box-java-sdk icon indicating copy to clipboard operation
box-java-sdk copied to clipboard

Published 20 hours ago verified publisher icon box

Need to support non basic-auth proxies

Open ajmas opened this issue 6 years ago • 3 comments

  • [x] I have checked that the SDK documentation and API documentation doesn't solve my issue

Description of the Issue

The current version of the Box API assumes that the proxy is either unauthenticated or using basic username/password authentication. This breaks in any environment that uses different types of authentication, such as NTLM or Kerberos.

In our case when we try to use our proxy we get a 407 HTTP response.

Ideally the Box API should allow us to substitute in our own proxy configuration. Maybe something based on the Apache HTTPClient which allows using an auth schema registry, along with a credentials provider - this works for us in a standalone test, when not using the Box Java API.

Versions Used

Java SDK: 1.80_181 on RedHat Linux.
Java: 1.80_181 on RedHat Linux.

Steps to Reproduce

  • Proxy that uses Kerberos and SPNEGO
  • Set this to be the proxy used by Box
  • Connect to https://api.box.com/2.0/search?query=sales via GET

Error Message, Including Stack Trace

Status 407 returned by proxy. If everything worked we should get a 401 (since we aren't providing Box auth for this test case).

ajmas avatar Nov 13 '18 20:11 ajmas

Hey @ajmas,

We will add NTLM Proxy support to our backlog. However, this is not a trivial change and we will need to prioritize this on our roadmap.

Thank you!

carycheng avatar Nov 14 '18 01:11 carycheng

@carycheng understood.

  • I'll make sure my employer gets this brought up via official support channels, since this is essentially a blocker for us.
  • Would Box consider using Apache HTTPClient to handle the connectivity, instead of HTTPUrlConnection? I ask, since this provides the necessary support for SSO based proxies as part of its API.

ajmas avatar Nov 19 '18 17:11 ajmas

Hey @ajmas,

Yes, I believe using Apache HTTPClient to handle the connectivity could potentially solve this issue and that is idea we are considering down the road, however the effort to swap out our HTTP connection with Apache HTTP Client will be a larger task so we are putting this in our planning backlog to discuss when to tackle this.

We will let you know if/when we figure out a more concrete roadmap for this Proxy issue, thank you!

carycheng avatar Nov 19 '18 17:11 carycheng