From ae8506941d493f4d0998dae02814b46f5e16929b Mon Sep 17 00:00:00 2001 From: Oleg Kalnichevski Date: Sat, 17 Jan 2026 15:38:20 +0100 Subject: [PATCH] Discontinue the direct use of http(s).proxyUser and http(s).proxyPassword system properties. These properties may still be used by Authenticator#requestPasswordAuthentication internally --- .../SystemDefaultCredentialsProvider.java | 51 +++---------------- 1 file changed, 6 insertions(+), 45 deletions(-) diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/SystemDefaultCredentialsProvider.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/SystemDefaultCredentialsProvider.java index 5b14197bc3..4812e11a12 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/SystemDefaultCredentialsProvider.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/SystemDefaultCredentialsProvider.java @@ -106,54 +106,15 @@ public Credentials getCredentials(final AuthScope authScope, final HttpContext c if (host != null) { final HttpClientContext clientContext = context != null ? HttpClientContext.cast(context) : null; final String protocol = authScope.getProtocol() != null ? authScope.getProtocol() : (authScope.getPort() == 443 ? URIScheme.HTTPS.id : URIScheme.HTTP.id); - PasswordAuthentication systemcreds = getSystemCreds( - protocol, authScope, Authenticator.RequestorType.SERVER, clientContext); - if (systemcreds == null) { - systemcreds = getSystemCreds( - protocol, authScope, Authenticator.RequestorType.PROXY, clientContext); + final PasswordAuthentication serverCreds = getSystemCreds(protocol, authScope, Authenticator.RequestorType.SERVER, clientContext); + if (serverCreds != null) { + return new UsernamePasswordCredentials(serverCreds.getUserName(), serverCreds.getPassword()); } - if (systemcreds == null) { - // Look for values given using http.proxyUser/http.proxyPassword or - // https.proxyUser/https.proxyPassword. We cannot simply use the protocol from - // the origin since a proxy retrieved from https.proxyHost/https.proxyPort will - // still use http as protocol - systemcreds = getProxyCredentials(URIScheme.HTTP.getId(), authScope); - if (systemcreds == null) { - systemcreds = getProxyCredentials(URIScheme.HTTPS.getId(), authScope); - } + final PasswordAuthentication proxyCreds = getSystemCreds(protocol, authScope, Authenticator.RequestorType.PROXY, clientContext); + if (proxyCreds != null) { + return new UsernamePasswordCredentials(proxyCreds.getUserName(), proxyCreds.getPassword()); } - if (systemcreds != null) { - return new UsernamePasswordCredentials(systemcreds.getUserName(), systemcreds.getPassword()); - } - } - return null; - } - - private static PasswordAuthentication getProxyCredentials(final String protocol, final AuthScope authScope) { - final String proxyHost = System.getProperty(protocol + ".proxyHost"); - if (proxyHost == null) { - return null; - } - final String proxyPort = System.getProperty(protocol + ".proxyPort"); - if (proxyPort == null) { - return null; } - - try { - final AuthScope systemScope = new AuthScope(proxyHost, Integer.parseInt(proxyPort)); - if (authScope.match(systemScope) >= 0) { - final String proxyUser = System.getProperty(protocol + ".proxyUser"); - if (proxyUser == null) { - return null; - } - final String proxyPassword = System.getProperty(protocol + ".proxyPassword"); - - return new PasswordAuthentication(proxyUser, - proxyPassword != null ? proxyPassword.toCharArray() : new char[] {}); - } - } catch (final NumberFormatException ignore) { - } - return null; }