httpClient not sending proxy creditials

Brandon_Bunch · April 10, 2023, 9:32pm

Hey all, I have a conundrum. Below is the API call I make using the httpClient and sending the proxy info, but i worked with the proxy team and it doesn't send the actual proxy username and password with the request, but it does route the traffic through the proxy. It returns a 407 (authentication error) and I'm wondering if there is just something I'm missing. Any ideas?

	return system.net.httpClient(bypass_cert_validation=True, proxy="http://1.1.1.1:8080", username="usr", password="pwd").post("https://api.com", data=data, timeout = 3000L).json

PGriffith · April 10, 2023, 9:39pm

That authentication is supplied if the actual request returns an authorization is required header. It's not auth for the proxy itself. I don't know if Java's httpclient supports proxy authentication. You could try specifying the username and password on the URL? http://user:pass@ip:port

Brandon_Bunch · April 10, 2023, 10:19pm

Thanks for the reply, but that also seems to be a nogo. Returning a 407 as well.

Kevin.Herron · April 10, 2023, 10:24pm

Can you capture this exchange in Wireshark? Curious what the request and response look like.

Brandon_Bunch · April 11, 2023, 8:43pm

I've been trying and I cant seem to sniff it out. Not entirely sure why but its probably related to company setup or network? Hitting it from the browser works, but i have to script it through a proxy to let it escape to the outside world where this API exists.

gekkoman · June 24, 2024, 4:31am

Sorry for the Necro post but this remains a hassle and my workaround may help someone.

We have authenticating proxy + man in the middle CA certs installed on or corporate network.

Getting past this the java way while not impossible is not very pleasant and involves writing authenticators.

Since the update to Jython using 2.7 under ignition 8.* it is quite possible to use the requests library which is arguably a whole lot nicer than the java client. I use requests-2.14 as it is one of the last to support python 2.7.

I also load it at runtime from a DB blob with no special gateway/client configuration required.

I use postgres and I have a table like this setup in an accessible database:

If you use another db you will have to alter sql stuff accordingly to your flavour.

CREATE TABLE python_modules (
    id serial4 NOT NULL,
    "name" varchar NULL,
    file varchar NULL,
    contents bytea NULL,
    startpath varchar NULL,
   CONSTRAINT pk_python_modules_id PRIMARY KEY (id))

I then have a gateway script in my case located at shared.jython

LOADED={}


"""workaround to dynamically load python modules at runtime from blobs in DB. No need for any special gateway install

How to use

In script console - once off to save to db
shared.jython.saveToDB("requests","<specify local path to>/requests-2.14.2.tar.gz","requests-2.14.2")

To load and use requests
shared.jython.loadFromDB("requests")
import requests                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                              
"""


def loadFromDB(name,force=False):
	
	import imp,tempfile,tarfile,os
	
	global LOADED
	
	if name in LOADED and not force:
		return
	
	sql="""SELECT id,contents,filename,startpath FROM python_modules WHERE name=?"""
	ret=system.db.runPrepQuery(sql,[name])
	if ret:
		fn=ret[0][2]
		#write file to namedtempfile
		tf=tempfile.NamedTemporaryFile()
		system.file.writeFile(tf.name,ret[0][1])
		print "tempfile",tf.name
		#check if tar.gz
		if tarfile.is_tarfile(tf.name):
			tar=tarfile.open(tf.name)
			td=tempfile.mkdtemp()
			tar.extractall(td)
			tar.close()
			os.unlink(tf.name)
			#now should have a tempdir with loaded module
			sp=ret[0][3]
			if sp:
				td=os.path.join(td,sp)
			mod= imp.find_module(name,[td])                                                                                                                                                                                                        
			imp.load_module(name,*mod)
			LOADED[name]=td               
		else:
			os.unlink(tf.name)
			
			
			
def closeModule(name):
	#extra step to remove tempdir when no longer needed
	import shutil,os
	global LOADED
	if name in LOADED:
		shutil.rmtree(LOADED[name])
		
		del LOADED[name]
	
		
	
	
def saveToDB(name,filepath,startpath):
	import os
	print filepath
	if not filepath and not os.path.isfile(filepath):
		return
	sql="""SELECT id FOM python_modules WHERE name=?"""
	ret=system.db.runPrepQuery(sql,[name])
	
	
	bytes=system.file.readFileAsBytes(filepath)
	filename=os.path.basename(filepath) #take care with windows paths as it may return the whole path
	if ret:
		#update
		sql="""UPDATE python_modules SET filename=?, contents=? ,startpath=? WHERE id =?"""
		system.db.runPrepUpdate(sql,[filename,bytes,startpath,ret[0][0]])
	else:
		#insert
		sql="""INSERT INTO python_modules (name,filename,contents,startpath) values (?,?,?,?)"""
		system.db.runPrepUpdate(sql,[name,filename,bytes,startpath])

Now I can simply use requests to make calls via authenticating proxy

eg in a script console

Jython 2.7.3, executing locally in the Designer.
Press (Ctrl + Space) to activate autocompletion.
>>> shared.jython.loadFromDB("requests")
tempfile /tmp/tmptnWKE0
>>> import requests 
>>> proxies= {'http': 'http://<user>:<pass>@<proxy server>:<proxy port>',   'https': 'http://<user>:<pass>@<proxy server>:<proxy port>'}
>>> response=requests.get("http://date.jsontest.com/",proxies=proxies)
>>> print(response.json())
{u'date': u'06-24-2024', u'milliseconds_since_epoch': 1719203278943L, u'time': u'04:27:58 AM'}