RFR: 8328894: HttpResponse.body() returns null with https target and failed proxy authentication [v2]

EunHyunsu duke at openjdk.org
Sun Jan 18 15:43:26 UTC 2026 

On Sat, 6 Dec 2025 12:49:34 GMT, EunHyunsu <duke at openjdk.org> wrote:

>> ### Summary
>>   This patch addresses the issue where `HttpResponse.body()` returns `null` for 407 responses when using HTTPS through a proxy, while HTTP requests correctly return the response body.
>> 
>>   ### Problem
>>   When an HTTPS request receives a 407 Proxy Authentication Required response, the response body is discarded during CONNECT tunnel establishment. This is inconsistent with HTTP behavior where the body is properly returned.
>> 
>>   **Root cause:**
>>   - HTTPS uses `MultiExchange<Void>` for CONNECT requests
>>   - The body is explicitly ignored via `ignoreBody()` on 407 responses
>>   - No mechanism exists to preserve the body for later retrieval
>> 
>>   ### Proposed Solution
>>   I propose the following changes to preserve and return the 407 response body:
>> 
>>   1. **PlainTunnelingConnection.java**: Change `MultiExchange<Void>` to `MultiExchange<byte[]>` and read the body on 407 responses instead of ignoring it
>> 
>>   2. **ProxyAuthenticationRequired.java**: Add `proxyResponseBody` field to carry the body bytes through the exception
>> 
>>   3. **Exchange.java**: Cache both the proxy response and body, then return them when the application calls `body()`
>> 
>>   ### Testing
>>   Added comprehensive test (`ProxyAuthHttpTest.java`) covering:
>>   - Basic HTTP and HTTPS 407 responses
>>   - Multiple `BodyHandler` types: `ofString()`, `ofByteArray()`, `ofInputStream()`, `ofLines()`
>>   - Response headers validation
>> 
>>   **Test results**: 38/38 passed
>> 
>>   ### Notes
>>   - This change only affects 407 responses; all other flows remain unchanged
>>   - The cached body is cleared after first use to prevent reuse
>>   - No changes to public APIs; internal implementation only
>> 
>>   I'd appreciate any feedback on this approach. If there's a better way to handle this, I'm happy to revise.
>
> EunHyunsu has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains six commits:
> 
>  - fix whitespace issue
>  - Merge branch 'master' into JDK-8328894
>  - 8328894: Add test for 407 response body with various handlers
>  - 8328894: Cache and return 407 response body to application
>  - 8328894: Add proxyResponseBody field to preserve 407 body
>  - 8328894: Read 407 response body in HTTPS CONNECT tunneling

Hi all,
I believe the RDP1 fork is complete now.
If anyone has a moment, I'd appreciate guidance on whether I should proceed with an updated patch or keep this on hold.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28232#issuecomment-3765420354

More information about the net-dev mailing list