22

Some of our customers cannot run our Java Web Start client anymore since Java 8 Update 111. They get:

java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required

Looks like it has to do with this change:

Now, proxies requiring Basic authentication when setting up a tunnel for HTTPS will no longer succeed by default. If required, this authentication scheme can be reactivated by removing Basic from the jdk.http.auth.tunneling.disabledSchemes networking property, or by setting a system property of the same name to "" ( empty ) on the command line.

Is there any way if customers are not willing to change their proxy authentication method?

Note: Adding <property name="jdk.http.auth.tunneling.disabledSchemes" value=""/> to <resources> of the JNLP has no effect. This is because only a few properties are supported this way (there is a list near the bottom of this page). "jdk.http.auth.tunneling.disabledSchemes" is not among them.

Improve this question
2
  • Were you able to verify, that property is generall working? This SO answer may help: stackoverflow.com/a/4036534/867816 Commented Jan 23, 2017 at 12:44
  • No, it's the first time I am trying to use a property tag. However java-vm-args does not seem to apply here, as there are only a few arguments supported this was. Here is a list: docs.oracle.com/javase/8/docs/technotes/guides/javaws/… However, now I see there is also such a list for the property tag. Hm. So there is no possible way to enable basic auth proxy tunneling in Java Web Start? Commented Jan 23, 2017 at 13:00

5 Answers 5

Reset to default
22

I found out that there is one way, but not in the hands of the developer: The user can add 

-Djdk.http.auth.tunneling.disabledSchemes=""

for Java 8 in Java Control Panel → Java → View... → Runtime Parameters

for Java 9 in Java Control Panel → Desktop Settings → Runtime Parameters

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

9

If you require to do this at runtime you can set the value of the jdk.http.auth.proxying.disabledSchemes property by adding

System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");

to the main method of your application.

Improve this answer

3 Comments

Are you sure you can change such security settings at runtime? I mean: Did you check if this has an effect?
Yes you can. I've just been struggeling with that problem a few days ago and found this thread which solved the problem I had. I closed up setting the property in the main method which works fine for me.
sounds like a security bug
9

Beside the answer of mbee one can also configure this in the net.properties file of the jre:

C:\Program Files (x86)\Java\jre1.8.0_131\lib\net.properties

Currently last line 100 need to be commented out:

Before:

 #jdk.http.auth.proxying.disabledSchemes=
 jdk.http.auth.tunneling.disabledSchemes=Basic

After:

 #jdk.http.auth.proxying.disabledSchemes=
 #jdk.http.auth.tunneling.disabledSchemes=Basic

Note that both answers need to be repeated after a Java Update, although the Java Auto Update is deactivated with Basic Internet Proxy Authentication.

Improve this answer

Comments

1

I had this issue too while trying to access an external SOAP Webservice trough a Proxy-Server using BASIC-Authentification for an application running on Apache Tomcat.

Setting the property programmatically (System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");) during application initialization did not work. It had to be set as VM-Argument or (not very nice way of course :)) in [JRE_HOME]\lib\net.properties.

Improve this answer

1 Comment

Setting such a property programmatically DOES work, but you have to be sure that the initialization is done before the first network connection is made. Some libraries do network connections during initialization, e.g. you logging framework could set up logging via UDP, or a library could "helpfully" check for updates, or something like that.
0

I enabled the below feature in net.properties and it worked without any other changes:

java.net.useSystemProxies=true (this was false earlier)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.