Add HTTP proxy authentication with HttpSmartProxyHandler

Copilot · chrjohn · Copilot · commit 777fe72d57e5 · 2026-02-12T13:33:52.000Z
- Add imports for Base64, Collections, StandardCharsets, List, Map, HttpSmartProxyHandler
- Add PROXY_AUTHORIZATION_HEADER constant
- Implement proactive Proxy-Authorization header for Basic auth in createHttpProxyRequest()
  - Only set header when username/password provided without domain/workstation
  - NTLM authentication uses multi-step handshake without proactive header
- Add HttpSmartProxyHandler configuration in createIoProxyConnector()
  - Handler set for all HTTP proxy connections
  - Works with proactive header and handles 407 challenge-response
- Add comprehensive unit tests:
  - Basic auth: verifies header and handler
  - NTLM auth: verifies no header, handler is set, properties configured
  - No credentials: verifies no header, handler is set
- All 4 tests passing

Co-authored-by: chrjohn &lt;6644028+chrjohn@users.noreply.github.com&gt;
diff --git a/quickfixj-core/src/main/java/quickfix/mina/ProtocolFactory.java b/quickfixj-core/src/main/java/quickfix/mina/ProtocolFactory.java
@@ -21,7 +21,12 @@
 
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 
 
 import org.apache.mina.core.service.IoAcceptor;
@@ -36,6 +41,7 @@
 import org.apache.mina.proxy.handlers.ProxyRequest;
 import org.apache.mina.proxy.handlers.http.HttpProxyConstants;
 import org.apache.mina.proxy.handlers.http.HttpProxyRequest;
+import org.apache.mina.proxy.handlers.http.HttpSmartProxyHandler;
 import org.apache.mina.proxy.handlers.socks.SocksProxyConstants;
 import org.apache.mina.proxy.handlers.socks.SocksProxyRequest;
 import org.apache.mina.proxy.session.ProxyIoSession;
@@ -52,6 +58,8 @@ public class ProtocolFactory {
 
     public final static int SOCKET = 0;
     public final static int VM_PIPE = 1;
+    
+    public final static String PROXY_AUTHORIZATION_HEADER = "Proxy-Authorization";
 
     public static String getTypeString(int type) {
         switch (type) {
@@ -133,6 +141,14 @@ public static ProxyConnector createIoProxyConnector(SocketConnector socketConnec
         }
 
         ProxyIoSession proxyIoSession = new ProxyIoSession(proxyAddress, req);
+        
+        // Explicitly set HttpSmartProxyHandler for HTTP proxies to properly manage authentication
+        // This handler works with the proactive Proxy-Authorization header set in the request
+        // and can also handle 407 challenge-response if needed
+        if (proxyType.equalsIgnoreCase("http")) {
+            proxyIoSession.setHandler(new HttpSmartProxyHandler(proxyIoSession));
+        }
+        
         connector.setProxyIoSession(proxyIoSession);
 
         return connector;
@@ -155,12 +171,26 @@ private static ProxyRequest createHttpProxyRequest(InetSocketAddress address,
 
         HttpProxyRequest req = new HttpProxyRequest(address);
         req.setProperties(props);
+        
         if (proxyVersion != null && proxyVersion.equalsIgnoreCase("1.1")) {
             req.setHttpVersion(HttpProxyConstants.HTTP_1_1);
         } else {
             req.setHttpVersion(HttpProxyConstants.HTTP_1_0);
         }
 
+        // Set Proxy-Authorization header for Basic authentication if credentials are provided
+        // Some proxy servers require this header to be set upfront rather than waiting for a 407 response
+        // Note: NTLM authentication requires a multi-step handshake and should not set headers upfront
+        if (proxyUser != null && !proxyUser.isEmpty() 
+                && proxyPassword != null && !proxyPassword.isEmpty()
+                && proxyDomain == null && proxyWorkstation == null) {
+            Map<String, List<String>> headers = new HashMap<>();
+            String credentials = proxyUser + ":" + proxyPassword;
+            String encodedCredentials = Base64.getEncoder().encodeToString(credentials.getBytes(StandardCharsets.UTF_8));
+            headers.put(PROXY_AUTHORIZATION_HEADER, Collections.singletonList("Basic " + encodedCredentials));
+            req.setHeaders(headers);
+        }
+
         return req;
     }
 
diff --git a/quickfixj-core/src/test/java/quickfix/mina/ProtocolFactoryTest.java b/quickfixj-core/src/test/java/quickfix/mina/ProtocolFactoryTest.java
@@ -21,15 +21,24 @@
 
 import org.apache.mina.core.service.IoConnector;
 import org.apache.mina.proxy.ProxyConnector;
+import org.apache.mina.proxy.handlers.http.HttpProxyRequest;
+import org.apache.mina.proxy.handlers.http.HttpSmartProxyHandler;
 import org.apache.mina.proxy.session.ProxyIoSession;
 import org.apache.mina.transport.socket.SocketConnector;
 import org.apache.mina.util.AvailablePortFinder;
 import org.junit.Test;
 import quickfix.ConfigError;
 
 import java.net.InetSocketAddress;
+import java.util.Base64;
+import java.util.List;
+import java.util.Map;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static quickfix.mina.ProtocolFactory.PROXY_AUTHORIZATION_HEADER;
 
 public class ProtocolFactoryTest {
 
@@ -46,4 +55,95 @@ public void shouldCreateProxyConnectorWithoutPreferredAuthOrder() throws ConfigE
         ProxyIoSession proxySession = proxyConnector.getProxyIoSession();
         assertNull(proxySession.getPreferedOrder());
     }
+
+    @Test
+    public void shouldSetBasicAuthorizationHeaderForHttpProxy() throws ConfigError {
+        InetSocketAddress address = new InetSocketAddress(AvailablePortFinder.getNextAvailable());
+        InetSocketAddress proxyAddress = new InetSocketAddress(AvailablePortFinder.getNextAvailable());
+
+        IoConnector connector = ProtocolFactory.createIoConnector(address);
+        ProxyConnector proxyConnector = ProtocolFactory
+                .createIoProxyConnector((SocketConnector) connector, address, proxyAddress, "http", "1.0", "testuser",
+                                        "testpassword", null, null);
+
+        ProxyIoSession proxySession = proxyConnector.getProxyIoSession();
+        
+        // Verify HttpSmartProxyHandler is set
+        assertNotNull("Handler should be set", proxySession.getHandler());
+        assertTrue("Handler should be HttpSmartProxyHandler",
+                   proxySession.getHandler() instanceof HttpSmartProxyHandler);
+        
+        HttpProxyRequest request = (HttpProxyRequest) proxySession.getRequest();
+        
+        Map<String, List<String>> headers = request.getHeaders();
+        assertNotNull("Headers should not be null", headers);
+        assertTrue("Headers should contain Proxy-Authorization", headers.containsKey(PROXY_AUTHORIZATION_HEADER));
+        
+        List<String> authHeaders = headers.get(PROXY_AUTHORIZATION_HEADER);
+        assertNotNull("Proxy-Authorization header should not be null", authHeaders);
+        assertEquals("Should have exactly one Proxy-Authorization header", 1, authHeaders.size());
+        
+        String authHeader = authHeaders.get(0);
+        assertTrue("Auth header should start with 'Basic '", authHeader.startsWith("Basic "));
+        
+        // Verify the encoded credentials
+        String encodedPart = authHeader.substring("Basic ".length());
+        String decoded = new String(Base64.getDecoder().decode(encodedPart));
+        assertEquals("Decoded credentials should match", "testuser:testpassword", decoded);
+    }
+
+    @Test
+    public void shouldNotSetAuthorizationHeaderForNTLMAuthentication() throws ConfigError {
+        InetSocketAddress address = new InetSocketAddress(AvailablePortFinder.getNextAvailable());
+        InetSocketAddress proxyAddress = new InetSocketAddress(AvailablePortFinder.getNextAvailable());
+
+        IoConnector connector = ProtocolFactory.createIoConnector(address);
+        ProxyConnector proxyConnector = ProtocolFactory
+                .createIoProxyConnector((SocketConnector) connector, address, proxyAddress, "http", "1.0", "testuser",
+                                        "testpassword", "TESTDOMAIN", "TESTWORKSTATION");
+
+        ProxyIoSession proxySession = proxyConnector.getProxyIoSession();
+        
+        // Verify HttpSmartProxyHandler is set for NTLM too
+        assertNotNull("Handler should be set", proxySession.getHandler());
+        assertTrue("Handler should be HttpSmartProxyHandler for NTLM",
+                   proxySession.getHandler() instanceof HttpSmartProxyHandler);
+        
+        HttpProxyRequest request = (HttpProxyRequest) proxySession.getRequest();
+        
+        Map<String, List<String>> headers = request.getHeaders();
+        // NTLM requires multi-step handshake, so Proxy-Authorization header should not be set upfront
+        assertTrue("Headers should be null or not contain Proxy-Authorization for NTLM", 
+                   headers == null || !headers.containsKey(PROXY_AUTHORIZATION_HEADER));
+        
+        // Verify NTLM properties are set correctly for the MINA proxy handler to use
+        Map<String, String> props = request.getProperties();
+        assertNotNull("Properties should not be null", props);
+        assertTrue("Properties should contain user credentials", props.size() >= 4);
+    }
+
+    @Test
+    public void shouldNotSetAuthorizationHeaderWhenCredentialsNotProvided() throws ConfigError {
+        InetSocketAddress address = new InetSocketAddress(AvailablePortFinder.getNextAvailable());
+        InetSocketAddress proxyAddress = new InetSocketAddress(AvailablePortFinder.getNextAvailable());
+
+        IoConnector connector = ProtocolFactory.createIoConnector(address);
+        ProxyConnector proxyConnector = ProtocolFactory
+                .createIoProxyConnector((SocketConnector) connector, address, proxyAddress, "http", "1.0", null,
+                                        null, null, null);
+
+        ProxyIoSession proxySession = proxyConnector.getProxyIoSession();
+        
+        // Verify HttpSmartProxyHandler is set even when no credentials provided
+        assertNotNull("Handler should be set", proxySession.getHandler());
+        assertTrue("Handler should be HttpSmartProxyHandler when no credentials",
+                   proxySession.getHandler() instanceof HttpSmartProxyHandler);
+        
+        HttpProxyRequest request = (HttpProxyRequest) proxySession.getRequest();
+        
+        Map<String, List<String>> headers = request.getHeaders();
+        // Headers should either be null or not contain Proxy-Authorization
+        assertTrue("Headers should be null or empty when no credentials provided", 
+                   headers == null || !headers.containsKey(PROXY_AUTHORIZATION_HEADER));
+    }
 }
