6370908: Add support for HTTP_CONNECT proxy in Socket class
Max (Weijun) Wang
Weijun.Wang at Sun.COM
Thu Mar 4 04:06:12 PST 2010
Haven't read the full thread, just 2 cents on this specific paragraph.
On Mar 4, 2010, at 7:29 PM, Damjan Jovanovic wrote:
> Hi Chris
>
> ...
> * pidgin (www.pidgin.im), an instant messaging app, has very good
> proxy support including NTLM authentication for HTTP proxies. It only
> uses a single socket and requires the proxy to use a persistent
> connection. proxytunnel (proxytunnel.sourceforge.net) does the same.
>
> I like pidgin's solution the best, and since it even works with NTLM,
> the other authentication types should be easy. Most HTTP 1.1 proxies
> should support persistent connections - after all, that feature
> benefits proxies the most. So we should be able to get away with one
> socket in most cases, maybe even for all commonly used HTTP proxies.
> I'll try to do some tests this weekend.
I remember somewhere in the HTTP RFC says that the client must close the connection when the initial 401/407 response is received. Hence, my understanding of web auth inside proxy auth should look like this:
. Connect proxy, see 407
. Disconnect/reconnect to proxy, authenticate to proxy, succeed
. Proxy connect to web server, see 401
. Tell proxy to disconnect/reconnect web server, authenticate to web server, see 200
This way an NTLM/web inside NTLM/proxy can be implemented, even if MS has explicitly said this is not supported.
--Max
More information about the net-dev
mailing list