RFR: 8328894: HttpResponse.body() returns null with https target and failed proxy authentication

EunHyunsu duke at openjdk.org
Thu Nov 13 15:05:49 UTC 2025 

On Tue, 11 Nov 2025 11:31:22 GMT, EunHyunsu <duke at openjdk.org> wrote:

> ### Summary
>   This patch addresses the issue where `HttpResponse.body()` returns `null` for 407 responses when using HTTPS through a proxy, while HTTP requests correctly return the response body.
> 
>   ### Problem
>   When an HTTPS request receives a 407 Proxy Authentication Required response, the response body is discarded during CONNECT tunnel establishment. This is inconsistent with HTTP behavior where the body is properly returned.
> 
>   **Root cause:**
>   - HTTPS uses `MultiExchange<Void>` for CONNECT requests
>   - The body is explicitly ignored via `ignoreBody()` on 407 responses
>   - No mechanism exists to preserve the body for later retrieval
> 
>   ### Proposed Solution
>   I propose the following changes to preserve and return the 407 response body:
> 
>   1. **PlainTunnelingConnection.java**: Change `MultiExchange<Void>` to `MultiExchange<byte[]>` and read the body on 407 responses instead of ignoring it
> 
>   2. **ProxyAuthenticationRequired.java**: Add `proxyResponseBody` field to carry the body bytes through the exception
> 
>   3. **Exchange.java**: Cache both the proxy response and body, then return them when the application calls `body()`
> 
>   ### Testing
>   Added comprehensive test (`ProxyAuthHttpTest.java`) covering:
>   - Basic HTTP and HTTPS 407 responses
>   - Multiple `BodyHandler` types: `ofString()`, `ofByteArray()`, `ofInputStream()`, `ofLines()`
>   - Response headers validation
> 
>   **Test results**: 38/38 passed
> 
>   ### Notes
>   - This change only affects 407 responses; all other flows remain unchanged
>   - The cached body is cleared after first use to prevent reuse
>   - No changes to public APIs; internal implementation only
> 
>   I'd appreciate any feedback on this approach. If there's a better way to handle this, I'm happy to revise.

Gentle ping — just checking if anyone could take a look when time permits.
Thank you!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28232#issuecomment-3528218442

More information about the net-dev mailing list