我有一个在Tomcat 6中运行的Java webapp,它从远程URL加载RSS源。
I have a Java webapp, running in Tomcat 6, that loads RSS feeds from remote URLs.
我使用罗马为我处理RSS提要和不同的格式。连接部分如下所示:
I use Rome to handle the RSS feeds and different formats for me. The connection part looks like like that :
try{ feedSource = new URL(rssObject.getAsset()); }catch(MalformedURLException mue){ logger.error(...); throw mue; } try{ URLConnection connection = feedSource.openConnection(); feed = new SyndFeedInput().build(new XmlReader(connection)); }catch(Exception){handle...}代码工作正常,除了在这个新客户端,他们使用代理。
The code works fine, except at this new client, where they use a proxy.
为了使用代理,我设置了http.proxyHost和proxyPort系统属性:
In order to use the proxy, I set the http.proxyHost and proxyPort system properties :
System.setProperty("http.proxyHost", proxyHost); System.setProperty("http.proxyPort", proxyPort); System.setProperty("https.proxyHost", proxyHost); System.setProperty("https.proxyPort", proxyPort);HTTP GET是代理好的,但现在我收到HTTP 502错误(网关不好或类似的事情。
HTTP GET is made to the proxy alright, but now I get a HTTP 502 error (bad gateway or something similar).
分析与Wireshark的HTTP交换,我注意到代理需要身份验证。它发送HTTP 507. Java以某种方式尝试进行身份验证,但它使用了错误的用户名和密码。它似乎使用主机名作为用户名,对于我不知道的密码。
Analysing the HTTP exchange with Wireshark, I noticed that the proxy is requiring authentication. It sends a HTTP 507. Java is somehow trying to authenticate but it uses the wrong username and passwords. It seems to use the host name as the username, as for the password I don't know.
所以我试图实现Authenticator方法来指定用户名+密码:
So I tried to implement the Authenticator method of specifying a username+password :
Authenticator.setDefault(new Authenticator() { @Override protected PasswordAuthentication getPasswordAuthentication() { logger.info(MessageFormat.format("Generating PasswordAuthentitcation for proxy authentication, using username={0} and password={1}.", username, password)); return new PasswordAuthentication(username, password.toCharArray()); } });现在我的问题是它被忽略了。永远不会调用getPasswordAuthentication方法。我没有在日志文件中看到日志文件并使用Wireshark我可以看到它仍然使用主机名作为用户名。
Now my problem is that it is ignored. The getPasswordAuthentication method is never called. I don't see the logging statement in the log file and using Wireshark I can see that it still uses the host name as the user name.
为什么?似乎java在不咨询Authenticator的情况下试图自己进行身份验证。
Why ? It seems that java somehow tries to authenticate by itself without consulting the Authenticator.
代理似乎是使用NTLM进行身份验证的MS设备。 java中是否有一些内置机制来处理这个问题?应用程序运行的机器是Win Server 2008 R2。
The proxy seems to be a MS device that uses NTLM for authentication. Is there some built-in mechanism in java to handle this ? The machine on which the app runs is Win Server 2008 R2.
推荐答案我们在这里做了同样的事情来验证基于NTLM的代理。
We did the same here for authenticating on a NTLM based proxy.
代理上的身份验证实际上是正常的 HTTP基本身份验证。
The authentication on the proxy is actually a normal HTTP Basic Authentication.
我们使用以下方法:
protected URLConnection newURLConnection(URL pURL) throws IOException { URLConnection urlConnection = super.newURLConnection(pURL); String auth = new String(Base64.base64Encode(new String("username:password").getBytes())); auth = "Basic " + auth; urlConnection.setRequestProperty("Proxy-Connection","Keep-Alive"); urlConnection.setRequestProperty("Proxy-Authorization",auth); return urlConnection; }这与代理jvm设置一起完成了这个伎俩。
That, together with the proxy jvm settings, did the trick.
请参阅 en.wikipedia/wiki/ Basic_access_authentication 。
更多推荐
Java代理身份验证
发布评论