How do I use existing java.netSocketImpl extensions to do custom firewalls and proxies?

From Support
Jump to: navigation, search

Question:

When using SSL, the usual visibroker and JDK proxy settings do not work. Some firewalls and proxy servers require custom software to be created and implemented to establish and maintain a connection. How can this be done with VBJ?

Answer:

Resolution 1 talks about implementing a customized socket layer.
Resolution 2 talks about using JDK features to set up proxies and login information if this is all that is needed.

Create your own socket implementation:

SSL and a proxy firewall that requires a login before a connection is established.

Create a new SSLProxyFactoryImpl and a new SSLProxyImpl. The SSLProxyFactoryImpl needs to implement the java.net.SocketImplFactory and the SSLProxyImpl needs to extend java.net.SocketImpl. The SSLProxyFactory creates a new SSLProxyImpl object. The SSLProxyImpl is just a wrapper around the java.net.PlainSocketImpl but it also sets up the connection to the firewall proxy when a connect() method is called.


Java Tip 42: Write Java apps that work with proxy-based firewalls
               How to use Java to connect with HTTP servers outside your corporate firewall
    Summary
    This tip will show you how to write Java applications that can get past your corporate proxy and access Web servers on the
    Internet. Adding proxy support to your Java applications involves writing just a few additional lines of code and doesn't rely
    on any security "loopholes." (675 words)

By Ron Kurr

    Almost every company is concerned with protecting its internal network from hackers and thieves. One common security measure is to completely disconnect the corporate network from the Internet. If the bad guys can't
connect to any of your machines, they can't hack into them. The unfortunate side effect of this tactic is that internal
users can't access external Internet servers, like Yahoo or JavaWorld. To address this problem, network
administrators often install something called a "proxy server." Essentially, a proxy is a service that sits between the
Internet and the internal network and manages connections between the two worlds. Proxies help reduce outside
security threats while still allowing internal users to access Internet services. While Java makes it easy to write
Internet clients, these clients are useless unless they can get past your proxy. Fortunately, Java makes it easy to work
with proxies -- if you know the magic words, that is.

The secret to combining Java and proxies lies in activating certain system properties in the Java
runtime. These properties appear to be undocumented, and are whispered between programmers as part of the Java
folklore. In order to work with a proxy, your Java application needs to specify information about the proxy itself as
well as specify user information for authentication purposes. In your program, before you begin to work with any
Internet protocols, you'll need to add the following lines:

System.getProperties().put( "proxySet", "true" );
System.getProperties().put( "proxyHost", "myProxyMachineName" );
System.getProperties().put( "proxyPort", "85" );

The first line above tells Java that you'll be using a proxy for your connections, the second line specifies the machine
that the proxy lives on, and the third line indicates what port the proxy is listening on. Some proxies require a user to
type in a username and password before Internet access is granted. You've probably encountered this behavior if you
use a Web browser behind a firewall. Here's how to perform the authentication:

URLConnection connection = url.openConnection();
String password = "username:password";
String encodedPassword = base64Encode( password );
connection.setRequestProperty( "Proxy-Authorization", encodedPassword );

The idea behind the above code fragment is that you must adjust your HTTP header to send out your user information. This is achieved
with the setRequestProperty() call. This method allows you to manipulate the HTTP headers before the request is sent out. HTTP
requires the user name and password to be base64 encoded. Luckily, there are a couple of public domain APIs that will perform the
encoding for you (see the Resources section).

As you can see, there's not a whole lot to adding proxy support to your Java application. Given what you now know, and a little research
(you'll have to find out how your proxy handles the protocol you're interested in and how to deal with user authentication), you can
implement your proxy with other protocols.

Proxying FTP
Scott D. Taylor sent in the magic incantation to deal with proxying the FTP protocol:

defaultProperties.put( "ftpProxySet", "true" );
defaultProperties.put( "ftpProxyHost", "proxy-host-name" );
defaultProperties.put( "ftpProxyPort", "85" );

You can then access the files URLs using the "ftp" protocol via something like:

URL url = new URL("ftp://ftp.netscape.com/pub/navigator/3.04/windows/readme.txt%22 );

The base64Encode() method is in the HTTPClient.Codecs class. Get the HTTPClient source from
 



Article originally contributed by Borland Developer Support


Tags: VBJ3.x CORBA
Retrieved from "https://docwiki.embarcadero.com/Support/e/index.php?title=How_do_I_use_existing_java.netSocketImpl_extensions_to_do_custom_firewalls_and_proxies%3F&oldid=912"