Actions that perform HTTP requests

install4j includes several actions that can perform HTTP or HTTPS requests:

• The "Install files" action downloads installation components that have been marked as "Downloadable" provided that the data files option has been set to "Downloadable" as well in the media file wizard.
• The "Check for updates" action downloads the update descriptor updates.xml from the specified web server in order to check if there is a new version available.
• The "Download file" action downloads the specified file from the web server.
• the "Upload file" action uploads a specified file with a POST request.
• The "HTTP request" action performs generic HTTP requests.
• The "Wait for HTTP server" action waits until a specified HTTP or HTTPS port becomes available.

When creating an HTTP/HTTPS connection to the requested resource there are three different concerns that may require user interaction: Proxy selection, proxy authentication and server authentication.

Proxy selection and authentication

On Windows, installer applications use native code to perform HTTP requests, so the native Windows proxy dialog will be shown. The proxy configuration of the operating system is used and the system properties for setting an HTTP proxy in Java do not apply. This has the advantage that a previously saved proxy password does not have to be entered by the user.

On other platforms, HTTP requests are made through the Java HttpClient for Java 11+ or a URLConnection for lower Java versions. If a proxy can be auto-detected from the system settings, it is used automatically. If the proxy requires credentials, an authentication dialog will be shown. User input in this dialog will be cached for the duration of the process. If the proxy uses basic authentication then HTTPS connections can only be tunneled if the VM parameter

-Djdk.http.auth.tunneling.disabledSchemes=

is set with an empty value as shown above. This is done automatically for installer applications, but not for generated launchers where you would have to set this VM parameter explicitly. If you do that, you should read about its security impact in case you develop your own implementation of java.net.Authenticator.

Entering proxy data is supported in console mode as well. In unattended mode there is no user interaction, so the proxy information has to be provided to the installer via command line arguments. The following system properties for proxy configuration can be used:

-DproxyHost=<host name>
-DproxyPort=<port number>

If the proxy requires credentials, you also have to specify

-DproxyAuthUser=<user name>
-DproxyAuthPassword=<password>

Except for the native Windows network connection, the above properties can also be used to configure the proxy from outside. Furthermore the global Java proxy properties

-Dhttp.proxyHost=<host name>
-Dhttp.proxyPort=<port number>
-Dhttp.proxyUser=<user name>
-Dhttp.proxyPassword=<password>

and the corresponding properties with the "https" prefix are also used for HTTP and HTTPS connections respectively. If you would like to use these properties on Windows as well, you can disable the native Windows network connection with the system property -Dinstall4j.noWinInetConnection=true.

Server authentication

The download URL can be password protected with basic HTTP authentication. In this case, the user has to supply a user name and a password.

Neither the user name nor the password is cached by install4j. In unattended mode you have to pass the arguments

-DserverAuthUser=<user name>
-DserverAuthPassword=<password>

You can set these system properties via

System.setProperty("serverAuthUser", "<user name>");
System.setProperty("serverAuthPassword", "<password>");

programmatically.