This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 138222 - AdminAuthenticator bypasses user proxy settings
Summary: AdminAuthenticator bypasses user proxy settings
Status: VERIFIED FIXED
Alias: None
Product: serverplugins
Classification: Unclassified
Component: Sun Appserver 9 (show other bugs)
Version: 6.x
Hardware: All Linux
: P3 blocker (vote)
Assignee: Vince Kraemer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-06-25 14:00 UTC by Lukas Jungmann
Modified: 2008-09-17 20:45 UTC (History)
0 users

See Also:
Issue Type: DEFECT
Exception Reporter:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lukas Jungmann 2008-06-25 14:00:56 UTC
in tools->options-> proxy settings->more user is allowed to set default auth details for security enabled proxy servers
if they're in use. Current implementation of AdminAuthenticator does not take this IDE-wide setting into account.
Comment 1 Vince Kraemer 2008-06-25 16:46:42 UTC
Can you describe how you think the authenticator is supposed to leverage the proxy info?

It seems like it would be pretty useless, since the odds that the proxy auth info would apply to some random server (not
the proxy) would be pretty low... even in an enterprise setting...
Comment 2 Lukas Jungmann 2008-06-25 17:08:02 UTC
Authenticator knows whether the auth. request is coming from a proxy server or not[1], IDE (or you can perhaps get
required info from system properties/JVM directly[2]) knows whether it should use proxy for outgoing connections and if
so then whether the proxy server requires authentication. Possible implementation is in o.n.core module[3].

Does this answer your question?

[1]: http://java.sun.com/j2se/1.5.0/docs/api/java/net/Authenticator.html#getRequestorType()
[2]: see ie. javadoc for o.n.core module
[3]: http://hg.netbeans.org/main/file/tip/o.n.core/src/org/netbeans/core/NbAuthenticator.java
Comment 3 Vince Kraemer 2008-06-25 18:40:57 UTC
answers question: yes...  thanks for the additional details...
Comment 4 Vince Kraemer 2008-08-14 23:43:08 UTC
do you have a set of steps that I can use to reproduce this issue?
Comment 5 Lukas Jungmann 2008-08-22 10:56:48 UTC
do we have any security enabled proxy server I/we could use for testing?

basically steps are:
-be behind such server
-set user credentials in Tools->Options->General->Manual Proxy Settings->Auth...
-do some action which will trigger Authenticator.setDefault(AdminAuthenticator) call (start server, deploy or refresh
should do that)
-create a new javaapp project
-create a ws client (or new file->XML->External XMLSchema/WSDL doc) from a resource secured by basic auth and accessible
over proxy

=> one will be asked to provide username/pwd for the proxy as well as most likely for other resources but IDE knows
username/pwd for the proxy since it was set in Tools->Options
Comment 6 Vince Kraemer 2008-08-25 00:21:25 UTC
OK. So you have been able to produce this behavior... how did you do it?

You had to be able to set up your environment... So... what authenticating proxy server did you use?
Comment 7 Lukas Jungmann 2008-09-09 23:46:18 UTC
No, I wasn't able to reproduce this, I only checked the code in AdminAuthenticator.java.

Steps to reproduce:
 - setup is described in issue 146720
 - very detailed steps for creating secured web service and a client for this service (*) are at
http://www.ryandelaplante.com/rdelaplante/entry/ssl_and_http_basic_authentication

Other way to reproduce this is to write a unit test similar to one in core module...


(*) - see also my comment in desc#6
Comment 8 Vince Kraemer 2008-09-16 21:10:17 UTC
http://hg.netbeans.org/main/rev/59beabe3ccaa
Comment 9 Quality Engineering 2008-09-17 06:10:30 UTC
Integrated into 'main-golden', will be available in build *200809170201* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main/rev/59beabe3ccaa
User: Vince Kraemer <vkraemer@netbeans.org>
Log: #138222 : supply proxy auth info when requested from proxy. Also address 138232... don't keep asking for authorization data if the user hits cancel...
Comment 10 Lukas Jungmann 2008-09-17 20:45:28 UTC
Thanks, v.