I have a java (1.8) web application using NTLM proxy authentication to call a webservice (https) behind a windows proxy. The proxy requires authentication.
With Tomcat 7.0.81 as a windows service my web applications works fine.
When I try to upgrade to Tomcat 9.0.73, the proxy authentication keeps failing with this error message:
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
I am wondering what is the difference between Tomcat 7 and Tomcat 9 when it comes to the proxy authentication using NTLM.
I ran the same application in Tomcat 7 and Tomcat 9 in the same windows machine and Tomcat 9 keeps failing with the error message :
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
Here is a part of the log from Tomcat 7 after enabling the proxy authentication logging:
Jun 7, 2023 3:16:15 PM sun.net.www.protocol.http.HttpURLConnection getHttpProxyAuthentication
FINER: Proxy Authentication for AuthenticationHeader: prefer NTLM returned sun.net.www.protocol.http.ntlm.NTLMAuthentication@21c70e
FINEST: KeepAlive stream used: https://example.com/Service
Jun 7, 2023 3:16:15 PM sun.net.www.protocol.http.HttpURLConnection doTunneling
FINE: sun.net.www.MessageHeader@6113702b1 HTTP/1.1 200 Connection established
For Tomcat 9 as a windows service the proxy authentication fails at the last step:
Jun 7, 2023 11:54:38 AM sun.net.www.protocol.http.HttpURLConnection getHttpProxyAuthentication
FINER: Proxy Authentication for AuthenticationHeader: prefer NTLM returned sun.net.www.protocol.http.ntlm.NTLMAuthentication@1a8c7f2d
Jun 7, 2023 11:54:38 AM sun.net.www.protocol.http.HttpURLConnection doTunneling
Jun 7, 2023 11:54:38 AM sun.net.www.protocol.http.HttpURLConnection$1 run
FINEST: Requesting Authentication: host =proxy.com url = https://example.com/Service
Jun 7, 2023 11:54:38 AM sun.net.www.protocol.http.HttpURLConnection$1 run
FINEST: Authentication returned: null
Jun 7, 2023 11:54:38 AM sun.net.www.protocol.http.HttpURLConnection getHttpProxyAuthentication
FINER: Proxy Authentication for AuthenticationHeader: prefer NTLM returned null
Jun 7, 2023 11:54:38 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for { https://example.com/Service has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Marshalling Error: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
I went through Tomcat 9 documentation but I could not find anything related to NTLM proxy authentication. I don't have access to the proxy or the proxy logs to see what credentials does Tomcat 9 sends to the proxy.
So everything is the same except Tomcat version: -same java web application -same version of Java (1.8.0_361) and same windows 10 machine so it must be something related to Tomcat 9. Any help is much appreciated