We only seem to support some flavors of proxy authentication.  We get a lot of
feedback about us not working with firewall A or proxy server B.  Here is one example

>From:  xxxxx@xxxxx 
>Subject: Any conflict between JSSE and Java Webstart?
>To: javawebstart- xxxxx@xxxxx 
>MIME-version: 1.0
>Content-disposition: inline
>X-MIMETrack: Serialize by Router on AU-AAPMTA001/AU/INTL(Release 5.0.6 |December 14, 2000) at 04/04/2001 04:28:40 PM
>
>
>Steve,
>
>Thanks for your prompt reply.  Let me describe our problems more in
>details.
>
>Our Java application deployed by JavaWebstart1.0 got problem at client-side
>when it tried to establish HTTPS connection via client's password-protected
>firewall. ( NO ERROR with firewall without password protection).
>
>
>1.Client side Error message in  java webstart console:
>
>java.io.IOException: Unable to tunnel through 10.11.12.55:80.  Proxy returns "HTTP/1.1 407 Proxy authentication required"
>     at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
>     * * *
>
>details in nrmatest.txt
>(See attached file: nrmatest.txt)
>
>2. What we can get from our testing proxy (Basic authentication with base64
>encode)
>     Request sending to our proxy:
>
>     CONNECT 203.11.226.122:443 HTTP/1.0
>     User-Agent: JSSE
>
>     Response from our proxy
>
>     HTTP/1.0 407 Proxy Authentication Required
>     ................
>
>details in (See attached file: soap.test.txt)
>
>3.  Our Java application support HTTPS by using JSSE1.0.2.
>
>   public static void setupHTTPsSupport()
>  {
>
>     try
>     {
>      System.setProperty(
>        "java.protocol.handler.pkgs",
>        "com.sun.net.ssl.internal.www.protocol");
>
>      java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
>
>      // Work around for  JavaWebStart which requires this
>      // to be set as well. Note that in a usual application it wasn't required.
>      if (! isFactorySet)
>      {
>        URL.setURLStreamHandlerFactory(new URLStreamHandlerFactory() {
>        public URLStreamHandler createURLStreamHandler(final String protocol)
>        {
>          if (protocol!=null && protocol.equals("https")){
>            return new com.sun.net.ssl.internal.www.protocol.https.Handler();
>          }
>          return null;
>        }
>        });
>        isFactorySet = true;
>      }
>    }
>    catch (Exception ex)
>    {
>      System.err.println ("Failed to install SSL support in DefaultDecisionSystem.setupHTTPsSupport()");
>      ex.printStackTrace();
>    }
>  }
>
>
>4.  Welcome to our website to reproduce the error in HTTPS data
>communication via password-protected proxy firewall.
>
>          http://www.pwcdecision.com
>
>          user:          webstart
>          password:      webstart
>
>ERROR happened when you try the menu "Actions/run"  and choose
>"pwcdecision.com" from  combo box "solver" and click OK button.
>
>
>
>We just wondering whether Java Webstart1.0  is compatible to JSSE1.0.2
>component. And whether we made any mistakes in our code?
>
>Thanks for your kind attention. And your help will enable us to stick to
>Java Webstart.
>
>Hongbo Jin
>
>Java Developer
>PricewaterhouseCoopers (Sydney)
>

N/A

Also just received a feedback saying some user agents (browsers) were not allowed to do http requests through a particular firewall!

>I've just traced the traffic and found out that our proxy checks the
>User-Agent mime header and only allows approved 'browsers'.  So I suppose
>this should change to a feature request to allow configuration of the
>User-Agent string.

- xxxxx@xxxxx  2001-04-05

the http.agent property was added to the list of secure properties in tiger as part of 5025084: allow http.agent property..

by setting this property in the jnlp file, applications can now control the user agent passed in http headers.
 xxxxx@xxxxx  2004-07-12

Also note that WebStart doesn't appear to be able to get 
through MS Proxy if the authentication is done using NTLM.  

Hi,

I get the same Error (407) in this simple Program
If I try to connect a HTTP-URL it works fine.

public static void main(java.lang.String[] args) {
	System.out.println("TestConnections::main() - started");
	
	URL targetURL = null;

	//System.properties setzen.
	Properties sysProperties = System.getProperties();
	sysProperties.put("proxyHost", "proxy.ourProxy.de");
	sysProperties.put("https.proxyHost", "proxy.ourProxy.de");
	
	sysProperties.put("proxyPort", "8080");
	sysProperties.put("https.proxyPort", "8080");
	//sysProperties.put("proxySet",  "true");
	final String proxyUser = "myUser";
	final String proxyPW   = "myPW";

	try
	{
                         //Alternative Authentifizierung
		Authenticator.setDefault(new MyAuthenticator());
		
		//Fall2:
		//Vorbereitungen für SSL-Verbindungen
		Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
		System.setProperty("java.protocol.handler.pkgs", 
"com.sun.net.ssl.internal.www.protocol");
		
		//Fall2:
		targetURL = new URL("https", "www.strato.de", "/cgi-bin/serv_cont.cgi/news");
		
		URLConnection con = targetURL.openConnection();

		con.setDoInput(true);
		con.setUseCaches(false);
		con.setDefaultUseCaches(false);
		
		//Authorization für Proxy Codieren (Base64)
		
		String encodedStr = Base64.encode ((proxyUser + ":" +
											
proxyPW).getBytes ());
		String authhdr = "Basic " + encodedStr;
		
		con.setRequestProperty("Proxy-Authorization",authhdr);
		
		BufferedReader in = new BufferedReader(new 
InputStreamReader(con.getInputStream()));

		String input = null;
		while (null != input = in.readLine()) 
		{
			System.out.println(input);
		}
	}
	catch (MalformedURLException e)
	{
		System.err.println("in main(): " + e);
		System.exit(-1);
	}
	catch (java.io.IOException e)
	{
		System.err.println("in main(): " + e);
		e.printStackTrace(System.err);
		System.exit(-1);
	}

Our firewall also insists on certain user agents

Why not at least provide an option to make HTTP requests 
through the browser? Our solution to proxy problems has 
always been to have the applet make requests via SSL, 
which, in 1.2 & 1.3 plugins caused requests to be made 
through the browser, bypassing the java proxy code. (I 
believe even this is going away in 1.4. Don't know what 
we'll do). 

I have i similar problem I think. I tried to launch the 
example on the web site. JWS ask me a login and password 
for  the firewall and after that JWS return me an error 
saying it can't download.
Here are the error messages :
An error occurred while launching/running the application.

Title: SwingSet2
Vendor: Sun Microsystems, Inc.
Category: Download Error

Unable to load resource: 
http://java.sun.com/products/javawebstart/apps/SwingSet2.jnl
p

JNLPException[category: Download Error : Exception: 
java.net.ProtocolException: Server redirected too many 
times (5) : LaunchDesc: null ]

	at com.sun.javaws.cache.DownloadProtocol.doDownload
(Unknown Source)

	at 
com.sun.javaws.cache.DownloadProtocol.isLaunchFileUpdateAvai
lable(Unknown Source)

	at 
com.sun.javaws.LaunchDownload.getUpdatedLaunchDesc(Unknown 
Source)

	at com.sun.javaws.Launcher.downloadResources
(Unknown Source)

	at com.sun.javaws.Launcher.handleApplicationDesc
(Unknown Source)

	at com.sun.javaws.Launcher.handleLaunchFile(Unknown 
Source)

	at com.sun.javaws.Launcher.run(Unknown Source)

	at java.lang.Thread.run(Unknown Source)

java.net.ProtocolException: Server redirected too many 
times (5)

	at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream
(Unknown Source)

	at java.net.HttpURLConnection.getResponseCode
(Unknown Source)

	at com.sun.javaws.util.URLUtil.doesURLExist(Unknown 
Source)

	at com.sun.javaws.cache.DownloadProtocol.doDownload
(Unknown Source)

	at 
com.sun.javaws.cache.DownloadProtocol.isLaunchFileUpdateAvai
lable(Unknown Source)

	at 
com.sun.javaws.LaunchDownload.getUpdatedLaunchDesc(Unknown 
Source)

	at com.sun.javaws.Launcher.downloadResources
(Unknown Source)

	at com.sun.javaws.Launcher.handleApplicationDesc
(Unknown Source)

	at com.sun.javaws.Launcher.handleLaunchFile(Unknown 
Source)

	at com.sun.javaws.Launcher.run(Unknown Source)

	at java.lang.Thread.run(Unknown Source)

 Please note that I don't know the proxy configuration. and 
so I am not sure if it is a network configuration problem 
or a JWS related problem

Our proxy does nearly everything.
But when I send some POST-data by 
URLConnection.getOutputStream() and after that
I try to get the URLConnection.getInputStream()
it fails to connect the URL.
THIS IS WITH proxy-authentification!!
Without it all works fine...

The problem is this: JSSE sends an HTTP/1.0 request to the 
proxy and the proxy responds with an HTTP/1.1 reply, while 
JSSE expects an HTTP/1.0 reply.

There is a workaround for this descibed in this JavaWorld 
article: http://www.javaworld.com/javaworld/javatips/jw-
javatip111.html

Jesper de Jong

sorry .. in my previous comment I meant of course 
squid proxy authentication using ntlm

for us webstart appears to have some problems with 
getting through a squid using proxy authentication. It 
takes about a few minutes before one is prompted for 
password. After that, again a few minutes until one is 
reasked for the same password. I tested all recent 
j2sdk versions, incl. 1.4.2_04 on both linux & windows.