Proxies

Mark A. Claassen MClaassen at ocie.net
Thu Oct 6 19:53:27 UTC 2016 

Thanks for your reply.  We used to use JWS, but have decided not move away from that technology.

The proxy issue is my biggest problem right now.  If the system would know that a proxy is involved, pick it, and use whatever native authentication mechanism it might need, I would be all set.  However, if it just tells me what the proxy is, I would still need a way to get the credentials (Active Directory stuff, for instance).  It looked like the new HttpClient library uses many of the same SSL libraries (like SSLContext, TrustManager, ...), but if there isn't a way to authentication through a proxy, it is all for not.

Mark


Disclaimer:
The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting.

-----Original Message-----
From: Bernd Eckenfels [mailto:ecki at zusammenkunft.net] 
Sent: Thursday, October 06, 2016 3:17 PM
To: net-dev at openjdk.java.net
Subject: Re: Proxies

Hello,

Java HTTP clients (HTPURLConnection) can use a limited functionality of the system proxy. If you use Applet/JWS it is also configured on the cotnrol panel.

http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html

You can also access system key and trust stores (with limited functionality). You would use storeType=Windows-MY or Windows-root:

C:> keytool -list -storetype Windows-MY

Keystore-Typ: Windows-MY
Keystore-Provider: SunMSCAPI


PNRP (Naming), PrivateKeyEntry, Zertifikat-Fingerprint (SHA1):
xx:xx:xx:xx:xx..
BitLocker, trustedCertEntry, Zertifikat-Fingerprint (SHA1):
xx:xx:xx:xx:xx:xx:xx...
Eckenfels. Bernd, PrivateKeyEntry, Zertifikat-Fingerprint (SHA1):
xx:xx:xx:xx:xx:xx:xx..
...

Greetings
Bernd

Am Thu, 6 Oct 2016 18:58:45 +0000
schrieb "Mark A. Claassen" <MClaassen at ocie.net>:

> After asking some questions at JavaOne, I was told I could get more 
> complete answers here. My question is about authentication mechanisms 
> and support for native network configurations.
> 
> Is the new client going to have access to the system proxy 
> configuration settings?  It would be nice if there was a natural way 
> to use the system keystores as well.
> 
> This is a real pain-point for our rollouts.  People log in to their 
> computers (generally Windows and Macs for our users) and, if they can 
> access the web in their browser, they think that our application 
> should be able to as well.  However, we have to ask them to try to 
> duplicate their settings in our application.  Many times this involves 
> an authenticating proxy.  Is this possible to do with the new 
> HttpClient?  Is it possible without jumping through a lot of hoops?
> 
> (Currently we are using the Apache HttpClient library, which has hooks 
> where we can do some proxy authentication.)
> 
> Thanks,
> Mark
> 
> Disclaimer:
> The opinions provided herein do not necessarily state or reflect those 
> of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes 
> no legal liability or responsibility for the posting.
>

More information about the net-dev mailing list