feign
feign copied to clipboard
OpenFeign
Custom feign client with proxy+auth provides no Proxy-Auth header
Bug report
Need Feign to use proxy with credentials and defining something like this in Spring-Boot:
@Bean
public Client feignClient() {
return new Client.Proxied(null, null,
new Proxy(Proxy.Type.HTTP,
new InetSocketAddress(proxyHost, Integer.parseInt(proxyPort))),
proxyUsername, proxyPassword);
}
(https://github.com/OpenFeign/feign/blob/master/core/src/main/java/feign/Client.java)
But in the end the Proxy-Auth header is not sent, proxy is used though.
trying to use a spring boot openfeign client to use a NTLM proxy to get to an external pubic client rest service. Any ideas on how to do this?
This is all outside of what Feign offers today. Proxy configurations are Client implementation specific, so you will need to configure it based on which one you use. The Default Client uses JDK provided objects and are very simple. You may want to switch to a more feature-rich Client like OkHTTP, or Apache
This is all outside of what Feign offers today. Proxy configurations are
Clientimplementation specific, so you will need to configure it based on which one you use. The Default Client uses JDK provided objects and are very simple. You may want to switch to a more feature-rich Client like OkHTTP, or Apache
I ended up using okHttp. But still curious why you say Feign does not offer this when its part of its code? Maybe I misunderstood something?
My problem so far is that nothing works so far for me. I have tried everything , looked all over google I want to use a Feign client in Springboot. But I want the client to use a proxy. Currenly the only type of proxy I can test with is an http style proxy that uses NTLM authentication. NOthing works ... every example I find does not , all types of crazy maven versions being thrown about. A BIG MESS REALLY. The only examples that I tend find are silly simple things that do not require NTLM authentication. The ones that I guess come out of the box and just require you to set the host and the port. I might revisit those again since I am about to give up on NTML authenticated proxies ...
One thing I am curious about is: When I set up the code to call the proxy .. it runs .. but does not seem to be aware of the configured proxy. I ran thru debbuger looking into the SpringBoot code and I can see clearly that the proxy is not being used. ????? So .. is Spring Advertising FALSE
The easy ones probably work ... The proxy that I am going true is an NTLM proxy. It is a bit confusing to use ... also OkHttpclient cannot even use it right now ... it is yet to implement the necessary calls. HttpClient , supposedly , should be able to do it ... BUT .. there are so many different versions ... and crazy examples , all of which are different .. I am not sure if a concrete solution exists out there. FORGET ABOUT THE DEFAULT CLIENT .. it is useless when it comes to NTLM style proxies. Hopefully , we can change our proxy to a non NTLM proxy soon. Because I am stomped LOL
I don't know if this works with NTLM proxies, but this is what we ended up using (we use that class as "configuration" in the FeignClient annotation) :
class Config {
@Value("${proxy.host}")
private String proxyHost;
@Value("${proxy.port}")
private int proxyPort;
@Value("${proxy.user}")
private String proxyUser;
@Value("${proxy.password}")
private String proxyPassword;
@Bean
public feign.Client feignClient() {
OkHttpClient okHttpClient;
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, proxyPort));
okHttpClient = new OkHttpClient.Builder().proxy(proxy).proxyAuthenticator(authenticator()).build();
return new feign.okhttp.OkHttpClient(okHttpClient);
}
private okhttp3.Authenticator authenticator() {
return (route, response) -> {
String credential = okhttp3.Credentials.basic(proxyUser, proxyPassword);
return response.request().newBuilder()
.header("Proxy-Authorization", credential)
.build();
};
}
}
I don't know if this works with NTLM proxies, but this is what we ended up using (we use that class as "configuration" in the FeignClient annotation) :
class Config { @Value("${proxy.host}") private String proxyHost; @Value("${proxy.port}") private int proxyPort; @Value("${proxy.user}") private String proxyUser; @Value("${proxy.password}") private String proxyPassword; @Bean public feign.Client feignClient() { OkHttpClient okHttpClient; Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, proxyPort)); okHttpClient = new OkHttpClient.Builder().proxy(proxy).proxyAuthenticator(authenticator()).build(); return new feign.okhttp.OkHttpClient(okHttpClient); } private okhttp3.Authenticator authenticator() { return (route, response) -> { String credential = okhttp3.Credentials.basic(proxyUser, proxyPassword); return response.request().newBuilder() .header("Proxy-Authorization", credential) .build(); }; } }
That's interesting. Who knows it might work. I will try it and see. Most of the documentation I have seen so far involves the use of constructs that target NTLM proxies .... non of which have seemed to work so far.
I might add that using a NON-NTLM proxy is not a problem and works fine as advertised. It is the NTLM authorization that is the issue
Looks like, from the rest of the issue, there is something specific in NTLM, which is outside of Feign's scope
Actually , I did figure out how to make it work. But the company I work formoved to a different type of proxy which made the issue a non-issue since theweb proxy we are now using works out of the box. Cannot even remember all the research I did at that time to get it to work. Regards,George Curington
On Friday, October 7, 2022 at 05:04:49 PM EDT, Kevin Davis ***@***.***> wrote:
Looks like, from the rest of the issue, there is something specific in NTLM, which is outside of Feign's scope
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>