Connection Through Proxy

Hi All

We have an Application Server deployed on Windows Server 2008 RC2 on the Cloud.

We have a client who is connecting out from his corporate network to our cloud via the Smart Client,
We have tried using a plain socket connection, and a plain Http connection, but both methods fail due to proxy authentication(ie Webstart shows an authentication dialog asking the user for a username and password).
The problem is that the end users do not have access to this username and password, and the Client I.T. department is reluctant to disclose this information to us.
I understand that each end user could in theory set his connection to ‘Direct’ in his Java settings, but in this instance this is impossible.

Having read the Wiki I was led to understand that either of the above mentioned methods either required no configuration(Socket) or very little.

Could anyone suggest the best method for communicating transparently through a proxy without having the user set a direct connection in Java.
Or at least tell me where I am going wrong if I have missed anything obvious.

My Servoy.properties file is below, and my server.xml file also.

#servoy
#Tue Oct 25 10:31:23 BST 2011
127.0.0.18080lastLoggedinUserName=<dummy-login>
ApplicationServer.pingDelay=300
ServerManager.numberOfServers=7
SocketFactory.compress=true
SocketFactory.rmiServerFactory=com.servoy.j2db.server.rmi.tunnel.ServerTunnelRMISocketFactoryFactory
SocketFactory.tunnelConnectionMode=http
SocketFactory.tunnelUseSSLForHttp=false
SocketFactory.useSSL=false
client.profile.performance=6
client.profile.performance.0=system.property.com.sebster.tunnel.http.client.SystemPropertiesHttpTunnelClientParams.CLOSE_REQUEST_ON_FLUSH\=false,
client.profile.performance.1=com.servoy.j2db.server.rmi.tunnel.ServerTunnelRMISocketFactoryFactory,
client.profile.performance.2=system.property.SocketFactory.tunnelConnectionMode\=socket,
client.profile.performance.3=com.sebster.tunnel.http.client.SystemPropertiesHttpTunnelClientParams.PROXY_URI\=192.168.0.10,
client.profile.performance.4=com.sebster.tunnel.http.client.SystemPropertiesHttpTunnelClientParams.PROXY_USERNAME\=mccourt,
client.profile.performance.5=com.sebster.tunnel.http.client.SystemPropertiesHttpTunnelClientParams.PROXY_PASSWORD\=M3gatr0n\!
client.profiles=performance,
directory.jasper.report=D\:\\RISCm 6 Live\\application_server\\reports
eclipse=-showlocation
java.rmi.server.hostname=127.0.0.1
license.0.code=301045-118631-104437
license.0.company_name=TCI Services
license.0.licenses=10
license.0.product=0
licenseManager.numberOfLicenses=1
log4j.appender.configservlet=com.servoy.j2db.util.SlidingWindowAppender
log4j.appender.configservlet.layout=com.servoy.j2db.util.Log4JHTMLTableLayout
log4j.appender.configservlet.layout.dateTimeFormat=yyyy-MM-dd HH\:mm
log4j.appender.configservlet.windowSize=1000
log4j.appender.file=org.apache.log4j.RollingFileAppender
log4j.appender.file.File=%%servoy_app_server_dir%%\\servoy_log.txt
log4j.appender.file.MaxBackupIndex=1
log4j.appender.file.MaxFileSize=10MB
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d %p [%t] %c - %m%n
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p [%t] %c - %m%n
log4j.debug=false
log4j.logger.com.servoy.j2db.util.Debug=WARN
log4j.logger.org.apache.wicket=WARN
log4j.rootCategory=WARN, file, configservlet
pdf_forms_plugin_servername=pdf_forms
plugin.spellcheck.googleServiceProvider=false
pushLnfToMac=false
rect_Application_frame_bounds=448,145,1024,790
rect_JDateChooser_bounds=860,287,368,305
rect_dialog0_bounds=743,330,433,380
rect_dialog1_bounds=743,330,433,380
rect_dialog2_bounds=743,350,433,380
rect_tci_excorr_01_actCostList_bounds=510,290,900,500
rect_tci_excorr_01_component_images_bounds=555,205,810,670
rect_tci_excorr_01_dialog_bounds=357,105,967,598
rect_tci_excorr_01_dlg_fabman_table_bounds=510,350,900,500
rect_tci_excorr_01_fabric_images_bounds=639,105,810,670
rect_tci_excorr_01_printing_bounds=263,65,1000,700
rect_tci_excorr_01_showQFInDialog_bounds=846,300,227,600
rect_tci_excorr_01_sudoDialog_bounds=750,470,420,140
rmi.connection.timeout=120
server.0.URL=jdbc\:jtds\:sqlserver\://localhost\:8757/repository_server
server.0.catalog=<none>
server.0.connectionValidationType=0
server.0.driver=net.sourceforge.jtds.jdbc.Driver
server.0.enabled=true
server.0.maxConnectionsActive=30
server.0.maxConnectionsIdle=10
server.0.maxPreparedStatementsIdle=100
server.0.password=encrypted\:P0AIeInLwp0f0/WCK75j4A\=\=
server.0.schema=<none>
server.0.serverName=repository_server
server.0.skipSysTables=true
server.0.userName=servoyMaster
server.1.URL=jdbc\:jtds\:sqlserver\://localhost\:8757/scm_admin
server.1.catalog=<none>
server.1.connectionValidationType=0
server.1.driver=net.sourceforge.jtds.jdbc.Driver
server.1.enabled=true
server.1.maxConnectionsActive=30
server.1.maxConnectionsIdle=10
server.1.maxPreparedStatementsIdle=100
server.1.password=encrypted\:P0AIeInLwp0f0/WCK75j4A\=\=
server.1.schema=<none>
server.1.serverName=scm_admin
server.1.skipSysTables=true
server.1.userName=servoyMaster
server.2.URL=jdbc\:jtds\:sqlserver\://localhost\:8757/scm_bp_andrew
server.2.catalog=<none>
server.2.connectionValidationType=0
server.2.dataModelCloneFrom=scm_maersk_duc
server.2.driver=net.sourceforge.jtds.jdbc.Driver
server.2.enabled=true
server.2.maxConnectionsActive=30
server.2.maxConnectionsIdle=10
server.2.maxPreparedStatementsIdle=100
server.2.password=encrypted\:P0AIeInLwp0f0/WCK75j4A\=\=
server.2.schema=<none>
server.2.serverName=scm_bp_andrew
server.2.skipSysTables=true
server.2.userName=servoyMaster
server.3.URL=jdbc\:jtds\:sqlserver\://localhost\:8757/scm_bp_harding
server.3.catalog=<none>
server.3.connectionValidationType=0
server.3.dataModelCloneFrom=scm_maersk_duc
server.3.driver=net.sourceforge.jtds.jdbc.Driver
server.3.enabled=true
server.3.maxConnectionsActive=30
server.3.maxConnectionsIdle=10
server.3.maxPreparedStatementsIdle=100
server.3.password=encrypted\:P0AIeInLwp0f0/WCK75j4A\=\=
server.3.schema=<none>
server.3.serverName=scm_bp_harding
server.3.skipSysTables=true
server.3.userName=servoyMaster
server.4.URL=jdbc\:jtds\:sqlserver\://localhost\:8757/scm_maersk_duc
server.4.catalog=<none>
server.4.connectionValidationType=0
server.4.driver=net.sourceforge.jtds.jdbc.Driver
server.4.enabled=true
server.4.maxConnectionsActive=30
server.4.maxConnectionsIdle=10
server.4.maxPreparedStatementsIdle=100
server.4.password=encrypted\:P0AIeInLwp0f0/WCK75j4A\=\=
server.4.schema=<none>
server.4.serverName=scm_maersk_duc
server.4.skipSysTables=true
server.4.userName=servoyMaster
server.5.URL=jdbc\:jtds\:sqlserver\://localhost\:8757/scm_maersk_qatar
server.5.catalog=<none>
server.5.connectionValidationType=0
server.5.dataModelCloneFrom=scm_maersk_duc
server.5.driver=net.sourceforge.jtds.jdbc.Driver
server.5.enabled=true
server.5.maxConnectionsActive=30
server.5.maxConnectionsIdle=10
server.5.maxPreparedStatementsIdle=100
server.5.password=encrypted\:P0AIeInLwp0f0/WCK75j4A\=\=
server.5.schema=<none>
server.5.serverName=scm_maersk_qatar
server.5.skipSysTables=true
server.5.userName=servoyMaster
server.6.URL=jdbc\:jtds\:sqlserver\://localhost\:8757/scm_utilities
server.6.catalog=<none>
server.6.connectionValidationType=0
server.6.driver=net.sourceforge.jtds.jdbc.Driver
server.6.enabled=true
server.6.maxConnectionsActive=30
server.6.maxConnectionsIdle=10
server.6.maxPreparedStatementsIdle=100
server.6.password=encrypted\:P0AIeInLwp0f0/WCK75j4A\=\=
server.6.schema=<none>
server.6.serverName=scm_utilities
server.6.skipSysTables=true
server.6.userName=servoyMaster
servoy.allowExistingClientActivate=true
servoy.allowSolutionBrowsing=true
servoy.application_server.global_maintenance_mode=false
servoy.application_server.maintenance_mode=false
servoy.application_server.startRepositoryAsTeamProvider=false
servoy.branding=true
servoy.branding.loadingimage=/lib/images/RISCm_icon.png
servoy.branding.webstart.loadinglogo=/lib/images/RISCm_icon.png
servoy.branding.webstart.shortcuttitle=RISCm Cloud
servoy.branding.webstart.shortcuttooltip=Launch RISCm
servoy.branding.webstart.splash=/lib/images/RISCm_icon.png
servoy.branding.webstart.vendor=Strategic Corrosion Management
servoy.branding.windowicon=/lib/images/RISCm_icon.png
servoy.branding.windowtitle=RISCm Cloud
servoy.clientDesktopShortcutCreation=true
servoy.clientJarLoadOption=lazy
servoy.disableDataChangeNotify=false
servoy.disableServersidePack=false
servoy.fastClientStartup=true
servoy.jnlpCodebaseOverride=http\://82.165.143.79
servoy.maxClientHeap=512
servoy.objectPoolSize=50000
servoy.record.lock.lockInDB=false
servoy.rmiStartPort=1099
servoy.smartclient.max_java_version=Java7
servoy.smartclient.min_java_version=Java5
servoy.use.client.timezone=true
servoy.vmClientArgs=-XX\:SoftRefLRUPolicyMSPerMB\=3600000
servoy.webclient.enableAnchors=true
servoy.webclient.nice.urls=true
servoy.webclient.useAjax=true
useSystemPrintDialog=false
usedRMIRegistryPort=1099
waitForNativeStartup=false
window_state_Application_frame=0
window_state_actCostList=0
window_state_dlg_fabman_table=0
<Server port="8005" shutdown="SHUTDOWN_NOW">
  
  <Service name="Catalina">
    
    
    <Connector 
		port="8080" 
    		protocol="HTTP/1.1" 
                maxThreads="500" 
		connectionTimeout="60000" 
                redirectPort="8443" 
		useBodyEncodingForURI="true" 
                compression="4096"
                compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css" />
    

    
    <Engine name="Catalina" defaultHost="localhost">

      
      <Realm className="org.apache.catalina.realm.MemoryRealm" />

      
	 <Host name="localhost"  appBase="webapps"
		            unpackWARs="true" autoDeploy="true"
		            xmlValidation="false" xmlNamespaceAware="false">

        
        <Valve className="org.apache.catalina.valves.AccessLogValve"
                 directory="logs"  prefix="localhost_access_log." suffix=".txt"
                 pattern="common"/>

        <Context path="/lib" docBase="../../lib"/>
        <Context path="/plugins" docBase="../../plugins"/>
        <Context path="/beans" docBase="../../beans"/>
        <Context path="/lafs" docBase="../../lafs"/>
      </Host>
    </Engine>
  </Service>
</Server>

Regards

Very interested in Servoy’s response to this!

it seems that you do use the tunnel already in http mode
so then it should be possible to go over the proxy, what kind of proxy is it?

jcompagner:
it seems that you do use the tunnel already in http mode
so then it should be possible to go over the proxy, what kind of proxy is it?

Johan we don’t know the type and make-up of the proxy - that’s part of the problem. This is a problem for multiple Customers connecting to our Cloud server.

We were under the impression from the wiki that this config set-up would not have a challenge with a proxy.

Clients can get to the Smart Client launch page - with our Logo and the possibility to download Java etc, and can then download the JNLP, but as soon as the JNLP is launched the user is asked for credentials for the proxy by webstart.

Access to the web client is possible by one of our Customers but another cant even get the web Client, instead getting the same proxy credential issue.

Should this setup actually work? What types of proxy would this config not work with?

Appreciate feedback as it seems like a generic problem with our Corporate Customers and is currently a show stopper with our deployment.

If the proxy ask for credentials then you have to supply them…

If you say that even the webclient doesn’t work and it also ask for credentials then that is completely a browser/proxy issue, servoy is not involved at all.

Hi

Just to clarify, one of our clients can connect to the web client with no issues, he can browse websites, including ours, he can see our smart client launch page on our cloud server again with no issues from the proxy.

However when the jnlp is launched, this is the point where the proxy is asking for credentials, in some cases it gets a little futher and downloads the cache of jars(then we get the authentication dialog).

We have tried multiple configs including running purely on port 80.

What is different about the servoy traffic to normal http traffic that could be picked up by the proxy when running over port 80,is it that our config may not have been 100% correct?

What is the optimal configuration exactly to get traffic through a proxy.

We also experience the same thing in house when testing through Freeproxy(default configuration), as soon as the smart client tries to launch we get a proxy authentication issue.

Regards

jcompagner:
If the proxy ask for credentials then you have to supply them…

If you say that even the webclient doesn’t work and it also ask for credentials then that is completely a browser/proxy issue, servoy is not involved at all.

Johan - seems like we are going around in circles here - I’d appreciate a straight, clear cut answer on this please.

  1. In the wiki it suggests that using the config we have in our first post there should be no conflict with a Proxy. Is that correct?
  2. If that is not correct, and this config does not prevent proxy conflicts (ie the connection being blocked by a proxy) what config will?
  3. Since all data is going via port 80 in this config - why is a proxy credentials request being made for our server site yet connections can be made to web sites etc on the same ports - without proxy changes?
  4. Connections are made to our server over port 80 and successfully downloads the JNLP file (in most instances) yet when the JNLP file attempts to open then Proxy credentials request pops up. What’s the JNLP doing connection wise that is not normally handled in a typical port 80 connection?

Johan we are about to commission Sebastian (one of your own consultants) to undertake a review of the set-up we have as its impossible for our Customers to work with our server - but before we do that, can you confirm that it should be possible to configure Servoy to work on port 80 without proxy credentials or the Customer altering their IT set-up? If that’s not possible then we have totally misunderstood the promise of Servoy in this area!

I just can’t tell you that.
I don’t know the proxy and and as far as i know if the proxy wants to authenticate it will ask the tunnel to do that and then you get that dialog
So somehow the proxy just asked for the user information, i guess Sebastiaan will be able to help you much better if he sees your complete setup and sees what the proxy requests (what kind of status codes are coming back)

I also dont know if it is WebStart or Servoy that asks for the credentials…
The browser could be configured to send over some credentials or something like that, but webstart is an other program that doesn’t know that and will use its own.