0

A project I'm working on requires a URLClassLoader, which is supposed to load a .jar file from the Internet that is protected by very basic authentication. To access this jar file, one must send a GET request with an Authorization header to a specific URL.

By default, the URLClassLoader just sends the GET request, and I'm having some trouble getting it to send the headers as well.

On another StackOverflow Thread I found that I am supposed to pass a custom URLStreamHandler in the URLClassLoader's constructor, which is what I tried doing: I extended URLClassLoader in a custom class, calling this constructor super(new URL[]{url}, parent, protocol -> new LicensedURLStreamHandler(token));, where LicensedURLStreamHandler is

import java.io.IOException;
import java.net.*;

public class LicensedURLStreamHandler extends URLStreamHandler {

    private final String token;

    public LicensedURLStreamHandler(String token) {
        this.token = token;
    }

    @Override
    protected URLConnection openConnection(URL u) throws IOException {
        URL url = new URL(u.toString());
        JarURLConnection con = (JarURLConnection) url.openConnection();

        con.setRequestProperty("Authorization", token);
        con.setRequestProperty("Accept", "application/octet-stream");

        return con;
    }
}

However, on the server side, both headers appear not to have been included, because the only ones that are present are Accept:[text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2] Connection:[keep-alive] User-Agent:[Java/1.8.0_362]

In essence, the server receives the request without the headers I added in the LicensedURLStreamHandler. I don't really know how to fix this, and the already scarce documentation on the subject hasn't helped me.

kradicati
  • 37
  • 2
  • 7
  • Please add more details what are you trying to achieve and what is the question. – dimnnv Mar 06 '23 at 17:27
  • Edited to hopefully improve the question. Let me know if you need additional clarifications! – kradicati Mar 06 '23 at 17:50
  • Can you set a breakpoint in the constructor LicensedURLStreamHandler(String token) to see whether it is being called during startup? That will tell us where to look next. – John Williams Mar 06 '23 at 17:56
  • And if it does setup the LicensedURLStreamHandler, test if it hits the openConnection(URL u) call. – John Williams Mar 06 '23 at 18:05
  • I added a breakpoint, and both the constructor and the openConnection method are called. – kradicati Mar 06 '23 at 19:22
  • 1
    A `jar:` URL addresses an entry within another URL. You don’t want to add authentication to the `JarURLConnection`, you want to add it to the embedded URL, which I suppose is an `http:` URL. But keep in mind that there is no on-the-fly access to entries within a jar file on a network resource. The jar file will be downloaded behind the scenes anyway, so if you want more control over the process, just download the jar file yourself, using the desired options, and create the class loader with the local copy afterwards. – Holger Mar 10 '23 at 08:24

0 Answers0