Authenticated HTTP proxy with Java
How can I configure the username and password to authenticate a http proxy server using Java?
I just 开发者_StackOverflow中文版found the following configuration parameters:
http.proxyHost=<proxyAddress>
http.proxyPort=<proxyPort>
https.proxyHost=<proxyAddress>
https.proxyPort=<proxyPort>
But, my proxy server requires authentication. How can I configure my app to use the proxy server?
(EDIT: As pointed out by the OP, the using a java.net.Authenticator is required too. I'm updating my answer accordingly for the sake of correctness.)
(EDIT#2: As pointed out in another answer, in JDK 8 it's required to remove basic auth scheme from jdk.http.auth.tunneling.disabledSchemes property)
For authentication, use java.net.Authenticator to set proxy's configuration and set the system properties http.proxyUser and http.proxyPassword.
final String authUser = "user";
final String authPassword = "password";
Authenticator.setDefault(
new Authenticator() {
@Override
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(authUser, authPassword.toCharArray());
}
}
);
System.setProperty("http.proxyUser", authUser);
System.setProperty("http.proxyPassword", authPassword);
System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");
You're almost there, you just have to append:
-Dhttp.proxyUser=someUserName
-Dhttp.proxyPassword=somePassword
http://rolandtapken.de/blog/2012-04/java-process-httpproxyuser-and-httpproxypassword says:
Other suggest to use a custom default Authenticator. But that's dangerous because this would send your password to anybody who asks.
This is relevant if some http/https requests don't go through the proxy (which is quite possible depending on configuration). In that case, you would send your credentials directly to some http server, not to your proxy.
He suggests the following fix.
// Java ignores http.proxyUser. Here come's the workaround.
Authenticator.setDefault(new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
if (getRequestorType() == RequestorType.PROXY) {
String prot = getRequestingProtocol().toLowerCase();
String host = System.getProperty(prot + ".proxyHost", "");
String port = System.getProperty(prot + ".proxyPort", "80");
String user = System.getProperty(prot + ".proxyUser", "");
String password = System.getProperty(prot + ".proxyPassword", "");
if (getRequestingHost().equalsIgnoreCase(host)) {
if (Integer.parseInt(port) == getRequestingPort()) {
// Seems to be OK.
return new PasswordAuthentication(user, password.toCharArray());
}
}
}
return null;
}
});
I haven't tried it yet, but it looks good to me.
I modified the original version slightly to use equalsIgnoreCase() instead of equals(host.toLowerCase()) because of this: http://mattryall.net/blog/2009/02/the-infamous-turkish-locale-bug and I added "80" as the default value for port to avoid NumberFormatException in Integer.parseInt(port).
Most of the answer is in existing replies, but for me not quite. This is what works for me with java.net.HttpURLConnection (I have tested all the cases with JDK 7 and JDK 8). Note that you do not have to use the Authenticator class.
Case 1 : Proxy without user authentication, access HTTP resources
-Dhttp.proxyHost=myproxy -Dhttp.proxyPort=myport
Case 2 : Proxy with user authentication, access HTTP resources
-Dhttp.proxyHost=myproxy -Dhttp.proxyPort=myport -Dhttps.proxyUser=myuser -Dhttps.proxyPassword=mypass
Case 3 : Proxy without user authentication, access HTTPS resources (SSL)
-Dhttps.proxyHost=myproxy -Dhttps.proxyPort=myport
Case 4 : Proxy with user authentication, access HTTPS resources (SSL)
-Dhttps.proxyHost=myproxy -Dhttps.proxyPort=myport -Dhttps.proxyUser=myuser -Dhttps.proxyPassword=mypass
Case 5 : Proxy without user authentication, access both HTTP and HTTPS resources (SSL)
-Dhttp.proxyHost=myproxy -Dhttp.proxyPort=myport -Dhttps.proxyHost=myproxy -Dhttps.proxyPort=myport
Case 6 : Proxy with user authentication, access both HTTP and HTTPS resources (SSL)
-Dhttp.proxyHost=myproxy -Dhttp.proxyPort=myport -Dhttp.proxyUser=myuser -Dhttp.proxyPassword=mypass -Dhttps.proxyHost=myproxy -Dhttps.proxyPort=myport -Dhttps.proxyUser=myuser -Dhttps.proxyPassword=mypass
You can set the properties in the with System.setProperty("key", "value) too.
To access HTTPS resource you may have to trust the resource by downloading the server certificate and saving it in a trust store and then using that trust store. ie
System.setProperty("javax.net.ssl.trustStore", "c:/temp/cert-factory/my-cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
For Java 1.8 and higher you must set
-Djdk.http.auth.tunneling.disabledSchemes=
to make proxies with Basic Authorization working with https along with Authenticator as mentioned in accepted answer
But, setting only that parameters, the authentication don't works.
Are necessary to add to that code the following:
final String authUser = "myuser";
final String authPassword = "secret";
System.setProperty("http.proxyHost", "hostAddress");
System.setProperty("http.proxyPort", "portNumber");
System.setProperty("http.proxyUser", authUser);
System.setProperty("http.proxyPassword", authPassword);
Authenticator.setDefault(
new Authenticator() {
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(authUser, authPassword.toCharArray());
}
}
);
Try this runner I wrote. It could be helpful.
import java.io.InputStream;
import java.lang.reflect.Method;
import java.net.Authenticator;
import java.net.PasswordAuthentication;
import java.net.URL;
import java.net.URLConnection;
import java.util.Scanner;
public class ProxyAuthHelper {
public static void main(String[] args) throws Exception {
String tmp = System.getProperty("http.proxyUser", System.getProperty("https.proxyUser"));
if (tmp == null) {
System.out.println("Proxy username: ");
tmp = new Scanner(System.in).nextLine();
}
final String userName = tmp;
tmp = System.getProperty("http.proxyPassword", System.getProperty("https.proxyPassword"));
if (tmp == null) {
System.out.println("Proxy password: ");
tmp = new Scanner(System.in).nextLine();
}
final char[] password = tmp.toCharArray();
Authenticator.setDefault(new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
System.out.println("\n--------------\nProxy auth: " + userName);
return new PasswordAuthentication (userName, password);
}
});
Class<?> clazz = Class.forName(args[0]);
Method method = clazz.getMethod("main", String[].class);
String[] newArgs = new String[args.length - 1];
System.arraycopy(args, 1, newArgs, 0, newArgs.length);
method.invoke(null, new Object[]{newArgs});
}
}
Since no one has mentioned this and I have seen a few examples where Authenticator.setDefault, this can cause unintentionally leaking of your username and password. Here is another way of doing this, I think this is much cleaner.
import java.net.*;
import java.util.Base64;
class JavaFileUtil {
private String hostname = "hostname";
private int port = 8000;
private String username = "username";
private String password = "password";
private Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(hostname, port));
private String authHeader = new String(Base64.getEncoder().encode(new String(username + ":" + password).getBytes()));
public void download(URL url) {
HttpURLConnection newConnection = null;
try {
newConnection = (HttpURLConnection) url.openConnection(proxy);
newConnection.setRequestProperty("Proxy-Authorization", "Basic " + authHeader);
//The rest of your code here
} catch (Exception e) {
//log some error or handle it
} finally {
//Make sure you close the connection
if (newConnection != null) newConnection.disconnect();
}
}
}
加载中,请稍侯......
精彩评论