Hi, I found that since this commit 68c9e7a the following scenario started to fail.

I have set a http proxy with basic authentication and I want to access a https url through the proxy. So, the authentication proxy header should be sent as part of the connect but it is not happening.

I'm using AHC 1.9.31 and Grizzly 2.3.21.

Before the referenced commit was added it was working and here was the sequence of messages:

REQUEST: HttpRequestPacket (
method=CONNECT
url=httpbin.org:443
headers=[
Host=httpbin.org:443
User-Agent=AHC/1.0
Connection=keep-alive
Proxy-Connection=keep-alive
Proxy-Authorization=Basic am9obmRvZTpwYXNz]
)
RESPONSE: HttpResponsePacket (
status=200
reason=Connection established
)
REQUEST: HttpRequestPacket (
method=GET
url=/basic-auth/user/passwd
protocol=HTTP/1.1
headers=[
Host=httpbin.org:443
User-Agent=AHC/1.0
Connection=keep-alive
Accept=/
Proxy-Connection=keep-alive
Proxy-Authorization=Basic am9obmRvZTpwYXNz]
)
RESPONSE: HttpResponsePacket (
status=401
reason=UNAUTHORIZED
protocol=HTTP/1.1
committed=false
headers=[
server=nginx
date=Tue, 10 May 2016 12:50:48 GMT
content-length=0
connection=keep-alive
access-control-allow-origin=*
www-authenticate=Basic realm="Fake Realm"
access-control-allow-credentials=true]
)
REQUEST: HttpRequestPacket (
method=GET
url=/basic-auth/user/passwd
protocol=HTTP/1.1
headers=[
Host=httpbin.org:443
User-Agent=AHC/1.0
Connection=keep-alive
Accept=/
Authorization=Basic dXNlcjpwYXNzd2Q=
Proxy-Connection=keep-alive
Proxy-Authorization=Basic am9obmRvZTpwYXNz]
)
...

Nowadays latest code from 1.9.x does not send the proxy-authorization with the correct data therefore I got the following messages sequence:

REQUEST: HttpRequestPacket (
method=CONNECT
url=httpbin.org:443
query=null
protocol=HTTP/1.0
content-length=-1
headers=[
Host=httpbin.org:443
User-Agent=AHC/1.0
Connection=keep-alive
Proxy-Connection=keep-alive]
)
RESPONSE: HttpResponsePacket (
status=407
reason=Proxy Authentication Required
protocol=HTTP/1.1
content-length=3553
committed=false
headers=[
server=squid/3.5.15
mime-version=1.0
date=Wed, 11 May 2016 17:40:32 GMT
content-type=text/html;charset=utf-8
content-length=3553
x-squid-error=ERR_CACHE_ACCESS_DENIED 0
vary=Accept-Language
content-language=en
proxy-authenticate=Basic realm="Squid proxy-caching web server"
x-cache=MISS from localhost
via=1.1 localhost (squid/3.5.15)
connection=keep-alive]
)
...

After this point I got an error while parsing the http status code (I'm using squidman to test this, but this works with code before the mentioned commit):

May 11, 2016 2:40:32 PM org.glassfish.grizzly.filterchain.DefaultFilterChain execute
WARNING: GRIZZLY0013: Exception during FilterChain execution
java.lang.NullPointerException
at org.glassfish.grizzly.http.HttpClientFilter$ClientHttpResponseImpl.getProcessingState(HttpClientFilter.java:714)
at com.ning.http.client.providers.grizzly.HttpTransactionContext.currentTransaction(HttpTransactionContext.java:122)
at com.ning.http.client.providers.grizzly.AhcEventFilter.onHttpHeaderError(AhcEventFilter.java:254)
at org.glassfish.grizzly.http.HttpCodecFilter.handleRead(HttpCodecFilter.java:563)
at org.glassfish.grizzly.http.HttpClientFilter.handleRead(HttpClientFilter.java:175)

I looked at the code and I found that it is now checking for a connect flag and only if it is false it will add the proxy authentication header.

    com.ning.http.util.AuthenticatorUtils
    public static String perRequestProxyAuthorizationHeader(Request request,
        Realm realm, ProxyServer proxyServer, boolean connect) {

    String proxyAuthorization = null;

    if (!connect && proxyServer != null && proxyServer.getPrincipal() != null
            && proxyServer.getScheme() == Realm.AuthScheme.BASIC) {
        proxyAuthorization = computeBasicAuthentication(proxyServer);

    }

The previous version of the code was sending always the proxy-authorization without checking or not this flag.

I have made the change to do send the proxyAuthorization based on proxyServer data but I'm not able to get the test to complete the sequence or requests (it does the connect, get) due to an SSL issue that I'm not able to find out why it is failing. Let me know if you want me to share this code.

Thanks!