openning http connection behind proxy which requires authentication but does not return 407

Question

Our applet is behind Microsoft ISA Server which has integrated proxy authentication.Isa Proxy server returns http 405(NOT 407) for connections which has no authentication credentials on it.There for my java.net.Authenticator class does not get called. how can i authenticate my connections to the proxy server in this situation?

Applet is signed and compiled with java1.6. URLConnection class is used for the connections.

Answer 1

I can see two approaches to working around this problem and neither is really ideal. First, I'm guessing that you've verified that sending the request with the authorization information does not result in a 405 response code? If the answer is yes, you can try setting the Proxy-authorization header in the request as a header:

URL url = new URL("http://location");
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestProperty("Proxy-authorization", authorizationValue);

The format of that header will depend upon the authorization scheme that is required by the proxy server, so you'll have to do some research for your particular scenario.

The second approach involves subclassing an internal JDK class to spoof the response code to force the normal proxy authentication path. First, here is the subclass:

public class HttpURLConnection extends sun.net.www.protocol.http.HttpURLConnection {

    @Override
    public int getResponseCode() throws IOException {
        int code = super.getResponseCode();
        if (code == HTTP_BAD_METHOD) {
            code = HTTP_PROXY_AUTH;
            responseCode = code;
        }
        return code;
    }

}

Of course, this will mask any actual 405 responses so it could have unintended consequences. Telling the URL object to use this requires a subclass of java.net.URLStreamHandlerFactory:

public class URLStreamHandlerFactory extends java.net.URLStreamHandlerFactory {
    @Override
    URLStreamHandler createURLStreamHandler(String protocol) {
        if (!protocol.equals("http")) {
            return null;
        } else {
            return new java.net.URLStreamHandler {
                protected String proxy;
                protected int proxyPort;

                public Handler () {
                    proxy = null;
                    proxyPort = -1;
                }

                public Handler (String proxy, int port) {
                    this.proxy = proxy;
                    this.proxyPort = port;
                }

                @Override
                protected java.net.URLConnection openConnection(URL u) throws IOException {
                        return openConnection(u, (Proxy)null);
                }

                @Override
                protected java.net.URLConnection openConnection(URL u, Proxy p) throws IOException {
                        return new HttpURLConnection(u, p, this);
                }

                @Override
                protected int getDefaultPort() {
                    return 80;
                }

            }
        }
    }
}

Then you can use this object by calling URL.setURLStreamHandlerFactory(new URLStreamHandlerFactory()); somewhere in initialization code. I found this site and this site useful for looking at how the core Java classes work. If you need to support HTTPS then you will need to make similar changes for that protocol.

Hopefully one of these solutions could be useful for you. I'm not completely sure that the latter approach will work inside an Applet's security constraints. The former should though. It is also possible that this might be easier to do with a different HTTP library such as Apache HttpComponents if you are able to use it.