Fix for proxy server basic authentication with Java 1.8 #8
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
It works the way it was designed to work:
The application calls ProxyServer.getInstance(...) to instantiate the singleton ProxyServer with the supplied parameters
Subsequent calls to any of the getInstance methods return the singleton instance.
A call to getInstance(), with no parameters, always returns the singleton, or if the ProxyServer hasn't been instantiated, null.
CTP has used it this way from the beginning.
JP
From: markendr
Sent: Monday, July 19, 2021 9:17 PM
To: johnperry/Util
Cc: Subscribed
Subject: [johnperry/Util] Fix for proxy server basic authentication with Java 1.8 (#8)
Hi,
Basic authentication with a proxy server is not working with Java 1.8. This fix adds a default authenticator that uses the http.proxyUser/Password system properties for proxy authorization.
The ProxyServer.getInstance() call also seems to be redundant in HttpUtil.java, line 88, commit 4ece33c (always returns null). Not sure if it behaves differently on Java <1.8, so I have not changed it..
…--------------------------------------------------------------------------------
You can view, comment on, or merge this pull request online at:
#8
Commit Summary
a.. Fix for proxy server basic authentication with Java 1.8
File Changes
a.. M source/java/org/rsna/util/HttpUtil.java (32)
Patch Links:
a.. https://github.com/johnperry/Util/pull/8.patch
b.. https://github.com/johnperry/Util/pull/8.diff
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
Thanks for your reply I have set the ProxyServer settings in config.xml (host, port, user, password) and it is working okay if auth required is off in the proxy server (squid-4 for my testing), but fails with auth required on. The getInstance call is always returning null in HttpUtil. If I hard code the getInstance call with my proxy host, port, user, password, the code at line 90 to add the Proxy-Authorization header is called but I do not see the header on the request arriving at squid. With the default authenticator code in my PR, the header is added under the covers somewhere. I was assuming Java 1.8 is ignoring/overriding that header, but perhaps I am doing something wrong .. ? Thanks again, Mark |
|
Hi, I have now tried this on Java 1.7, and see the same problem. The current code is not adding the Proxy-Authorization header to the proxy server request. With the PR applied, proxy authentication works for both Java 1.7 and 1.8, with the Proxy-Authorization header appearing in the request to the proxy server as expected. Our clinical sites require proxy server authentication for internet access, so it would be great if we could work out the best approach. Is it better raising it here or on the google user group? |
|
I usually encourage people to use the Google group for all questions on CTP and TFS.
I'm a bit confused because it looks like the code is doing what it should:
When CTP starts, it instantiates the singleton Configuration object (org.rsna.ctp.Configuration). The Configuration object parses the config.xml file, and when it encounters the Server element, it instantiates the singleton ProxyServer object, passing it the Server element:
//Set the proxy parameters
ProxyServer proxy = ProxyServer.getInstance(serverElement);
proxy.setSystemParameters();
The ProxyServer object gets the Server element's ProxyServer child element and obtains the ip, port, username, and password from it. It doesn't do anything with them other than store them in its instance variables. If there is no ProxyServer child element, the ProxyServer is instantiated with instance variables that are all empty strings.
The setSystemParameters method puts the instance variables into the system properties for HTTP, HTTPS, and FTP.
When CTP or any of its pipeline stages or plugins makes an HTTP(S) connection, it calls one of the static HttpUtil.getHttpURLConnection methods in org.rsna.util.HttpUtil. The code that ends up doing the work is:
public static HttpURLConnection getConnection(URL url) throws Exception {
String protocol = url.getProtocol().toLowerCase();
if (!protocol.startsWith("https") && !protocol.startsWith("http")) {
throw new Exception("Unsupported protocol ("+protocol+")");
}
HttpURLConnection conn;
if (protocol.startsWith("https")) {
HttpsURLConnection httpsConn = (HttpsURLConnection)url.openConnection();
httpsConn.setHostnameVerifier(new AcceptAllHostnameVerifier());
httpsConn.setUseCaches(false);
httpsConn.setDefaultUseCaches(false);
//Set the socket factory
TrustManager[] trustAllCerts = new TrustManager[] { new AcceptAllX509TrustManager() };
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
httpsConn.setSSLSocketFactory(sc.getSocketFactory());
conn = httpsConn;
}
else conn = (HttpURLConnection)url.openConnection();
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Type", "application/x-mirc");
//If the proxy is enabled and proxy authentication
//credentials are available, set them in the request.
ProxyServer proxy = ProxyServer.getInstance();
if ((proxy != null) && proxy.authenticate()) {
conn.setRequestProperty(
"Proxy-Authorization",
"Basic "+proxy.getEncodedCredentials());
}
String userinfo = url.getUserInfo();
if (userinfo != null) {
String[] creds = userinfo.split(":");
if (creds.length == 2) {
conn.setRequestProperty(
"Authorization",
"Basic "+Base64.encodeToString((creds[0].trim() + ":" + creds[1].trim()).getBytes()));
}
}
//and return the connection.
return conn;
}
The code in red gets the ProxyServer instance. If the instance is not null, it checks to see if proxy authorization is required, and if so, it adds the header to the Connection object. The ProxyServer's authenticate method returns true only if all four instance variables are not empty strings.
You said that the Proxy-Authorization header is not being set. I can think of only a couple reasons why that could be happening. One would be that there is no ProxyServer child element in config.xml. Another would be if any of the four ProxyServer instance variables are empty strings. A third would be that somewhere in the code, I might be making a connection without using HttpUtil.getHttpURLConnection to create it. That would be troubling. Can you tell me what is going on when the program fails to include the Proxy-Authorization header?
I suppose a fourth possibility would be that I'm not constructing the Proxy-Authorization header correctly, but you say that the header is missing, so I'm guessing that's not it.
I'd like to see your config.xml file, or even better, your CTP/logs/ctp.log file. You should probably send it directly to my email address, ***@***.***
JP
From: markendr
Sent: Monday, August 09, 2021 4:18 AM
To: johnperry/Util
Cc: John Perry ; Comment
Subject: Re: [johnperry/Util] Fix for proxy server basic authentication with Java 1.8 (#8)
Hi,
I have now tried this on Java 1.7, and see the same problem. The current code is not adding the Proxy-Authorization header to the proxy server request. With the PR applied, proxyauthentication works for both Java 1.7 and 1.8, with the Proxy-Authorization header appearing in the request to the proxy server as expected.
Our clinical sites require proxy server authentication for internet access, so it would be great if we could work out the best approach.
Is it better raising it here or on the google user group?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
|
|
I think I see what might be wrong.
I thought all I had to do was provide the header. I found a reference that says an Authenticator is also required.
I'll try to make a new release in a day or two.
JP
From: markendr
Sent: Monday, August 09, 2021 4:18 AM
To: johnperry/Util
Cc: John Perry ; Comment
Subject: Re: [johnperry/Util] Fix for proxy server basic authentication with Java 1.8 (#8)
Hi,
I have now tried this on Java 1.7, and see the same problem. The current code is not adding the Proxy-Authorization header to the proxy server request. With the PR applied, proxy authentication works for both Java 1.7 and 1.8, with the Proxy-Authorization header appearing in the request to the proxy server as expected.
Our clinical sites require proxy server authentication for internet access, so it would be great if we could work out the best approach.
Is it better raising it here or on the google user group?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
|
|
I put a new CTP-installer on the RSNA site at http://mirc.rsna.org/download/CTP-installer.jar.
Please try it and let me know if it solves the problem.
I haven't committed the changes yet.
JP
From: markendr
Sent: Monday, August 09, 2021 4:18 AM
To: johnperry/Util
Cc: John Perry ; Comment
Subject: Re: [johnperry/Util] Fix for proxy server basic authentication with Java 1.8 (#8)
Hi,
I have now tried this on Java 1.7, and see the same problem. The current code is not adding the Proxy-Authorization header to the proxy server request. With the PR applied, proxy authentication works for both Java 1.7 and 1.8, with the Proxy-Authorization header appearing in the request to the proxy server as expected.
Our clinical sites require proxy server authentication for internet access, so it would be great if we could work out the best approach.
Is it better raising it here or on the google user group?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
|
|
I just tried new installer thanks, but still having the same problem. I have emailed my config.xml and ctp.log to the email listed on your github page.. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
Basic authentication with a proxy server is not working with Java 1.8. This fix adds a default authenticator that uses the http.proxyUser/Password system properties for proxy authorization.
The ProxyServer.getInstance() call also seems to be redundant in HttpUtil.java, line 88, commit 4ece33c (always returns null). Not sure if it behaves differently on Java <1.8, so I have not changed it..