We have a java client application deployed in our client (a Java application, not an applet). This application checks the connection to url.openConnection () and calls web services (with CXF / JAX-WS) over the Internet.
Some of our client networks use proxies to access the outside world. The client-side application sets the proxy parameter in the properties of the java-system:
System.setProperty("proxySet", "true"); //Obsolete ? System.setProperty("http.keepAlive", "false"); System.setProperty("java.net.useSystemProxies", "false"); System.setProperty("https.proxyHost", httpsProxyHost); System.setProperty("https.proxyPort", httpsProxyPort); System.setProperty("https.proxyUser", httpsProxyUser); System.setProperty("https.proxyPassword", httpsProxyPassword); System.setProperty("http.proxyHost", httpProxyHost); System.setProperty("http.proxyPort", httpProxyPort); System.setProperty("http.proxyUser", httpProxyUser); System.setProperty("http.proxyPassword", httpProxyPassword); Authenticator.setDefault(new NtlmAuthenticator(httpsProxyUser, httpsProxyPassword));
NtlmAuthenticator Class:
public class NtlmAuthenticator extends Authenticator { private final String username; private final char[] password; public NtlmAuthenticator(final String username, final String password) { super(); this.username = username; this.password = password.toCharArray(); } public PasswordAuthentication getPasswordAuthentication() { return (new PasswordAuthentication (username, password)); }
}
We use Java 6 (the client-side application is JRE 1.6.0_39), and the application is deployed to Windows (XP / Seven). I read that the NTLM protocol is supported with 1.4.2 on the Windows platform. Thus, we conducted tests with the Trend proxy and were able to perform NTLM authentication (we see 3 packets with Wireshark NTLMSSP_NEGOCIATE (from the application) / NTLMSSP_CHALLENGE (from the proxy) / NTLMSSP_AUTH (from the application))
But with one of our clients using the Bluecoat proxy, NTLM authentication failed after NTLMSSP_CHALLENGE. With Wireshark, we see only the first 2 packets NTLMSSP_NEGOCIATE (from the application) and NTLMSSP_CHALLENGE (from the proxy), NTLMSSP_AUTH is never sent by our application. In the application, we catch a SocketException: the socket is closing
We are also trying to use jCIFS HttpUrlNltmHandler, but authentication also failed (same diagnosis).
I found this thread with a similar problem, but it does not give any hints. I also found this thread about NTLM session security
Any ideas?
Thanks.
Find a solution by setting http.keepalive to true: System.setProperty ("http.keepAlive", " true ");
But I do not know why, with a false value, it works with our Trend proxy server and does not work with our bluecoat proxy client