Proxy Authentication Failed error - java

I'm trying to access an FTP server through an FTP SITE Proxy to bypass a firewall using it.sauronsoftware.ftp4j.FTPClient I know my username/password is correct because I can connect using FileZilla. I tried using Authenticator, but it has no use. Code:
import java.net.Authenticator;
import it.sauronsoftware.ftp4j.FTPClient;
import it.sauronsoftware.ftp4j.connectors.FTPProxyConnector;
...
FTPClient client = new FTPClient();
FTPProxyConnector connector = new FTPProxyConnector(String "proxyHost", int proxyPort);
client.setConnector(connector);
Authenticator.setDefault(new Authenticator() {
#Override
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("proxyUser", "proxyPass".toCharArray());
}});
System.setProperty("ftp.proxyHost", "proxyHost");
System.setProperty("ftp.proxyPort", "proxyPort");
System.setProperty("ftp.proxyUser", "proxyUser");
System.setProperty("ftp.proxyPass", "proxyPass");
System.out.println("Proxy Accessed");
client.connect("ftpHost");
client.login("ftpUser", "ftpPass");
Gives me this error: java.io.IOException: Proxy authentication failed
Things I have tried:
Using the alternate constructor (String, int, String, String).
Removing Authenticator
Using just Authenticator, without the FTPProxyConnector
Authenticating before setting the connector, and vice versa.
However, when I am JUST using the Authenticator, I get a different error saying Connection timed out.
Both errors occur on line client.connect("ftpHost");
ANY help would be appreciated.
Note: The FTP Proxy Connector
EDIT: I found out that the proxy is used to bypass a Firewall-1 Checkpoint -- if this helps.

Check password property name. It's name is ftp.proxyPassword, and not ftp.proxyPass.
System.setProperty("ftp.proxyUser", "proxyUser");
System.setProperty("ftp.proxyPassword", "proxyPass");
Try it and let us know your results!

Check password property name. It's name is ftp.proxyPassword, and not ftp.proxyPass.
System.setProperty("ftp.proxyUser", "proxyUser");
System.setProperty("ftp.proxyPassword", "proxyPass");
Try it and let us know your results!

I found the solution...
I discovered that the FTP client was responding with a different response code:
200-User <username> authenticated by FireWall-1 authentication
In the source code of FTPProxyConnector, a response code of anything other than the regular
230-Connected to server. Logging in...
will throw an error.
I had to decompile the class file for FTPProxyConnector and then modify the source code, then recompile and save it back to the jar. Worked like a charm.

Related

Java\Groovy - java.io.IOException: Authentication failure in simple authenticated HTTP request

I'm using Groovy\Java. I'm trying to download a file from a server with a simple HTTP GET. This code works on every computer we tried, except for my coworker's computer.
new File(fullFilePath).withOutputStream { out ->
url = new URL(COMPLETE_URL).openConnection()
Authenticator.setDefault (new Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication (USER, PASSWORD);
}
});
out << url.inputStream
}
The strange thing is that this code works perfectly on my computer and on an AWS instance, on Windows 10 and Windows Server 2012, and it DOES NOT work on my coworker's computer, on Windows 10. All 64bit.
We all have the same Java version. Antivirus and Firewall are disabled. I tried with his credentials and he tried with mine, it still doesn't work only from his computer.
Error:
java.io.IOException: Authentication failure
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1695)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1439)
...
What else could we try and check?
Using Authenticator.setDefault() is a bad approach for this. It will cause Java to send your username and password on ANY request the JVM makes which requests credentials.
Why this is failing only on one machine is hard to tell, but likely the Java configuration must be different.
In any case, try changing your code to just set the authentication header on each request. That will make your code less reliant on Java's internals and will not just send your credentials on each request the JVM might make in the future:
def authHeaderValue = 'Basic ' + Base64.encoder.encodeToString("$USER:$PASSWORD".bytes)
new File(fullFilePath).withOutputStream { out ->
connection = new URL(COMPLETE_URL).openConnection()
connection.setRequestProperty('Authorization', authHeaderValue)
out << connection.inputStream
}
I wrote a blog post about making HTTP requests in Groovy without libraries, you may want to check it out.

Connecting to ldap using GSSAPI. Wrong service principal

I'm trying to connect to ldap server using SASL. I'm connecting using url ldaps://ldap.example.com but server hostname is host.example.com. ldap.example.com is cname for host.example.com. My program is trying to get service ticket for ldap/ldap.example.com instead of performing reverse dns request and getting ticket for ldap/host.example.com. Everything works fine when I'm using ldap://host.example.com but I prefer to use service CNAME.
There is my code for creating connection factory:
public DefaultConnectionFactory connectionFactory(){
return new DefaultConnectionFactory(connectionConfig());
}
private ConnectionConfig connectionConfig(){
final SaslConfig saslConfig = new SaslConfig();
saslConfig.setMechanism(Mechanism.GSSAPI);
final BindConnectionInitializer connectionInitializer = new BindConnectionInitializer();
connectionInitializer.setBindSaslConfig(saslConfig);
ConnectionConfig connConfig = new ConnectionConfig("ldaps://ldap.example.com");
connConfig.setConnectionInitializer(connectionInitializer);
return connConfig;
}
and jaas.config:
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
keyTab="/etc/ldap.keytab"
principal="ldap#EXAMPLE.COM"
storeKey=true
useKeyTab=true
debug=true
;
};
Is there any way to change this behavior?
You should request a new certificate with ldap.example.com as the subject name and with host.example.com as a subject alternative name. The certificate negotiation is handled right before Kerberos.
A couple more suggestions:
All SPNs should be defined in your KDC:
LDAP/ldap.example.com
LDAP/host.example.com
Both of these A records should be set in DNS. Avoid use of CNAMES, while it might be OK at any given time, different browser versions and future updates could cause inconsistent behavior:
ldap.example.com
host.example.com
The principal in jaas.config and the keytab should match. You have:
principal="ldap#EXAMPLE.COM"
I suggest it should be: principal=“ldap/host.example.com“;
Finally, ldap/host.example.com should be defined as the SPN in your keytab. If it is not, it might be OK, as long as you either (1) add it as an additional SPN related in the keytab: How do you add multiple SPNs to the same keytab file for Spnego or Kerberos Configuration? or (2) see Setspn if you are using Active Directory and you application server supports it.
See further reading on GSSAPI.

jWebsocket Authentication - Connection is not rejected on invalid credentials

I tried to use the staticAuthProvider as shown here
On the Server side It tells me
2015-01-14 10:57:21,353 WARN - SystemPlugIn: Attempt to login with invalid credentials, username 'root'.
but If I send any data from the webpage, it arives at the websocket sucessfully. Do I have to Reject the connection on my own? How can I determine If the credentials are valid?
I can use
webSocketServerEvent.getConnector().getUsername()
to get the Username, but the problem is that at the beginning the username is "anonymous" and after a while it is "root"(if the credentials are correct).
I tried this in the processPacket method:
if (!webSocketServerEvent.getConnector().getUsername().equals("root")) {
webSocketServerEvent.getConnector().stopConnector(CloseReason.SERVER_REJECT_CONNECTION);
}
but this fails due that the username is anonymous at the beginning.
So every connection attempt is rejected
Did you try to post this on jWebSocket Forum?
I am sure someone would have answered you, I will make my try, but not sure if I get what you are looking for:
The fact that you are not authenticate does not mean that you don't have permissions on the server side to execute stuff, you will always have access to SystemPlugIn for example. Now, if you want the anonymous user to have no permissions, go ahead and edit the jWebSocket.xml file and set the anonymous user without any permissions, not sure if that helps, but try and then let us know.
Thanks,
Victor

XMPP Server, smack API connectivity

I am trying to connect to Tigase Server, implement a client in Java using smack API.
ConnectionConfiguration config = new ConnectionConfiguration("192.32.104.93", 5222, "ELVES-D463645");
Connection connection = new XMPPConnection(config);
connection.connect();
When code reaches connect. I get following stacktrace.
stream:error (host-unknown)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:214)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:44)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
No response from the server.:
at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication.java:73)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:230)
at org.jivesoftware.smack.Connection.login(Connection.java:366)
at com.directv.xmpp.client.poc.FirstClient.main(FirstClient.java:20)
XMPPException Occured while connecting to server No response from the server.
Can anyone please help me find, where am I going wrong. Thanks!
I found the solution to it.
I was entering the service name and hostname in wrong place.
and because my server is locally hosted. following code stub worked for connection with Tigase Server.
ConnectionConfiguration config = new ConnectionConfiguration("localhost", 5222, "yourdomain");
yourdomain shoulde be the domain name which was entered earlier while installation and configuration of the server.
Thank you all for your help though.
ConnectionConfiguration config = new ConnectionConfiguration("192.32.104.93", 5222, "ELVES-D463645");
The serviceName, third argument of the ConnectionConfiguration constructor, seems to be wrong. I would expect something like a domain here (example.com).
You did not even reach the Tigase server. The error appears to be related to either configuration of the DNS or to parameters you pass to the Smack library.
I do not know Smack API but from the error you attach it looks like you provide incorrect hostname, or at least a hostname which does not have a correct DNS entry.
This is fine and you should still be able to connect to the server if you can provide IP address as well.
Try below, or check your XMPP server Authentication setting
ConnectionConfiguration config = new ConnectionConfiguration(XMPP_HOST, XMPP_PORT);
config.setCompressionEnabled(false);
config.setSASLAuthenticationEnabled(false);
connection = new XMPPConnection(config);
Here is a code for Smack 4.3.4
XMPPTCPConnectionConfiguration conf = XMPPTCPConnectionConfiguration.builder()
.setHostAddress(InetAddress.getByName(host))
.setXmppDomain(JidCreate.domainBareFrom(Domain))
.setUsernameAndPassword("username", "password")
.setPort(5222)
.build();
AbstractXMPPConnection connection = new XMPPTCPConnection(conf);
connection.connect();
connection.login();

http 407 proxy authentication required : how to handle in java code

System.setProperty("http.proxySet", "true");
System.setProperty("java.net.useSystemProxies", "true");
System.setProperty("http.proxyHost", "192.168.1.103");
System.setProperty("http.proxyPort", "3128");
System.setProperty("http.proxyUser", "user123");
System.setProperty("http.proxyPassword", "passwD123");
url = new URL("http://www.google.co.in");
every time when I am using this code IOException throws which say HTTP response code 407.
HTTP 407 means proxy authentication required. why this problem is coming while I set proxyUser and proxyPassword.
http 401 will occur if I put wrong password but it always give me 407, means my code does not take username and password. In above code user123 is username and passwD123 is password for proxy authentication.
http://blog.vinodsingh.com/2008/05/proxy-authentication-in-java.html
I found the solution thanks Mr. Vinod Singh.
Proxy authentication in Java
The usual corporate networks provide internet access via proxy servers and at times they require authentication as well. May applications do open the connections to servers which are external to the corporate intranet. So one has to do proxy authentication programmatically. Fortunately Java provides a transparent mechanism to do proxy authentications.
Create a simple class like below-
import java.net.Authenticator;
class ProxyAuthenticator extends Authenticator {
private String user, password;
public ProxyAuthenticator(String user, String password) {
this.user = user;
this.password = password;
}
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(user, password.toCharArray());
}
}
and put these lines of code before your code opens an URLConnection-
Authenticator.setDefault(new ProxyAuthenticator("user", "password"));
System.setProperty("http.proxyHost", "proxy host");
System.setProperty("http.proxyPort", "port");
Now all calls will successfully pass through the proxy authentication.
The answer to use an Authenticator is correct for the general case. However, another cause of HTTP 407 in Java 8u111 and later is if you are using BASIC authentication against the proxy.
In this case, add this system property:
-Djdk.http.auth.tunneling.disabledSchemes=
I found this out from: https://confluence.atlassian.com/kb/basic-authentication-fails-for-outgoing-proxy-in-java-8u111-909643110.html
#GauravDS
You mentioned:
http://blog.vinodsingh.com/2008/05/proxy-authentication-in-java.html
I found the solution thanks Mr. Vinod Singh.
Proxy authentication in Java
The usual corporate networks provide internet access via proxy servers and at times they require authentication as well. May applications do open the connections to servers which are external to the corporate intranet. So one has to do proxy authentication programmatically. Fortunately Java provides a transparent mechanism to do proxy authentications.
Create a simple class like below-
.
.
.
and put these lines of code before your code opens an URLConnection-
Authenticator.setDefault(new ProxyAuthenticator("user", "password"));
System.setProperty("http.proxyHost", "proxy host");
System.setProperty("http.proxyPort", "port");
Now all calls will successfully pass through the proxy authentication.
What if the site you are connecting to also requires a username/password to allow you.
Setting a Default Authenticator(Authenticator.setDefault) will fail I guess when the external site will look for authenticated user.
Any views?....Someone ?
Edit:1
Used this code earlier and was getting the error (407) Proxy Authentication Required.
I believe that was because the authentication was requested by different hosts. and when you set a default authenticator with one user/pass for one host, then the authentication will fail for other requesting host. I made the following change yesterday to SimpleAuthenticator class and now it works like a charm.
protected PasswordAuthentication getPasswordAuthentication()
{
String requestingHost = getRequestingHost();
if (requestingHost == proxyHost){
System.out.println("getPasswordAuthentication() request recieved from->" + requestingHost );
return new PasswordAuthentication(proxyuser,proxypass.toCharArray());
}
else{
System.out.println("getPasswordAuthentication() request recieved from->" + requestingHost );
return new PasswordAuthentication(sharepointusername,sharepointpassword.toCharArray());
}
}
More info here: http://blog.ashwani.co.in/blog/2013-07-29/access-sharepoint-webservices-from-java-behind-proxy/

Categories

Resources