayList(3);
authPrefs.add(AuthPolicy.B
// client.getParams().setAuth
client.getParams().setPara
HttpState httpState = client.getState();
AuthScope scope = new AuthScope("192.168.1.132",
UsernamePasswordCredential
httpState.setProxyCredenti
ProxyClient.ConnectRespons
try {
response = client.connect();
if ( response.getSocket() != null ) {
Socket socket = response.getSocket();
try {
OutputStreamWriter out = new OutputStreamWriter(socket.
out.write("GET http://www.google.de/ HTTP/1.1\r\n");
out.write("Host: www.google.de\r\n");
out.write("Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)\r\n");
out.write("\r\n");
out.flush();
BufferedReader in = new BufferedReader(
new InputStreamReader(socket.g
String line = null;
while ((line = in.readLine()) != null) {
System.out.println(line);
}
} finally {
socket.close();
}
} else {
// the proxy connect was not successful, check connect method for reasons why
System.out.println("Connec
System.out.println(respons
}
} catch (HttpException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
I would be very grateful for some quick help.
Thank you in advance everybody.
ASKER
It is a local system account. I have also tried other accounts on the system as well as domain accounts.
Can you authenticate through your browser when you set its proxy to Squid?
No need to try local accounts. You should use domain accounts because I guess they will be the ones authenticated on the proxy-server.
ASKER
The same credentials do actually work when using squid as a proxy for firefox. Same local credentials.
ASKER
This is what the squid log says:
1144247192.584 16 192.168.1.23 TCP_DENIED/403 1451 CONNECT www.google.de:80 - NONE/- text/html
1144247192.584 16 192.168.1.23 TCP_DENIED/403 1451 CONNECT www.google.de:80 - NONE/- text/html
Why don't you just directly set the http.proxyHost/Port system properties?
>> The same credentials do actually work when using squid as a proxy for firefox.
Did you check test with the same URL?
Did you check test with the same URL?
ASKER
There was some reason for not setting the system properties ... however right now i cannot think of one. i was just told to do it the way i do it ... i think it might be something about the supported authentication types, the dynamic configurability and the fact that it does not necessarily need to be a http proxy, it might be socks too.
I just noticed something: When using IE, i cannot actually log in with the credentials i was using.
I just noticed something: When using IE, i cannot actually log in with the credentials i was using.
ASKER
sorry, appears to be some sort of IE7 problem ...
ASKER
the IE not working i mean ...
Personally i would do the following:
a. set the proxy directly unless there's a *good* reason for not doing
b. make sure you can authenticate with 'ready made' clients first
a. set the proxy directly unless there's a *good* reason for not doing
b. make sure you can authenticate with 'ready made' clients first
>> however right now i cannot think of one
Then did you try with them now?
Then did you try with them now?
ASKER
There is DEFINITELY a good reason for using the apache httpclient; therefore i do not really see the point in even trying the system properties.
I tried with most clients i have here and also with the example that comes with the httpclient. The ready made clients like IE6, Firefox etc. all work, but even the example coming with the httpclient library does not work. :/
I tried with most clients i have here and also with the example that comes with the httpclient. The ready made clients like IE6, Firefox etc. all work, but even the example coming with the httpclient library does not work. :/
>>There is DEFINITELY a good reason for using the apache httpclient
There's some confusion here. It doesn't mean you have to abandon using HttpClient. It just means you don't have to write proxying code - all you need to do is write standard client code
There's some confusion here. It doesn't mean you have to abandon using HttpClient. It just means you don't have to write proxying code - all you need to do is write standard client code
>> therefore i do not really see the point in even trying the system properties.
You weren't told to remove everything else that you have there. Just the part for setting the proxy - set it in the system properties.
You weren't told to remove everything else that you have there. Just the part for setting the proxy - set it in the system properties.
ASKER
I just talked with the lead developer again and there IS a very good reason for not using the system properties :) Sorry for the confusion. The problem is that when we use the system properties, _all_ sockets created will be proxied; however we need to have control over which sockets use the proxy and which dont.
>>however we need to have control over which sockets use the proxy and which dont.
OK, but AFAICS there's still no need to be writing raw http over sockets. Shall look into it
OK, but AFAICS there's still no need to be writing raw http over sockets. Shall look into it
...although:
>>to tunnel our applications protocol
what exactly do you mean here?
>>to tunnel our applications protocol
what exactly do you mean here?
ASKER
The raw ftp isnt really the issue here; thats just in there for testing. The actual point of the testing is to get our applications TCP based protocol tunneled through an http proxy:
client :: proxy :: internet :: server :: proxy :: internet :: central server
which is necessary for some of our customers' network architectures.
Therefore right now i am testing around trying to find out what the most effective way is to tunnel our protocol through an http based proxy. SOCKS implementations are all ready and functional; only the http based proxy implementation is currently based on raw http code AND additionally only working for basic authentication. I am trying to find a way to allow the application to authenticate against basic and digest as well as ntlm based proxies like MS ISA Server.
I hope this clarifies the situation a little bit :)
client :: proxy :: internet :: server :: proxy :: internet :: central server
which is necessary for some of our customers' network architectures.
Therefore right now i am testing around trying to find out what the most effective way is to tunnel our protocol through an http based proxy. SOCKS implementations are all ready and functional; only the http based proxy implementation is currently based on raw http code AND additionally only working for basic authentication. I am trying to find a way to allow the application to authenticate against basic and digest as well as ntlm based proxies like MS ISA Server.
I hope this clarifies the situation a little bit :)
ASKER
It appears that I have solved the issue.
The problem was that the ProxyClient only authenticates against the proxy server proxyclient.getParams().se tAuthentic ationPreem ptive(true ); is set.
The problem was that the ProxyClient only authenticates against the proxy server proxyclient.getParams().se
Great. Looks like you can get a PAQ/ Refund.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is this a domain account or a local system account? Try with a domain account with and without the "DOMAIN_NAME\" prefix in the user-name.