Proxy-Authorization header solves Proxy 407Β #1
Description
HTTP Proxy authentication was failing with a 407 error code. After an in-depth review, we discovered that the header sending was incorrect since the Proxy-Authorization key was missing. This pull request aims to solve this issue by configuring the appropriate header for HttpProxyRequest whenever credentials are provided. Note that the code supports both NTLM and Basic authentication methods. This code fixes our problem due to the correct authentication process from the headers set.
However, I personally cannot validate if this change is OK (also see quickfix-j#596) so it will probably take some time unless someone with more proxy experience can validate it for me. ;)
BTW, are you able to give me a hand with quickfix-j#596 ? Basically it is about testing QFJ against the current MINA 2.2 release.
Thanks and cheers
Chris
When MINA's HTTP proxy handler does the handshake, the proxy server can respond with "407 - Proxy Authentication Required" status code which will make MINA's handler to automatically switch and choose HTTP auth method based on the response (no-auth, ntlm, digest and basic) and populate headers. However, I assume this might not be the case for all HTTP proxy servers and some some of them might require you to know the auth method in advance and you must ensure that headers are already populated. Hence the fix is required.
I think quickfix-j#631 looks reasonable, but we don't have HTTP tests yet so we don't know if this works. Also one thing about PR - the auth method is chosen based on properties provided, but I have a feeling that HTTP auth method should be configured explicitly.
somethign like bellow shoudl help
diff --git a/quickfixj-core/src/main/java/quickfix/mina/ProtocolFactory.java b/quickfixj-core/src/main/java/quickfix/mina/ProtocolFactory.java
index 13b88f0eec..cb3f69be58 100644
--- a/quickfixj-core/src/main/java/quickfix/mina/ProtocolFactory.java
+++ b/quickfixj-core/src/main/java/quickfix/mina/ProtocolFactory.java
@@ -21,7 +21,11 @@
import java.net.InetSocketAddress;
import java.net.SocketAddress;
+import java.util.Base64;
+import java.util.Collections;
import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
import org.apache.mina.core.service.IoAcceptor;
@@ -150,17 +154,29 @@ private static ProxyRequest createHttpProxyRequest(InetSocketAddress address,
String proxyPassword,
String proxyDomain,
String proxyWorkstation) {
-
HttpProxyRequest req = new HttpProxyRequest(address); HashMap<String, String> props = new HashMap<>();
-
props.put(HttpProxyConstants.USER_PROPERTY, proxyUser); -
props.put(HttpProxyConstants.PWD_PROPERTY, proxyPassword);
-
Map<String, List<String>> headers = new HashMap<>(); -
boolean authenticationNTLM = false; -
if (proxyDomain != null && proxyWorkstation != null) { props.put(HttpProxyConstants.DOMAIN_PROPERTY, proxyDomain); props.put(HttpProxyConstants.WORKSTATION_PROPERTY, proxyWorkstation); -
authenticationNTLM = true; -
} -
if (proxyUser != null && proxyPassword != null) { -
props.put(HttpProxyConstants.USER_PROPERTY, proxyUser); -
props.put(HttpProxyConstants.PWD_PROPERTY, proxyPassword); -
String proxyCredentials = proxyUser + ":" + proxyPassword; -
String proxyCredentialsEncoded = Base64.getEncoder().encodeToString(proxyCredentials.getBytes()); -
String proxyAuthorization = (authenticationNTLM ? "NTLM " : "Basic ") + proxyCredentialsEncoded; -
headers.put("Proxy-Authorization", Collections.singletonList(proxyAuthorization)); }
-
HttpProxyRequest req = new HttpProxyRequest(address); req.setProperties(props); -
if (proxyVersion != null && proxyVersion.equalsIgnoreCase("1.1")) {
-
req.setHeaders(headers); -
if (proxyVersion != null && "1.1".equalsIgnoreCase(proxyVersion)) { req.setHttpVersion(HttpProxyConstants.HTTP_1_1); } else { req.setHttpVersion(HttpProxyConstants.HTTP_1_0);