Got a reply from the system administrator. Not really what I was looking for:
Could you enable SSL and configure the tunnel to work over the standard HTTPS port on the test environment (i.e. Port 443)?
We believe that some of the proxy issues may be made worse by using non-standard ports and the above configuration should be closer to our production environment.
How do I configure the tunnel to work over the standard HTTPS port?
I already have SocketFactory.useSSL enabled but I don’t have any certificate to use yet. So no SocketFactory.SSLKeystorePath or SocketFactory.SSLKeystorePassphrase.
What do I have to do to be able to use url like yhat: https://myServer:8080/servoy-client/…
socket factory use ssl and so on have nothing to do with https
thats for servoy data encrypted and then over http (so data → ssl encrypt done by servoy → http)
what you want is just servoy data going over https (so data → http → ssl (https))
So for this you have to configure Tomcat to use the https connector over 443 instead of the http connector over 8080 (server.xml)
but for this you also have to generate a keystore where you add your ssl certificate/keys that tomcat uses to setup https connections
or setup apache webserver in front of it that handles the https for you
I’ve got some news.
When the Java client establishes a connection through the proxy, you are prompted to authenticate, and that authentication is valid for that connection.
Every 5 minutes (exactly 5) the Java smart client drops the connection and re-establishes it. Because to the proxy server this is a new connection, it prompts you to re-authenticate and the application tells you the connection has been lost.
Exactly the same behaviour occurs when connected over the internet with no proxy, but you don’t see it because there’s no need to authenticate the new connection.
What do you think is causing the disconnection? Can it be because of Servoy network configuration?
Btw, I still use the same settings (not changed to use HTTPS)
Hi,
Servoy makes HTTP connections for the tunnel. Every 5 minutes it refreshes the connection (by default).
However, what I don’t understand is exactly what happens. Do you use the same credentials every time to log in to the proxy? Because if so, then Servoy should just work. But if you need NEW credentials for EVERY connection to the proxy, then that would mean you have to type 2 passwords when servoy starts up (because it needs 2 connections).
So what exactly happens? What type of proxy-authentication is it? Is it Basic, Digest or NTLM? Does Servoy prompt for the credentials or does some other program?
The Proxy uses NTLM authentication – the account used is a user’s Windows domain/AD username/password and this does not change (apart from 3 monthly password changes).
When the Smart client starts and attempts to connect to the server the standard Java proxy screen prompts for the username/password/domain. You are only prompted to enter this once (at application startup).
Also, does the 5min refresh correspond to the ApplicationServer.pingDelay which is at 300sec by default (5min)?