Friday June 16, 2006

Application Server and Proxy Authentication

The problem came up at least twice so far on our Java Studio Creator Forum. How can the application server use a proxy to connect to remote webservices etc when the proxy setup requires user authentication?

It looks like the normal Java SE 5 JDK does not provide any system properties alongside http.proxyHost and friends. At least I could not find any reference in the official documentation.

I think I found a way But - I can not test it!! I don't have a proxy setup which requires authentication. I did some tests with normal web site authentication and those seemed to work as expected

This will only work with Java SE 5 or newer! In that version java.net.Authenticator changed a bit so that I can distinguish between authentication requests from normal servers and from proxies.

The Authenticator is not hard to write, I wrote one which takes additional system properties, http.proxyUserName, http.proxyPassword and the https.* versions. You can also write one which will find that information in a file or from LDAP if you like. In a development environment you could even bring up a dialog But that will not work for headless systems

The trick is, you have to get a default Authenticator registered with the jvm which runs the application server. That turned out to be a bit harder. I did not find any hook where I could execute some code in the global server at startup (or at least before the first connection attempt to the proxy). You can't add it to normal applications, the SecurityManager will not let you do that

My solution to the problem was a little jar file in the boot classpath I took the java.net.Authenticator source from the JDK src.zip and added a little static bit to it Something like

   
    static {
        ProxyAuthenticator.registerProxyAuthenticator();
    }

That will make sure, my Authenticator will be the default one If something later overwrites it, that's ok I guess.

So when a proxy server (or a web server) asks for authentication, my code will be invoked and I can do whatever I need to get the username and password

To use this approach, add the following into the domain.xml in your application server.

<jvm-options>-Xbootclasspath/p:<path_to>Proxy1.jar</jvm-options>
<jvm-options>-Dhttp.proxyHost=<host></jvm-options>
...
<jvm-options>-Dhttp.proxyUserName=<user></jvm-options>
<jvm-options>-Dhttp.proxyPassword=<password></jvm-options>
...

Here is my little NetBeans 5.0 project and a pre-built jar file. I hope this helps some people. Please let me know if it works

Have fun
-- Marco
( Jun 16 2006, 04:49:46 PM PDT ) Permalink