Skip to content

ApacheHttpClient Proxy Authentication fails #5884

New issue
New issue
Open
#5975
Open
ApacheHttpClient Proxy Authentication fails#5884
#5975
Assignees
bhoradc
Labels
bugThis issue is a bug.p2This is a standard priority issue
@urfuchs

Description

@urfuchs
urfuchs
opened on Feb 17, 2025

Describe the bug

Proxy Authentification fails with Status 407 when Proxy requires preemptive authentication.

My code:

SdkHttpClient httpClient = ApacheHttpClient.builder()
    .proxyConfiguration(ProxyConfiguration.builder()
        .endpoint(URI.create("http://proxy.example.com"))
        .username("username")
        .password("password")
        .preemptiveBasicAuthenticationEnabled(true)
        .build())
    .build();

SnsClient snsClient = SnsClient.builder()
    .httpClient(httpClient)
    .credentialsProvider(credentials)
    .region(Region.EU_CENTRAL_1)
    .build();

A request sent by this client fails with 407 when the proxy requires preemptive authentication.
It works fine when the proxy does not.

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

A request passes the proxy.

Current Behavior

software.amazon.awssdk.services.sns.model.SnsException: null (Service: Sns, Status Code: 407, Request ID: null)
	at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handleErrorResponse(CombinedResponseHandler.java:125)
	at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handleResponse(CombinedResponseHandler.java:82)
	at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handle(CombinedResponseHandler.java:60)
	at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handle(CombinedResponseHandler.java:41)
	at software.amazon.awssdk.core.internal.http.pipeline.stages.HandleResponseStage.execute(HandleResponseStage.java:50)
	at software.amazon.awssdk.core.internal.http.pipeline.stages.HandleResponseStage.execute(HandleResponseStage.java:38)

Reproduction Steps

SdkHttpClient httpClient = ApacheHttpClient.builder()
    .proxyConfiguration(ProxyConfiguration.builder()
        .endpoint(URI.create("http://proxy.example.com"))
        .username("username")
        .password("password")
        .preemptiveBasicAuthenticationEnabled(true)
        .build())
    .build();

SnsClient snsClient = SnsClient.builder()
    .httpClient(httpClient)
    .credentialsProvider(credentials)
    .region(Region.EU_CENTRAL_1)
    .build();

PublishRequest request = PublishRequest.builder()
    .message("Greetings")
    .topicArn("arn:aws:sns:eu-central-1:account:topic")
    .build();

PublishResponse publishResult = snsClient.publish(request);

Possible Solution

I found a possible reason in software.amazon.awssdk.http.apache.internal.utils.ApacheUtils.

The method addPreemptiveAuthenticationProxy contains:

BasicScheme basicAuth = new BasicScheme();
authCache.put(targetHost, basicAuth);

I added a challenge and now it works:

BasicScheme basicAuth = new BasicScheme();
basicAuth.processChallenge(new BasicHeader(AUTH.PROXY_AUTH, "BASIC realm=default"));
authCache.put(targetHost, basicAuth);

Additional Information/Context

No response

AWS Java SDK version used

2.30.17

JDK version used

openjdk version "21.0.4" 2024-07-16 LTS

Operating System and version

Linux rodeoarch 6.12.4-arch1-1

Metadata

Metadata

Assignees

Labels

bugThis issue is a bug.p2This is a standard priority issue

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions