Details
-
Bug
-
Resolution: Fixed
-
Medium
-
5.9.5
-
2
-
Severity 2 - Major
-
Description
Summary
Setting proxyUser and proxyPassword in the catalina.properties file breaks web proxy configuration
Environment
- Any version of Confluence using SAL plugin 3.0.5
- Confluence 5.9.5 in this case
Steps to Reproduce
- Use the following configuration in catalina.properties
#web proxy settings http.proxyHost=localhost http.proxyPort=8888 http.nonProxyHosts=localhost http.proxyUser=admin http.proxyPassword=admin
Does not need to be a valid proxy server as we are testing against the nonProxyHosts
This problem also occurs if the proxy configuration is set in Confluence's setenv.sh rather than in catalina.properties
- Start Confluence
- Start JIRA on the same server
- Attempt to create application link to the Confluence server using the localhost address
Expected Results
The link should be created despite the invalid proxy configuration as localhost is whitelisted in http.nonProxyHost
Actual Results
The below exception is thrown in the atlassian-confluence.log file:
2016-01-28 21:26:05,565 INFO [http-nio-8085-exec-22] [AccessLogFilter] admin GET http://10.60.3.18:8090/confluence/rest/applinks/3.0/manifest.json?_=1453987487624 348848kb 2016-01-28 21:26:05,578 ERROR [http-nio-8085-exec-21] [CreateApplicationLinkUIResource] Exception thrown while retrieving manifest com.google.common.util.concurrent.UncheckedExecutionException: java.lang.IllegalStateException: org.apache.http.auth.MalformedChallengeException: Authentication challenge is empty at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2203) at com.google.common.cache.LocalCache.get(LocalCache.java:3937) at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3941) at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4824)
Notes
Removing the the username and password field, despite using an invalid proxy ip and port, works as localhost is whitelisted as nonProxyHosts
Workaround
Since the problem only affects configurations in which a proxy is used that requires credentials to be provided, a potential workaround is to change the configuration of the proxy server such that it allows connections from the IP address of the machine that Confluence is running on without requiring credentials.
Suggested Resolution
Fix SAL-350 and bundle the newest version of that plugin into Confluence.
Attachments
Issue Links
- is caused by
-
SAL-350 Loading...