Created attachment 35880 [details] Patch to provide proxy authentication to websocket client The attached patch provides proxy authentication support to the websocket client via the ClientEndpointConfig.
Created attachment 35887 [details] Change for proxy authentication with updated scheme selection algorithm This attachment supersedes all previous attachments
I've uploaded a 2nd patch file generated from git that supersedes the 1st patch file. This patch file contains the following changes: 1. The original algorithm used to choose the proxy authentication scheme always chose the first Proxy-Authenticate header returned on the 407 response. Of course the first proxy I tried this on supported NTLM. So "invalid authentication scheme" was logged and authorization failed. I changed the algorithm to choose the first Proxy-Authenticate header that contained a scheme supported by the websocket client, ie Digest or Basic. 2. The algorithm used to choose the WWW authenticate scheme had the same problem as the proxy authenticate scheme so the same change was applied there. 3. The variable arguments supplied to getString were not being appended to the base message. For instance, the exception messages for an unsupported auth scheme rendered as "wsWebSocketContainer.unsupportedProxyAuthScheme" rather than "wsWebSocketContainer.unsupportedProxyAuthScheme 407 NTLM". {n} tokens were added to first argument of getSTring to support the appropriate number of variable arguments.
Please provide a diff against trunk rather than a sequence of patch files. Please remove all the getString {n} changes from the proposed diff. Substitution is correctly handled by Tomcat's StringManager implementation. The patch is not using the StringManager correctly. New strings need to be defined in LocalStrings.properties Please add ALv2 headers (as per the Tomcat source files) to all new files. Please remove all @author tags. Please document the new properties in web-socket-howto.xml
Created attachment 35984 [details] Git diffs for proxy authentication support git diff of trunk w/proxy auth changes vs trunk
I've made the changes you outlined in your previous comments. The diff file also contains changes to do realm validation. Let me know if additional info is needed.
I've made the changes you outlined in your previous comments. The diff file is against the trunk as of 6/22/2018. It also contains changes to do realm validation. Let me know if additional info is needed.