Java URLConnection NTLM代理身份验证 - linux

Question

I'm trying to connect to an url by proxy with NTLM authentication.

    proxy = new Proxy( Proxy.Type.HTTP, new InetSocketAddress( host, 80 ) );
    Authenticator.setDefault(new Authenticator() {
        @Override
        protected PasswordAuthentication getPasswordAuthentication() {
            logger.info("Getting password authentication...");
            return new PasswordAuthentication(
                    "DOMAIN\\user",
                    "password".toCharArray() ) ;
        }
    });
    connection = (HttpURLConnection) url.openConnection( proxy );
    String credentials = username + ":" + password;
    String basicAuth = "Basic " + Base64.encode( credentials.getBytes() );
    connection.setRequestProperty( "Authorization", basicAuth );
    connection.setRequestMethod( "GET" );

    //username/password above != user/pass below
    String proxyAuth = Base64.encode( ("user:pass").getBytes() );
    proxyAuth = "Basic " + proxyAuth;
    connection.setRequestProperty( "Proxy-Connection", "Keep-Alive" );
    connection.setRequestProperty( "Proxy-Authorization", proxyAuth );

    connection.connect();

Everyting works fine on Windows, but its because of:

JDK-Based NTLM Authentication

When Sun released the 1.4.2 version of the JDK, they slipped in support for native NTLM authentication on Windows.

But on configuration:

Red Hat Enterprise Linux Server release 6.8

java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9.x86_64

or

java-1.8.0_162 oracle

Im getting this error:

java.lang.NullPointerException
    at com.sun.security.ntlm.Client.type3(Client.java:161)
    at sun.net.www.protocol.http.ntlm.NTLMAuthentication.buildType3Msg(NTLMAuthentication.java:250)
    at sun.net.www.protocol.http.ntlm.NTLMAuthentication.setHeaders(NTLMAuthentication.java:225)
    at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:2114)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)

Found this bug described: JDK-8151788 where clearly says:

Resolved In Build: b128

Am I missing something very simple about that? Is there any way I can deal with that problem by HttpURLConnection or should I find something else? Any suggestions are appreciated!

@Edit

I added logging to getPasswordAuthentication() and it seems like its never inside. It led me to this topic and actually NullPointerException is no longer there. Now I'm getting:

java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 authenticationrequired"

Answer 1

The build b128 is a Java 9 build, and unluckily it seems it was not ported on Java 8 (I can't find any NTLM bug in any of the Java 8 bug fixes list such as http://www.oracle.com/technetwork/java/javase/2col/8u161-bugfixes-4021380.html ) Maybe could you try running your app with an old openjdk's ntlm implementation that is working well. I have one with me but I'm not sure how to send you this jar file.

Answer 2

I found little workaround for my problem.

StringBuilder commandBuilder = new StringBuilder();
    commandBuilder.append( "curl -s " )
            .append( "--proxy $PXHOST:$PXPORT " )
            .append( "--proxy-user $PXUSER:$PXPASS " )
            .append( "--user $SNUSER:$SNPASS " )
            .append( "--url \"" ).append( requestURL ).append( "\" " )
            .append( "--request GET " )
            .append( "--header \"Accept:application/json\" " )
            .append( "--header \"Content-Type:application/json\"" );
ProcessBuilder processBuilder = new ProcessBuilder( "/bin/bash", 
            "-c", commandBuilder.toString() );

I don't find this solution any good, but its enough for me at this moment.