How to perform EJB client access through an proxy server

Discussions

EJB programming & troubleshooting: How to perform EJB client access through an proxy server

  1. We are trying to do Weblogic EJB client access using https tunneling, through a proxy server. Using the properties 'ssl.proxyHost' and 'ssl.proxyPort' this works OK as long as the proxy server does not authenticate. But when the proxy server (MS Proxy Server 2) is authenticating we can not get it to work. We tried using the class
    weblogic.common.ProxyAuthenticator and the java.net.Authenticator class without much luck. The proxy server needs a user name, password and a domain.

    Does anyone know how to do this?
    Thanks,

    Joop Kaashoek
  2. Well, if you were trying to access a page, the following would do the trick:

     URL url = new URL("https://www.theserverside.com");
     URLConnection connection = url.openConnection();
     String password = "nerds
    fsavci:winkwink";
     String encodedPassword = base64Encode( password );
     connection.setRequestProperty( "Proxy-Authorization",
        encodedPassword );
     ...

    You are probably trying to take advantage of BEA's T3 protocol for http/s tunneling for remote method invocation; I don't know if you can manage T3 connections this way (if in any way at all).
  3. To complement the above post: for Base 64 encoding you can use:

     encodedPassword = (new sun.misc.Base64Encoder()).
                encode(password);

    Please note, I usually refrain from using sun.* packages. Some environments (like in an applet or an RMI service, where a security manager is in charge) restrict access to either classes or individual methods within classes and the security requirements are not documented (security requirements for java.* or javax.* packages are documented in the JDK API docs).
  4. Unfortunately you can not directly control the connection made by an EJB, you can only use properties to change the standard behavior. The class 'weblogic.common.ProxyAuthenticator' is supposed to take care of supplying the credentials to the proxy server but it goes into an endless loop...