Created attachment 35880 [details] Patch to provide proxy authentication to websocket client The attached patch provides proxy authentication support to the websocket client via the ClientEndpointConfig.
Created attachment 35887 [details] Change for proxy authentication with updated scheme selection algorithm This attachment supersedes all previous attachments
I've uploaded a 2nd patch file generated from git that supersedes the 1st patch file. This patch file contains the following changes: 1. The original algorithm used to choose the proxy authentication scheme always chose the first Proxy-Authenticate header returned on the 407 response. Of course the first proxy I tried this on supported NTLM. So "invalid authentication scheme" was logged and authorization failed. I changed the algorithm to choose the first Proxy-Authenticate header that contained a scheme supported by the websocket client, ie Digest or Basic. 2. The algorithm used to choose the WWW authenticate scheme had the same problem as the proxy authenticate scheme so the same change was applied there. 3. The variable arguments supplied to getString were not being appended to the base message. For instance, the exception messages for an unsupported auth scheme rendered as "wsWebSocketContainer.unsupportedProxyAuthScheme" rather than "wsWebSocketContainer.unsupportedProxyAuthScheme 407 NTLM". {n} tokens were added to first argument of getSTring to support the appropriate number of variable arguments.
Please provide a diff against trunk rather than a sequence of patch files. Please remove all the getString {n} changes from the proposed diff. Substitution is correctly handled by Tomcat's StringManager implementation. The patch is not using the StringManager correctly. New strings need to be defined in LocalStrings.properties Please add ALv2 headers (as per the Tomcat source files) to all new files. Please remove all @author tags. Please document the new properties in web-socket-howto.xml
Created attachment 35984 [details] Git diffs for proxy authentication support git diff of trunk w/proxy auth changes vs trunk
I've made the changes you outlined in your previous comments. The diff file also contains changes to do realm validation. Let me know if additional info is needed.
I've made the changes you outlined in your previous comments. The diff file is against the trunk as of 6/22/2018. It also contains changes to do realm validation. Let me know if additional info is needed.
Is this available in any released version?
(In reply to radhika.jaju@veritas.com from comment #7) > Is this available in any released version? No.
We need the proxy basic authentication support for websocket connection as we are using the tomcat websocket client library. Any possibility of this getting it bundled with the 9.0.x version of Tomcat?
*** Bug 59758 has been marked as a duplicate of this bug. ***
I'm looking at this now.
Fixed in: - 10.1.x for 10.1.0-M18 onwards - 10.0.x for 10.0.24 onwards - 9.0.x for 9.0.66 onwards - 8.5.x for 8.5.83 onwards Many thanks to Joe Mokos for the original patch. While there was a lot of refactoring in the final set of commits, the underlying fix is exactly as proposed in the original patch.
Wow, Thanks so much for quick resolution..
It was only so quick due to the great work already done by Joe Mokos.
Thanks Joe Mokos and Mark Thomas. Really appreciate it.