HttpURLConnection, Proxies and Authentication

[Roger]

Hi,

I wrote a small program that establishes an HttpURLConnection to
extract data from a web site. When I came to test it at a customer
site - a Windows site, I discovered that a) I was sitting behind a
proxy server and b) that the proxy server required NTLM
authentication. A bit of googling gave me the answer to both problems
and everything is working fine.

However, this now begs two questions. Firstly is it possible to
programatically determine if my program is running through a proxy
server or is this a matter for a config file. Secondly, having
established the answer to the first question is it possible to
programatically determine the authentication mechanism being used by
the proxy server, particularly given that NTLM is windows specific or
again, is this best achieved through a config file?

Regards
Roger

 

[Thomas Weidenfeller]

However, this now begs two questions. Firstly is it possible to
programatically determine if my program is running through a proxy
server or is this a matter for a config file.

I think you want to ask something different. But first to your
questions: If your program is already running through a proxy, someone
must have configured the program's proxy settings correctly, otherwise
it wouldn't run. So, because the program is configured to run with a
proxy, this is trivial knowledge. You could e.g. check the particular
system properties in Java.

But I guess you would like to know if a program can figure out if it is
supposed to use a proxy and what the necessary settings are.
Unfortunately, there is no portable way in Java to do this. This is an
application specific configuration. If you are on windows, you could use
JNI and do what other Windows programs do, too: They snoop the IE
configuration data and take the same data, assuming someone correctly
configured IE.

I am sure there are also a few libraries out there providing such an
implementation.

Secondly, having
established the answer to the first question is it possible to
programatically determine the authentication mechanism being used by
the proxy server,

The 407 response should contain information about the authentication
scheme in a HTTP header. I have no idea if your particular Windows proxy
provides this.

I highly suggest you spend some time reading the HTTP 1.0 and 1.1 RFCs
to learn the details. And get some network sniffer. Such a tool comes
very handy if you need to find the difference between theory and real
implementation.

/Thomas

 

[Chris Smith]

However, this now begs two questions. Firstly is it possible to
programatically determine if my program is running through a proxy
server or is this a matter for a config file. Secondly, having
established the answer to the first question is it possible to
programatically determine the authentication mechanism being used by
the proxy server, particularly given that NTLM is windows specific or
again, is this best achieved through a config file?

There are two standards out there, called WPAD and PAC, which can be
combined to discover the correct proxy settings on large networks if the
network administrator has set things up correctly. Otherwise, you'll
have to rely on the user knowing their proxy config. If there is no
WPAD or PAC on the network, that means that the user must have manually
configured their proxy settings for IE and such, too, so you can ask
them to look there.

It does make sense, by the way, to support PAC but not WPAD... however,
WPAD implies PAC so that the other direction doesn't work. Implementing
PAC requires an embedded JavaScript interpreter such as
http://www.mozilla.org/rhino/.

--
www.designacourse.com
The Easiest Way to Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation

 

[Daniel Hagen]

However, this now begs two questions. Firstly is it possible to
programatically determine if my program is running through a proxy
server or is this a matter for a config file. Secondly, having

For windows there are system properties you can query (http.proxyHost,
http.proxyPort, proxySet if my memory is correct).
From my experience though, these are unreliable since they don't
include the "do not use proxy server for this addresses..." - list.

Regards

Daniel