RFR: 8357554: HttpResponse.body() returns null with https target and failed proxy authentication

EunHyunsu duke at openjdk.org
Tue Nov 11 11:39:03 UTC 2025 

### Summary
  This patch addresses the issue where `HttpResponse.body()` returns `null` for 407 responses when using HTTPS through a proxy, while HTTP requests correctly return the response body.

  ### Problem
  When an HTTPS request receives a 407 Proxy Authentication Required response, the response body is discarded during CONNECT tunnel establishment. This is inconsistent with HTTP behavior where the body is properly returned.

  **Root cause:**
  - HTTPS uses `MultiExchange<Void>` for CONNECT requests
  - The body is explicitly ignored via `ignoreBody()` on 407 responses
  - No mechanism exists to preserve the body for later retrieval

  ### Proposed Solution
  I propose the following changes to preserve and return the 407 response body:

  1. **PlainTunnelingConnection.java**: Change `MultiExchange<Void>` to `MultiExchange<byte[]>` and read the body on 407 responses instead of ignoring it

  2. **ProxyAuthenticationRequired.java**: Add `proxyResponseBody` field to carry the body bytes through the exception

  3. **Exchange.java**: Cache both the proxy response and body, then return them when the application calls `body()`

  ### Testing
  Added comprehensive test (`ProxyAuthHttpTest.java`) covering:
  - Basic HTTP and HTTPS 407 responses
  - Multiple `BodyHandler` types: `ofString()`, `ofByteArray()`, `ofInputStream()`, `ofLines()`
  - Response headers validation

  **Test results**: 38/38 passed

  ### Notes
  - This change only affects 407 responses; all other flows remain unchanged
  - The cached body is cleared after first use to prevent reuse
  - No changes to public APIs; internal implementation only

  I'd appreciate any feedback on this approach. If there's a better way to handle this, I'm happy to revise.

-------------

Commit messages:
 - 8328894: Add test for 407 response body with various handlers
 - 8328894: Cache and return 407 response body to application
 - 8328894: Add proxyResponseBody field to preserve 407 body
 - 8328894: Read 407 response body in HTTPS CONNECT tunneling

Changes: https://git.openjdk.org/jdk/pull/28232/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28232&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8357554
  Stats: 372 lines in 4 files changed: 301 ins; 8 del; 63 mod
  Patch: https://git.openjdk.org/jdk/pull/28232.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28232/head:pull/28232

PR: https://git.openjdk.org/jdk/pull/28232

More information about the net-dev mailing list