JAVA知识积累 给HttpClient添加Socks代理
本文描述http client使用socks代理过程中需要注意的几个方面:1,socks5支持用户密码授权;2,支持https;3,支持让代理服务器解析DNS;
使用代理创建Socket
从原理上来看,不管用什么http客户端(httpclient,okhttp),最终都要转换到java.net.Socket的创建上去,看到代码:
package java.net;
public Socket(Proxy proxy) {
...
}这是JDK中对网络请求使用Socks代理的入口方法。(http代理是在http协议层之上的,不在此文讨论范围之内)。
HttpClient要实现socks代理,就需要塞进去一个Proxy对象,也就是定制两个类:org.apache.http.conn.ssl.SSLConnectionSocketFactory 和org.apache.http.conn.socket.PlainConnectionSocketFactory,分别对应https和http。
代码如下:
private class SocksSSLConnectionSocketFactory extends SSLConnectionSocketFactory {
public SocksSSLConnectionSocketFactory(SSLContext sslContext, HostnameVerifier hostnameVerifier) {
super(sslContext, hostnameVerifier);
}
@Override
public Socket createSocket(HttpContext context) throws IOException {
ProxyConfig proxyConfig = (ProxyConfig) context.getAttribute(ProxyConfigKey);
if (proxyConfig != null) {//需要代理
return new Socket(proxyConfig.getProxy());
} else {
return super.createSocket(context);
}
}
@Override
public Socket connectSocket(int connectTimeout, Socket socket, HttpHost host, InetSocketAddress remoteAddress,
InetSocketAddress localAddress, HttpContext context) throws IOException {
ProxyConfig proxyConfig = (ProxyConfig) context.getAttribute(ProxyConfigKey);
if (proxyConfig != null) {//make proxy server to resolve host in http url
remoteAddress = InetSocketAddress
.createUnresolved(host.getHostName(), host.getPort());
}
return super.connectSocket(connectTimeout, socket, host, remoteAddress, localAddress, context);
}
}和
private class SocksSSLConnectionSocketFactory extends SSLConnectionSocketFactory {
public SocksSSLConnectionSocketFactory(SSLContext sslContext, HostnameVerifier hostnameVerifier) {
super(sslContext, hostnameVerifier);
}
@Override
public Socket createSocket(HttpContext context) throws IOException {
ProxyConfig proxyConfig = (ProxyConfig) context.getAttribute(ProxyConfigKey);
if (proxyConfig != null) {
return new Socket(proxyConfig.getProxy());
} else {
return super.createSocket(context);
}
}
@Override
public Socket connectSocket(int connectTimeout, Socket socket, HttpHost host, InetSocketAddress remoteAddress,
InetSocketAddress localAddress, HttpContext context) throws IOException {
ProxyConfig proxyConfig = (ProxyConfig) context.getAttribute(ProxyConfigKey);
if (proxyConfig != null) {//make proxy server to resolve host in http url
remoteAddress = InetSocketAddress
.createUnresolved(host.getHostName(), host.getPort());
}
return super.connectSocket(connectTimeout, socket, host, remoteAddress, localAddress, context);
}
}然后在创建httpclient对象时,给HttpClientConnectionManager设置socketFactoryRegistry
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register(Protocol.HTTP.toString(), new SocksConnectionSocketFactory())
.register(Protocol.HTTPS.toString(), new SocksSSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE))
.build();
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
让代理服务器解析域名
场景:运行httpClient的进程所在主机可能并不能上公网,大部分时候,也无法进行DNS解析,这时通常会出现域名无法解析的IO异常,下面介绍怎么避免在客户端解析域名。
上面有一行代码非常关键:
remoteAddress = InetSocketAddress
.createUnresolved(host.getHostName(), host.getPort());变量host是你发起http请求的目标主机和端口信息,这里创建了一个未解析(Unresolved)的SocketAddress,在socks协议握手阶段,InetSocketAddress信息会原封不动的发送到代理服务器,由代理服务器解析出具体的IP地址。
Socks的协议描述中有个片段:
The SOCKS request is formed as follows:
+----+-----+-------+------+----------+----------+
|VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT |
+----+-----+-------+------+----------+----------+
| 1 | 1 | X'00' | 1 | Variable | 2 |
+----+-----+-------+------+----------+----------+
Where:
o VER protocol version: X'05'
o CMD
o CONNECT X'01'
o BIND X'02'
o UDP ASSOCIATE X'03'
o RSV RESERVED
o ATYP address type of following address
o IP V4 address: X'01'
o DOMAINNAME: X'03'
o IP V6 address: X'04'代码按上面方法写,协议握手发送的是ATYP=X'03',即采用域名的地址类型。否则,HttpClient会尝试在客户端解析,然后发送ATYP=X'01'进行协商。当然,大多数时候HttpClient在解析域名的时候就挂了。
https中需要注意的问题
在使用httpclient访问https网站的时候,经常会遇到javax.net.ssl包中的异常,例如:
Caused by: javax.net.ssl.SSLException: Received fatal alert: internal_error
at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_80]
at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_80]一般需要做几个设置:
创建不校验证书链的SSLContext
SSLContext sslContext = null;
try {
sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
return true;
}
}).build();
} catch (Exception e) {
throw new com.aliyun.oss.ClientException(e.getMessage());
}
...
new SocksSSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE)创建不校验域名的HostnameVerifier
public class NoopHostnameVerifier implements javax.net.ssl.HostnameVerifier {
public static final NoopHostnameVerifier INSTANCE = new NoopHostnameVerifier();
@Override
public boolean verify(final String s, final SSLSession sslSession) {
return true;
}
}如何使用用户密码授权?
java SDK中给Socks代理授权有点特殊,不是按socket来的,而是在系统层面做的全局配置。比如,可以通过下面代码设置一个全局的Authenticator:
Authenticator.setDefault(new MyAuthenticator("userName", "Password"));
...
class MyAuthenticator extends java.net.Authenticator {
private String user ;
private String password ;
public MyAuthenticator(String user, String password) {
this.user = user;
this.password = password;
}
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(user, password.toCharArray());
}
}这种方法很简单,不过有些不方便的地方,如果你的产品中需要连接不同的Proxy服务器,而他们的用户名密码是不一样的,那么这个方法就不适用了。
基于ThreadLocal的Authenticator
public class ThreadLocalProxyAuthenticator extends Authenticator{
private ThreadLocal<PasswordAuthentication> credentials = null;
private static class SingletonHolder {
private static final ThreadLocalProxyAuthenticator instance = new ThreadLocalProxyAuthenticator();
}
public static final ThreadLocalProxyAuthenticator getInstance() {
return SingletonHolder.instance;
}
public void setCredentials(String user, String password) {
credentials.set(new PasswordAuthentication(user, password.toCharArray()));
}
public static void clearCredentials() {
ThreadLocalProxyAuthenticator authenticator = ThreadLocalProxyAuthenticator.getInstance();
Authenticator.setDefault(authenticator);
authenticator.credentials.set(null);
}
public PasswordAuthentication getPasswordAuthentication() {
return credentials.get();
}
}
这个类意味着,授权信息只会保存到当前调用者的线程中,其他线程的调用者无法访问,在创建Socket的线程中设置密钥和清理密钥,就可以做到授权按照Socket连接进行隔离。Java TheadLocal相关知识本文不赘述。
按连接隔离的授权
class ProxyHttpClient extends CloseableHttpClient{
private CloseableHttpClient httpClient;
public ProxyHttpClient(CloseableHttpClient httpClient){
this.httpClient=httpClient;
}
protected CloseableHttpResponse doExecute(HttpHost target, HttpRequest request, HttpContext context) throws IOException, ClientProtocolException {
ProxyConfig proxyConfig = //这里获取当前连接的代理配置信息
boolean clearCredentials = false;
if (proxyConfig != null) {
if (context == null) {
context = HttpClientContext.create();
}
context.setAttribute(ProxyConfigKey, proxyConfig);
if (proxyConfig.getAuthentication() != null) {
ThreadLocalProxyAuthenticator.setCredentials(proxyConfig.getAuthentication());//设置授权信息
clearCredentials = true;
}
}
try {
return httpClient.execute(target, request, context);
} finally {
if (clearCredentials) {//清理授权信息
ThreadLocalProxyAuthenticator.clearCredentials();
}
}
}
}另外,线程是可以复用的,因为每次调用完毕后,都清理了授权信息。
这里有个一POJO类ProxyConfig,保存的是socks代理的IP端口和用户密码信息。
public class ProxyConfig {
private Proxy proxy;
private PasswordAuthentication authentication;
}JAVA知识积累 给HttpClient添加Socks代理的更多相关文章
- 给HttpClient添加Socks代理
本文描述http client使用socks代理过程中需要注意的几个方面:1,socks5支持用户密码授权:2,支持https:3,支持让代理服务器解析DNS: 使用代理创建Socket 从原理上来看 ...
- 给OkHttp Client添加socks代理
Okhttp的使用没有httpClient广泛,网上关于Okhttp设置代理的方法很少,这篇文章完整介绍了需要注意的方方面面. 上一篇博客中介绍了socks代理的入口是创建java.net.Socke ...
- Java知识积累3-XML的DOM解析修改和删除方法
import java.io.File; import java.io.IOException; import javax.xml.parsers.DocumentBuilder;import jav ...
- Java知识积累-XML的DOM解析修改和删除方法
import java.io.File; import java.io.IOException; import javax.xml.parsers.DocumentBuilder;import jav ...
- Java知识积累2-StringReverse实现文字(单词)倒叙输出
package String; import java.util.Stack;import java.util.StringTokenizer; public class StringReverse ...
- Java知识积累1-StringAlign实现文字居中左右对齐
import java.text.*;public class StringAlign extends Format{ public static final int JUST_LEFT='l'; / ...
- 项目积累——JAVA知识积累
调用天气: <iframe src="http://www.thinkpage.cn/weather/weather.aspx?uid=&c=CHXX0008&l=zh ...
- java知识积累——单元测试和JUnit(二)
首先来复习一下几个重要知识点,然后接着进行一些介绍.在上一篇文章中,我曾经贴过下面这张图片: 在Which method stubs would you like to create?这里,现在结合4 ...
- Java知识积累——单元测试和JUnit(一)
说起单元测试,刚毕业或者没毕业的人可能大多停留在课本讲述的定义阶段,至于具体是怎么定义的,估计也不会有太多人记得.我们的教育总是这样让人“欣 慰”.那么什么是单元测试呢?具体科学的定义咱就不去关心了, ...
随机推荐
- dom2级事件兼容性写法
添加事件 function addEvent(node,type,hander){ if(!node) return false; //如果没有这个元素 ,直接返回: if(node.addE ...
- windows下查看端口被哪个进程占用
1.netstat -anp|findstr "port" 得到进程id 2.tasklist|findstr "pid" 得到是进程名
- 将ESXI所有的端口组迁移到分布式交换机的步骤
1.如果是DELL服务器,一般有2-4个网口,那么所有的网口都把网线插到交换机上:2.DELL安装ESXI系统,根据不同的DELL硬件,要安装不同的ESXI版本.原则上越高版本,支持的硬件越多向下兼容 ...
- PHP-Socket服务端客户端发送接收通信实例详解
原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 .作者信息和本声明.否则将追究法律责任.http://fighter.blog.51cto.com/1318618/1533957 So ...
- 【BZOJ】1923 [Sdoi2010]外星千足虫(高斯消元)
题目 传送门:QWQ 分析 高斯消元解异或方程组,和解普通方程组差不多. 范围有点大,要套一个bitset. 代码 #include <bits/stdc++.h> using names ...
- LINUX ifconfig 命令详解
ifconfig 配置和显示Linux系统网卡的网络参数 补充说明 ifconfig命令 被用于配置和显示Linux内核中网络接口的网络参数.用ifconfig命令配置的网卡信息,在网卡重启后机器重启 ...
- html:模板
http://www.mycodes.net/code_previewmap.php?id=3461 http://www.17sucai.com/pins/4120.html 欧美风格的CMS企业 ...
- 6. 纯 CSS 绘制一颗闪闪发光的璀璨钻石
原文地址:https://segmentfault.com/a/1190000014652116 HTML代码: <div class="diamond"> <s ...
- TortoiseGit上传项目到GitHub
1. 简介 gitHub是一个面向开源及私有软件项目的托管平台,因为只支持git 作为唯一的版本库格式进行托管,故名gitHub. 2. 准备 2.1 安装git:https://git-scm.c ...
- as3 连接mysql
http://www.cnblogs.com/yili16438/archive/2011/04/23/2025936.html