Last active
June 28, 2018 08:15
-
-
Save eeichinger/09c86a0b768a3a234aa1 to your computer and use it in GitHub Desktop.
Apache HttpClient 4.5.x Usage with NTLM Proxy Authentication, ignore SSL Certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@Test | |
public void fetch_something() throws Exception { | |
URI uri = UriBuilder.fromPath(path) | |
.resolveTemplates(ImmutableMap.<String, Object>builder() | |
.put("country", VALID_COUNTRY) | |
.put("language", VALID_LANGUAGE) | |
.build() | |
) | |
.build(); | |
Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create() | |
.register(AuthSchemes.NTLM, new NTLMSchemeFactory()) | |
// .register(AuthSchemes.BASIC, new BasicSchemeFactory()) | |
// .register(AuthSchemes.DIGEST, new DigestSchemeFactory()) | |
// .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory()) | |
// .register(AuthSchemes.KERBEROS, new KerberosSchemeFactory()) | |
.build(); | |
BasicCredentialsProvider credsProvider = new BasicCredentialsProvider(); | |
credsProvider.setCredentials(AuthScope.ANY, new NTCredentials("myuser", "mypassword", null, "domain")); | |
HttpClientBuilder b = HttpClientBuilder.create() | |
.useSystemProperties() | |
.setDefaultAuthSchemeRegistry(authSchemeRegistry) | |
.setDefaultCredentialsProvider(credsProvider); | |
// setup a Trust Strategy that allows all certificates. | |
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() { | |
@Override | |
public boolean isTrusted(java.security.cert.X509Certificate[] chain, String authType) throws java.security.cert.CertificateException { | |
return true; | |
} | |
}).build(); | |
b.setSSLContext(sslContext); | |
// don't check Hostnames, either. | |
// -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weaken | |
HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; | |
// here's the special part: | |
// -- need to create an SSL Socket Factory, to use our weakened "trust strategy"; | |
// -- and create a Registry, to register it. | |
// | |
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier); | |
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create() | |
.register("http", PlainConnectionSocketFactory.getSocketFactory()) | |
.register("https", sslSocketFactory) | |
.build(); | |
// now, we create connection-manager using our Registry. | |
// -- allows multi-threaded use | |
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager( socketFactoryRegistry); | |
b.setConnectionManager( connMgr); | |
CloseableHttpClient httpclient = b | |
.setProxy(new HttpHost("my-proxy.example.com", 3128)) | |
.setProxyAuthenticationStrategy(ProxyAuthenticationStrategy.INSTANCE) | |
.build(); | |
HttpGet httpGet = new HttpGet(uri); | |
httpGet.setConfig(RequestConfig.custom() | |
.setAuthenticationEnabled(true) | |
.setProxyPreferredAuthSchemes(Arrays.asList("NTLM")) | |
.build()); | |
httpGet.addHeader("X-Trace-Id", TRACE_ID); | |
CloseableHttpResponse response = httpclient.execute(httpGet); | |
String responseContent = EntityUtils.toString(response.getEntity()); | |
assertThat("response status code equals 200", response.getStatusLine().getStatusCode(), equalTo(200)); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment