Discussion:
java client and ntlm proxy
Aurélien Minet
2011-03-13 21:56:25 UTC
Permalink
Hi

Yes the socket is open directly, in fact stuff behind EOHTTPChannel (createSocket) doesn't take in account http.proxy*
args cause finally use java.net.Socket and not java.net.URL, so Java Client can't connect to the application trough any
HTTP proxy (NTML or not).
A solution could be to override NSSocketUtilities.getSocketWithTimeout or to extend
com.webobjects.eodistribution.client.EOHTTPChannel with a class having a methode createSocket which return a Socket.
We have got the same problem for Java Client connecting to the application using an https URL. A colleague make a POC
with a class which extends EOHTTPChannel and use javax.net.ssl

Aurelien

ps : for command line launching
java -classpath "jar list" com.webobjects.eoapplication.client.EOClientApplicationSupport
-applicationURL http://host.domain.tld/cgi-bin/WebObjects/App.woa [other arguments]
(prefer a .jnlp file for deployment)
Hi David,
Starting the application with JWS or at command line gives the same result.
I guess that the socket is open directly (port 80) without going thru the proxy and that's why I get a timeout error.
I dont get your idea, what can you check in the jnlp file ?
Thanks
Pierre
----- Original Message -----
*Sent:* Monday, March 07, 2011 8:26 PM
*Subject:* Re: java client and ntlm proxy
Hi Pierre,
Are you launching the application from a link that downloads a .jnlp file from the server? If so, look at it's
contents to be sure it is using the ports you think it is.
Dave
Hi all,
I am trying to use a java client inside a entreprise network using an ntml proxy with authentification for
accessing the outside world.
Seems that java cannot pass that kind of proxy. At least, I was not able to do it.
cntlm.exe -c cntlm.ini -v
cntlm: Proxy listening on 127.0.0.1:3128
cntlm: Resolving proxy TheBorringProxy ...
cntlm: Workstation name used: localhost
cntlm: Using following NTLM hashes: NTLMv2(1) NT(0) LM(0)
cntlm: PID 980: Cntlm ready, staying in the foreground
java -Dhttp.proxySet=true -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=3128 MyClass
-applicationURL http://www.externaldomain.com/cgi-bin/WebObjects/MyAppli.woa <x-msg://292/>
com.webobjects.foundation.NSForwardException for java.io.IOException: Timed out trying to create Socket
at com.webobjects.foundation.NSSocketUtilities._getSocketWithTimeout(NSSocketUtilities.java:145)
at com.webobjects.foundation.NSSocketUtilities.getSocketWithTimeout(NSSocketUtilities.java:100)
at com.webobjects.foundation.NSSocketUtilities.getSocketWithTimeout(NSSocketUtilities.java:58)
at com.webobjects.eodistribution.client.EOHTTPChannel.createSocket(EOHTTPChannel.java:401)
Am I missing something ? May be I am wrong about the way i start my java client ?
Thanks for any idea.
Pierre
_______________________________________________
Do not post admin requests to the list. They will be ignored.
http://lists.apple.com/mailman/options/webobjects-dev/aurelien.minet%40univ-provence.fr
Pierre Gilquin
2011-03-14 08:05:46 UTC
Permalink
Merci Aurélien.

I have already try to extend EOHTTPChannel. Until now without success ...
It's why i try to use cntlm.
cntlm.exe -c cntlm.ini -v
cntlm: New tunnel from 127.0.0.1:11443 to host.domain.tld:80
java MyClassUsingEOClientApplicationSupport -applicationURL http://localhost:11443/cgi-bin/WebObjects/MyAppli.woa
I dont know why this is not working ...

Thanks for any idea

Pierre

----- Original Message -----
From: Aurélien Minet
To: webobjects-***@omnigroup.com ; WebObjects (Group)
Sent: Sunday, March 13, 2011 10:56 PM
Subject: Re: java client and ntlm proxy


Hi

Yes the socket is open directly, in fact stuff behind EOHTTPChannel (createSocket) doesn't take in account http.proxy*
args cause finally use java.net.Socket and not java.net.URL, so Java Client can't connect to the application trough any
HTTP proxy (NTML or not).
A solution could be to override NSSocketUtilities.getSocketWithTimeout or to extend
com.webobjects.eodistribution.client.EOHTTPChannel with a class having a methode createSocket which return a Socket.
We have got the same problem for Java Client connecting to the application using an https URL. A colleague make a POC
with a class which extends EOHTTPChannel and use javax.net.ssl

Aurelien

ps : for command line launching
java -classpath "jar list" com.webobjects.eoapplication.client.EOClientApplicationSupport
-applicationURL http://host.domain.tld/cgi-bin/WebObjects/App.woa [other arguments]
(prefer a .jnlp file for deployment)
Hi David,
Starting the application with JWS or at command line gives the same result.
I guess that the socket is open directly (port 80) without going thru the proxy and that's why I get a timeout error.
I dont get your idea, what can you check in the jnlp file ?
Thanks
Pierre
----- Original Message -----
*Sent:* Monday, March 07, 2011 8:26 PM
*Subject:* Re: java client and ntlm proxy
Hi Pierre,
Are you launching the application from a link that downloads a .jnlp file from the server? If so, look at it's
contents to be sure it is using the ports you think it is.
Dave
Hi all,
I am trying to use a java client inside a entreprise network using an ntml proxy with authentification for
accessing the outside world.
Seems that java cannot pass that kind of proxy. At least, I was not able to do it.
cntlm.exe -c cntlm.ini -v
cntlm: Proxy listening on 127.0.0.1:3128
cntlm: Resolving proxy TheBorringProxy ...
cntlm: Workstation name used: localhost
cntlm: Using following NTLM hashes: NTLMv2(1) NT(0) LM(0)
cntlm: PID 980: Cntlm ready, staying in the foreground
java -Dhttp.proxySet=true -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=3128 MyClass
-applicationURL http://www.externaldomain.com/cgi-bin/WebObjects/MyAppli.woa <x-msg://292/>
com.webobjects.foundation.NSForwardException for java.io.IOException: Timed out trying to create Socket
at com.webobjects.foundation.NSSocketUtilities._getSocketWithTimeout(NSSocketUtilities.java:145)
at com.webobjects.foundation.NSSocketUtilities.getSocketWithTimeout(NSSocketUtilities.java:100)
at com.webobjects.foundation.NSSocketUtilities.getSocketWithTimeout(NSSocketUtilities.java:58)
at com.webobjects.eodistribution.client.EOHTTPChannel.createSocket(EOHTTPChannel.java:401)
Am I missing something ? May be I am wrong about the way i start my java client ?
Thanks for any idea.
Pierre
_______________________________________________
Do not post admin requests to the list. They will be ignored.
http://lists.apple.com/mailman/options/webobjects-dev/aurelien.minet%40univ-provence.fr
_______________________________________________
WebObjects-dev mailing list
WebObjects-***@omnigroup.com
http://www.omnigroup.com/mailman/listinfo/webobjects-dev
Aurélien Minet
2011-03-14 23:22:23 UTC
Permalink
Post by Pierre Gilquin
Merci Aurélien.
De rien Pierre

the methode createSocket in the class extending EOHTTPChanel have to return a socket
I think Apache HttpClient would help to create one and handle proxy stuff
see http://svn.apache.org/repos/asf/httpcomponents/oac.hc3x/branches/HTTPCLIENT_3_0_BRANCH/src/examples/ProxyTunnelDemo.java

after Socket socket = response.getSocket();
you may have to add
socket.setTcpNoDelay(true);
socket.setSoTimeout(2147483647);

I also found that in NSSocketUtilities the creation of the socket was done in a internal class SocketThread which
extends Thread

Aurélien

ps: cntlm would be necessary if an NTLM authentication is necessary , if not Java Client only have to connect to the
proxy for accessing the application which behind it.
Post by Pierre Gilquin
I have already try to extend EOHTTPChannel. Until now without success ...
It's why i try to use cntlm.
cntlm.exe -c cntlm.ini -v
cntlm: New tunnel from 127.0.0.1:11443 to host.domain.tld:80
java MyClassUsingEOClientApplicationSupport -applicationURL http://localhost:11443/cgi-bin/WebObjects/MyAppli.woa
I dont understand why this is not working ...
Thanks for any idea
Pierre
----- Original Message -----
From: Aurélien Minet
Sent: Sunday, March 13, 2011 10:56 PM
Subject: Re: java client and ntlm proxy
Hi
Yes the socket is open directly, in fact stuff behind EOHTTPChannel (createSocket) doesn't take in account http.proxy*
args cause finally use java.net.Socket and not java.net.URL, so Java Client can't connect to the application trough any
HTTP proxy (NTML or not).
A solution could be to override NSSocketUtilities.getSocketWithTimeout or to extend
com.webobjects.eodistribution.client.EOHTTPChannel with a class having a methode createSocket which return a Socket.
We have got the same problem for Java Client connecting to the application using an https URL. A colleague make a POC
with a class which extends EOHTTPChannel and use javax.net.ssl
Aurelien
ps : for command line launching
java -classpath "jar list" com.webobjects.eoapplication.client.EOClientApplicationSupport
-applicationURL http://host.domain.tld/cgi-bin/WebObjects/App.woa [other arguments]
(prefer a .jnlp file for deployment)
Hi David,
Starting the application with JWS or at command line gives the same result.
I guess that the socket is open directly (port 80) without going thru the proxy and that's why I get a timeout error.
I dont get your idea, what can you check in the jnlp file ?
Thanks
Pierre
----- Original Message -----
*Sent:* Monday, March 07, 2011 8:26 PM
*Subject:* Re: java client and ntlm proxy
Hi Pierre,
Are you launching the application from a link that downloads a .jnlp file from the server? If so, look at it's
contents to be sure it is using the ports you think it is.
Dave
Hi all,
I am trying to use a java client inside a entreprise network using an ntml proxy with authentification for
accessing the outside world.
Seems that java cannot pass that kind of proxy. At least, I was not able to do it.
cntlm.exe -c cntlm.ini -v
cntlm: Proxy listening on 127.0.0.1:3128
cntlm: Resolving proxy TheBorringProxy ...
cntlm: Workstation name used: localhost
cntlm: Using following NTLM hashes: NTLMv2(1) NT(0) LM(0)
cntlm: PID 980: Cntlm ready, staying in the foreground
java -Dhttp.proxySet=true -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=3128 MyClass
-applicationURL http://www.externaldomain.com/cgi-bin/WebObjects/MyAppli.woa <x-msg://292/>
com.webobjects.foundation.NSForwardException for java.io.IOException: Timed out trying to create Socket
at com.webobjects.foundation.NSSocketUtilities._getSocketWithTimeout(NSSocketUtilities.java:145)
at com.webobjects.foundation.NSSocketUtilities.getSocketWithTimeout(NSSocketUtilities.java:100)
at com.webobjects.foundation.NSSocketUtilities.getSocketWithTimeout(NSSocketUtilities.java:58)
at com.webobjects.eodistribution.client.EOHTTPChannel.createSocket(EOHTTPChannel.java:401)
Am I missing something ? May be I am wrong about the way i start my java client ?
Thanks for any idea.
Pierre
_______________________________________________
Do not post admin requests to the list. They will be ignored.
http://lists.apple.com/mailman/options/webobjects-dev/aurelien.minet%40univ-provence.fr
_______________________________________________
WebObjects-dev mailing list
http://www.omnigroup.com/mailman/listinfo/webobjects-dev
_______________________________________________
Do not post admin requests to the list. They will be ignored.
http://lists.apple.com/mailman/options/webobjects-dev/aurelien.minet%40univ-provence.fr
Pierre Gilquin
2011-03-15 13:45:41 UTC
Permalink
I try what you said with httpclient, my code looks like :
proxyclient.getHostConfiguration().setHost("www.yahoo.com");
// set the proxy host and port
proxyclient.getHostConfiguration().setProxy("vali.hcuge.ch", 8080);
// set the proxy credentials, only necessary for authenticating proxies
proxyclient.getState().setProxyCredentials(
AuthScope.ANY,
new NTCredentials("pegn", "mypassword","localhost","huge"));

I used NTCredentials in order to use the domain of my login but now it is complaining with authentication :


15 mars 2011 12:33:48 org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
INFO: ntlm authentication scheme selected
15 mars 2011 12:33:50 org.apache.commons.httpclient.HttpMethodDirector processProxyAuthChallenge
INFO: Failure authenticating with NTLM <any realm>@vali.hcuge.ch:8080
Connect failed: HTTP/1.1 407 Proxy Authentication Required

did I miss something ? it's seems it doenot use my credentials ...

Thanks

Pierre
----- Original Message -----
From: Aurélien Minet
To: webobjects-***@lists.apple.com ; webobjects-***@omnigroup.com
Sent: Tuesday, March 15, 2011 12:22 AM
Subject: Re: java client and ntlm proxy
Post by Pierre Gilquin
Merci Aurélien.
De rien Pierre

the methode createSocket in the class extending EOHTTPChanel have to return a socket
I think Apache HttpClient would help to create one and handle proxy stuff
see http://svn.apache.org/repos/asf/httpcomponents/oac.hc3x/branches/HTTPCLIENT_3_0_BRANCH/src/examples/ProxyTunnelDemo.java

after Socket socket = response.getSocket();
you may have to add
socket.setTcpNoDelay(true);
socket.setSoTimeout(2147483647);

I also found that in NSSocketUtilities the creation of the socket was done in a internal class SocketThread which
extends Thread

Aurélien

ps: cntlm would be necessary if an NTLM authentication is necessary , if not Java Client only have to connect to the
proxy for accessing the application which behind it.
Post by Pierre Gilquin
I have already try to extend EOHTTPChannel. Until now without success ...
It's why i try to use cntlm.
cntlm.exe -c cntlm.ini -v
cntlm: New tunnel from 127.0.0.1:11443 to host.domain.tld:80
java MyClassUsingEOClientApplicationSupport -applicationURL http://localhost:11443/cgi-bin/WebObjects/MyAppli.woa
I dont understand why this is not working ...
Thanks for any idea
Pierre
----- Original Message -----
From: Aurélien Minet
Sent: Sunday, March 13, 2011 10:56 PM
Subject: Re: java client and ntlm proxy
Hi
Yes the socket is open directly, in fact stuff behind EOHTTPChannel (createSocket) doesn't take in account http.proxy*
args cause finally use java.net.Socket and not java.net.URL, so Java Client can't connect to the application trough any
HTTP proxy (NTML or not).
A solution could be to override NSSocketUtilities.getSocketWithTimeout or to extend
com.webobjects.eodistribution.client.EOHTTPChannel with a class having a methode createSocket which return a Socket.
We have got the same problem for Java Client connecting to the application using an https URL. A colleague make a POC
with a class which extends EOHTTPChannel and use javax.net.ssl
Aurelien
ps : for command line launching
java -classpath "jar list" com.webobjects.eoapplication.client.EOClientApplicationSupport
-applicationURL http://host.domain.tld/cgi-bin/WebObjects/App.woa [other arguments]
(prefer a .jnlp file for deployment)
Hi David,
Starting the application with JWS or at command line gives the same result.
I guess that the socket is open directly (port 80) without going thru the proxy and that's why I get a timeout error.
I dont get your idea, what can you check in the jnlp file ?
Thanks
Pierre
----- Original Message -----
*Sent:* Monday, March 07, 2011 8:26 PM
*Subject:* Re: java client and ntlm proxy
Hi Pierre,
Are you launching the application from a link that downloads a .jnlp file from the server? If so, look at it's
contents to be sure it is using the ports you think it is.
Dave
Hi all,
I am trying to use a java client inside a entreprise network using an ntml proxy with authentification for
accessing the outside world.
Seems that java cannot pass that kind of proxy. At least, I was not able to do it.
cntlm.exe -c cntlm.ini -v
cntlm: Proxy listening on 127.0.0.1:3128
cntlm: Resolving proxy TheBorringProxy ...
cntlm: Workstation name used: localhost
cntlm: Using following NTLM hashes: NTLMv2(1) NT(0) LM(0)
cntlm: PID 980: Cntlm ready, staying in the foreground
java -Dhttp.proxySet=true -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=3128 MyClass
-applicationURL http://www.externaldomain.com/cgi-bin/WebObjects/MyAppli.woa <x-msg://292/>
com.webobjects.foundation.NSForwardException for java.io.IOException: Timed out trying to create Socket
at com.webobjects.foundation.NSSocketUtilities._getSocketWithTimeout(NSSocketUtilities.java:145)
at com.webobjects.foundation.NSSocketUtilities.getSocketWithTimeout(NSSocketUtilities.java:100)
at com.webobjects.foundation.NSSocketUtilities.getSocketWithTimeout(NSSocketUtilities.java:58)
at com.webobjects.eodistribution.client.EOHTTPChannel.createSocket(EOHTTPChannel.java:401)
Am I missing something ? May be I am wrong about the way i start my java client ?
Thanks for any idea.
Pierre
_______________________________________________
Do not post admin requests to the list. They will be ignored.
http://lists.apple.com/mailman/options/webobjects-dev/aurelien.minet%40univ-provence.fr
_______________________________________________
WebObjects-dev mailing list
http://www.omnigroup.com/mailman/listinfo/webobjects-dev
_______________________________________________
Do not post admin requests to the list. They will be ignored.
http://lists.apple.com/mailman/options/webobjects-dev/aurelien.minet%40univ-provence.fr
_______________________________________________
WebObjects-dev mailing list
WebObjects-***@omnigroup.com
http://www.omnigroup.com/mailman/listinfo/webobjects-dev

Loading...