JGit: HTTPS links over a proxy that requires authentication [message #1760610] |
Fri, 28 April 2017 19:53 |
Erika Redmark Messages: 22 Registered: January 2013 |
Junior Member |
|
|
I am trying to make an RCP application, that downloads data files for proper operation from our git repository, proxy-aware. Right now, I have basic proxy settings (host/port) for HTTP, HTTPS, and SSH working. The application can execute clones and updates/pulls and I am using CCProxy to test and confirm that they are indeed being routed through that successfully. This uses the standard http/https.proxyHost and http/https.proxyPort variables.
However, the problems come in when I configure CCProxy to require username/password authentication. Note that I have already tested with Firefox that the username/password are working and it goes through the proxy properly, so the proxy is properly set up.
As for JGit and the application itself, I have an authenticator set up as this answer shows: http://stackoverflow.com/questions/1626549/authenticated-http-proxy-with-java/16340273#16340273
Once I did that, http.proxyUser and http.proxyPassword got through the proxy for an http: link (sending the clone/update commands an http: based repo link).
CCProxy monitor showed the request being routed successfully through the proxy.
However, when I use a url with https, not just http, for the clone/update operations I need, suddenly it stops working. I confirmed that the method getPasswordAuthentication isn't even being called, period.
My question is
1) Is this supposed to happen? If not then I may have something funny going on in the way I am using JGit
2) Otherwise, where exactly would I tell JGit to use proxy username/password information when the repository URL is being requested over HTTPS? I know it picks up host and port already for the proxy, and I know it has no problems with HTTP, and I am under the understanding that it uses the java.net libraries anyway so I figure it is just delegating to them and whatever makes them work with proxies will make JGit work with proxies, but I am completely stumped here. I don't know why with an https: style repository url it is skipping the configuration for a username/password for the proxy.
|
|
|
|
|
|
Re: JGit: HTTPS links over a proxy that requires authentication [message #1816391 is a reply to message #1816302] |
Mon, 28 October 2019 23:10 |
Thomas Wolf Messages: 576 Registered: August 2016 |
Senior Member |
|
|
This is due to the JDK since version 8u111 forbidding tunneling HTTPS through an HTTP proxy requiring Basic (i.e., username/password) authentication. See bug 549832.
For EGit, we switched the default HTTP client from JDK to the Apache HTTP library because of this. (In EGit 5.6.0, i.e., currently available only in the EGit nightly builds. Release date for EGit 5.6.0 is 2019-12-18.)
For JGit, I would recommend using the (optional) org.eclipse.jgit.http.apache bundle and its connection factory. (Also, JGit 5.6.0, i.e., current nightly builds. Earlier versions wouldn't work with proxies requiring authentication.)
Alternatively, run your Java application with the following system property: -Djdk.http.auth.tunneling.disabledSchemes=""
[Updated on: Mon, 28 October 2019 23:15] Report message to a moderator
|
|
|
Powered by
FUDForum. Page generated in 0.03982 seconds