DAP and http proxy authentication

I have a ASA firewall with http proxy authetication and now i configure DAP for Anyconnect with AD .I disable the "Default Dynamic Access Policy" proxy authentication fail .Someone knows how to configure the DAP for http proxy authentication ?
best regards

Still nothing about it. I've also posted to another threads with similar problems:
http://discussions.apple.com/message.jspa?messageID=8165122#8165122
http://discussions.apple.com/message.jspa?messageID=8165120#8165120
http://discussions.apple.com/message.jspa?messageID=8165118#8165118
http://discussions.apple.com/message.jspa?messageID=8149758#8149758
As I said before, while I've had OS 1.1.4, everything was normal. It began when I upgraded to 2.0.2 and after to 2.1. I also double checked if the TI here changed the policies, and they assured me they don't.
Several other users with 2.x are also reporting the same trouble. As far as now, I've came across a post suggesting me to install a local http proxy on the phone, but I don't think it's gonna work.
Let's keep this thread alive!

Similar Messages

WWSAPI - Cannot connect to web service via SSL and HTTP proxy authentication with NTLM, errorCode 0x803d0016, HTTP status 407

Hi,
I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
a second request with NTLMSSP_AUTH is sent.
Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
Any idea?
Thanks

Hi,
I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
a second request with NTLMSSP_AUTH is sent.
Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
Any idea?
Thanks

Http proxy authentication for JDev 10.1.3

Hi,
I found the http proxy settings in the "tools->preferences->Web Browser and Proxy" but there are no settings for the username and password. Is there some other way that I can add these.
The problem is that whenver JDeveloper wants to do some http stuff it (or something else is doing it) asks me for the proxy user name & password - this happens over and over again. If JDev is doing this then surely it should remember the username & password.
I sometimes get a JDeveloper dialog "waiting for the connection" come up over the proxy auth dialog and I have to cancel the function so I can authenticate, then re-request the function.
I wish I didn't have the proxy authentication but I have no choice in this dev environment. I do get to choose JDeveloper at least.
Regards,
Simon.

Hi,
I get it when I 'check for updates' and I get it again when I 'go to JavaDoc' - and this is the one where the "waiting for connection dialog" pops on top of the proxy log in and I have to cancel it to log in. Then all subsequent 'go to JavaDoc' requests go straight through.
I would prefer it if I could just configure (in proxy preferences) the username and password so it never asks me. I dont care if it less secure storing the password since I think authenticating proxies are a dumb idea anyway. If the password is not supplied then JDev can ask for it like it does now to keep the security-paranoid people happy.
Also, this morning I got this Exception which appeared at the same time I got a proxy auth window. When JDev finally started all my previously open windows were lost. No real problem but unexpected. Here is the stack dump:
java.lang.NullPointerException
     at oracle.jdevimpl.webdav.api.DAVAuthenticator.getPasswordAuthentication(DAVAuthenticator.java:79)
     at java.net.Authenticator.requestPasswordAuthentication(Authenticator.java:300)
     at sun.net.www.protocol.http.HttpURLConnection$1.run(HttpURLConnection.java:267)
     at java.security.AccessController.doPrivileged(Native Method)
     at sun.net.www.protocol.http.HttpURLConnection.privilegedRequestPasswordAuthentication(HttpURLConnection.java:263)
     at sun.net.www.protocol.http.HttpURLConnection.getHttpProxyAuthentication(HttpURLConnection.java:1427)
     at sun.net.www.protocol.http.HttpURLConnection.resetProxyAuthentication(HttpURLConnection.java:1246)
     at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:950)
     at oracle.ide.net.HttpURLFileSystemHelper.exists(HttpURLFileSystemHelper.java:191)
     at oracle.jdevimpl.webdav.net.WebDAVURLFileSystemHelper.exists(WebDAVURLFileSystemHelper.java:423)
     at oracle.ide.net.URLFileSystem.exists(URLFileSystem.java:498)
     at oracle.ideimpl.editor.EditorUtil.getNode(EditorUtil.java:126)
     at oracle.ideimpl.editor.EditorUtil.loadContext(EditorUtil.java:91)
     at oracle.ideimpl.editor.TabGroupState.loadStateInfo(TabGroupState.java:950)
     at oracle.ideimpl.editor.TabGroup.loadLayout(TabGroup.java:1758)
     at oracle.ideimpl.editor.TabGroupXMLLayoutPersistence.loadComponent(TabGroupXMLLayoutPersistence.java:31)
     at oracle.ideimpl.controls.dockLayout.DockLayoutInfoLeaf.loadLayout(DockLayoutInfoLeaf.java:123)
     at oracle.ideimpl.controls.dockLayout.AbstractDockLayoutInfoNode.loadLayout(AbstractDockLayoutInfoNode.java:631)
     at oracle.ideimpl.controls.dockLayout.AbstractDockLayoutInfoNode.loadLayout(AbstractDockLayoutInfoNode.java:628)
     at oracle.ideimpl.controls.dockLayout.AbstractDockLayoutInfoNode.loadLayout(AbstractDockLayoutInfoNode.java:614)
     at oracle.ideimpl.controls.dockLayout.DockLayout.loadLayout(DockLayout.java:302)
     at oracle.ideimpl.controls.dockLayout.DockLayoutPanel.loadLayout(DockLayoutPanel.java:128)
     at oracle.ideimpl.editor.Desktop.loadLayout(Desktop.java:353)
     at oracle.ideimpl.editor.EditorManagerImpl.init(EditorManagerImpl.java:1824)
     at oracle.ide.layout.Layouts.activate(Layouts.java:758)
     at oracle.ide.layout.Layouts.activateLayout(Layouts.java:179)
     at oracle.ideimpl.MainWindowImpl$2.runImpl(MainWindowImpl.java:734)
     at oracle.javatools.util.SwingClosure$1Closure.run(SwingClosure.java:50)
     at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:199)
     at java.awt.EventQueue.dispatchEvent(EventQueue.java:461)
     at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
     at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
     at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
     at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
     at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)

Supressing the Browser HTTP Proxy Authentication Popup

Hi there.
I have an applet that does some socket proxying/tunnelling.
It has some code that detects whether the browser is connecting through a HTTP proxy and whether or not that proxy requires authentication.
When the code runs in a browser with a direct connection to the internet it is all good.
When the code runs in a browser with a standard HTTP Proxy connection to the internet it is all good.
But.. when it is connected through a HTTP Proxy that requires authentication I get a Java popup box asking for the Proxy's Username/Password.
See image here: http://peterdamen.com/JavaProxyPopup.png
I just want to suppress this popup. It pops up in the middle of a java routine, which suspends execution and then ruins javascript that communicates with the applet in the host HTML page.
Any ideas?
Thanks.
Peter

Did you ever get this figured out? I have the same issue. Thanks.

TL 11g: JPA and DB proxy authentication?

Hi!
I posted similar question of JDev 11g forum, but I hope I can get more profound expertise here :)))
OK. I want to make a proof-of-concept for end-to-end security using a novel 11g technology: I want to use EJB 3.0 / JPA (TopLink) and to enable subject identity propagation to database using Proxy Authentication mechanism. I stress that I want to use JPA (annotated entities) and not TopLink mappings, and to have as simplest as possible code (yes, I know...).
Now, my idea is to use Session Event Listener (registered in persistance.xml) to set a proxy connection inside a standard unit of work connection defined in persistance.xml (in the proxy connection I would not set username/password in event listener as I want to do that inside EJB Session Facade).
Then, in EJB Session Fascade I would like to set a username/password for database login in session that will be used to execute a JPA transaction. I discovered that I can get a ServerSession and Active Session from Entity Manager, with:
EntityManager em = emf.createEntityManager();
ServerSession serverSession = ((oracle.toplink.jpa.JpaEntityManager)em).getServerSession();
Session activeJPASession = ((oracle.toplink.jpa.JpaEntityManager)em).getActiveSession();What I don't know is how to proceed. Do I have to use Server Session to create/open a new Client Session (but, I'm not sure if then I also have to use a manual transactions inside EBJ Session Bean method, or I can rely on container managed transaction?)? Or I can just set username/password on Active Session. Or I can change a DatabaseLogin (ActiveSession.getLogin().setUsername().setPassword())?
Please, any advice is appreciated. I'm not an expert on JPA/TopLink so I may spend days figuring this out...
Thanks in advance!
PaKo

PaKo,
We need to make proxy authentication easier through the JPA interface. At present you can configure the event listener using the toplink.session-event-listener to implement the proxy events as described in the documentation. The piece that is missing is the ability to pass in the proxy authentication credentials when acquiring an EntityManager.
You are correct that you would need to acquire a client session directly (Note: the JpaHelper can help). When acquired you can use this client session to access the database but it will function only as TopLink's native API and not completely as JPA.
I filed bug 219434 against EclipseLink to address passing the credentials into:
EntityManagerFactory.createEntityManager(Map properties)I will continue to investigate to get you a better solution.
Doug

Java Nio and http proxy

Hello,
I would send a http request through a http proxy with a Nio Client. So I wrote by hand the
http request :
buffer.append("HTTP/1.1\n");
buffer.append("Content-type: text/xml\n");
Then I send this request with a Nio Client but the request doesn't pass.
Can you help me ?

I use tcp to send my request with a nio Client. The header of my http request :
StringBuffer buffer = new StringBuffer();
buffer.append("POST ");
String path = "/";
buffer.append(path + " ");
buffer.append("HTTP/1.1\r\n");
buffer.append("Content-type: text/xml\r\n");
buffer.append("Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\n");
buffer.append("Host: 10.194.55.23:80\r\n");
buffer.append("Connection: keep-alive\r\n");
buffer.append("Content-Length: 0\r\n");
buffer.append("\r\n");

Nio and http proxy

I want to use http proxy in nio.but i can't find any methods in socketChannel.(if use socket, i could use such code do impl this
Socket socket = new Socket(new Proxy(......));
socket.connect(serverAddress); now i want to set a http proxy to SocketChannel, but i found it's impossiable to construct a SocketChannel from a pre exist socket.
how to use proxy in nio.
thanks all.

I use tcp to send my request with a nio Client. The header of my http request :
StringBuffer buffer = new StringBuffer();
buffer.append("POST ");
String path = "/";
buffer.append(path + " ");
buffer.append("HTTP/1.1\r\n");
buffer.append("Content-type: text/xml\r\n");
buffer.append("Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\n");
buffer.append("Host: 10.194.55.23:80\r\n");
buffer.append("Connection: keep-alive\r\n");
buffer.append("Content-Length: 0\r\n");
buffer.append("\r\n");

Https proxy authentication

I have a strange behaviour while browsing with Safari:
I'm located behind a proxy server which requires authentication. For all http requests, everything works perfect, at the first access ever, Safary asked me to supply username and pasword for the proxy, I've chosen to save the password in my key chain and was never asked again for the pasword.
For https requests, Safari asks at least one time per request to put in my proxy username and password. Sometimes, it seems that Safari asks for each single object on a web pagefor the proxy credentials.
I've tried to narrow down the effect and it seems, that this is related to WebKit. If I use Firefox, it asks me only once to put in the proxy credentials and that's it. With OmniWeb (which is also based on WebKit) I have the same problem as in Safari.
Has somebody got the same effect or even has a solution for that?
Thanks,
Frank
MacBook Pro Mac OS X (10.4.8) 15 inch, Core 2 Duo, 200GB HDD

I have the same problem:
I have to connect to a https url to post a string (and read the answer: OK or KO).
The problem is that I have to set up this with jdk 1.2, so:
- I download jsse 1.03
- I set up the provider statically inside java.security
(security.provider.2=com.sun.net.ssl.internal.ssl.Provider)
- I use the code:
System.setProperty("https.proxyHost","proxy");
System.setProperty("https.proxyPort","80");
System.setProperty("https.proxyUser","user");
System.setProperty("https.proxyPassword","password");
String password = "user:password";
String encodedLogin = new sun.misc.BASE64Encoder().encodeBuffer(password.getBytes());
System.setProperty("https.agent", "JSSE\n\rProxy-Authorization: "+encodedLogin+"\n\r");
URL url = new URL(urlString);
HttpsURLConnection connection = (HttpsURLConnection)url.openConnection();
connection.setRequestProperty("Proxy-Authorization", "Basic " + encodedLogin);
//connection.connect();
connection.setDoInput( true );
connection.setDoOutput( true );
connection.setAllowUserInteraction(false);
//URLConnection connection = new HttpsURLConnection(url);
InputStream inStream = connection.getInputStream();
When I call the getInputStream() I get the exception:
java.io.IOException: Unable to tunnel through XX.XY.ZX.WW:80. Proxy returns "HTTP/1.1 407 Proxy Access Denied
How can I authenticate to the proxy? The previos tips doesn't works ...
Any suggest?

IOS Global HTTP Proxy Authentication Error.

I have been attempting to use the HTTP Global Proxy feature on a group of iPads. Unfortunately, the proxy servers that I set up are starting to get spammed and we need to activate some form of authentication to avoid this problem. I have tried many methods and the result is always the same, the iPad keeps prompting the user for the username and password every few minutes, no matter how many times they have entered it correctly.
Is there any form of authentication that works smoothly? I am currently using Squid, but could use any other, and can run it on any OS that would make it work!

Here are the relevant parts of my squid config and some examples of what are in the acl files. I downloaded the ip list from ipdeny.com. As it was, the end of line character wasn’t correct and I had to correct that before squid would read it correctly. I just copied and pasted it into a new file to correct it.
I don’t know if this is the best way to approach this, and I am sure there are some problems with it currently. I am continuing to tweak it as things come up. With all allowed domains the number of authentication pop ups I received were drastically reduced. Looking it over I already see that rearranging the allow and deny rules would be of benefit for me.
I am also using fail2ban on this server with the squid configuration file from http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal#Squid_filter. This does eventually block someone who gets enough TCP_DENIED 407 messages. I also had modified it to include 403 messages with some success. The amount of blocks we receive from blocking ads I would get devices locked out unintentionally but increasing the number of attempts seems to have resolved this.
squid.conf
## ACL for blocked files originally just .exe
acl blockedfiles urlpath_regex "/etc/squid/blocked.files.acl"
## ACL for blockedomains
acl blockeddomain dstdomain "/etc/squid/blocked.domains.acl"
## ACL for allowedomains
acl alloweddomain dstdomain "/etc/squid/allowed.domains.acl"
## ACL for allowed user agents
acl allowedbrowser browser "/etc/squid/allowed.browser.acl"
##Acl for Users requiring proxy authenticiation
acl password proxy_auth REQUIRED
## United States External Allowed
acl external src "/etc/squid/us.zone"
## Internal Networks
acl internal src "/etc/squid/local.zone"
##Allow access from the admwired network defined above without authentication
http_access allow internal
##Block the following based on acl defined above
http_access allow alloweddomain
http_access deny blockedfiles
http_access deny blockeddomain
http_access deny !allowedbrowser
##Allow access from all networks but require authentication
http_access deny !password
http_access allow external password
#And finally deny all other access to this proxy
http_access deny all
allowed.browser.acl
^.*iPad.*$
blocked.files.acl
\.[Ee][Xx][Ee]$
us.zone
103.246.248.0/24
113.29.0.0/17
163.60.0.0/16
192.103.43.0/24
202.72.96.0/20
203.144.48.0/20
203.187.128.0/19
3.0.0.0/8
4.0.0.0/8
6.0.0.0/8
7.0.0.0/8
8.0.0.0/8
9.0.0.0/8
11.0.0.0/8
12.0.0.0/8
13.0.0.0/8
etc…..
allowed.domains.acl
.apple.com
.mzstatic.com
.appextras.com
.google.com
.facebook.com
.gstatic.com
.amazonaws.com
.bloxcms.com
.lyveapps.com
.doubleclick.net
.googleusercontent.com
.2mdn.net
.admob.com
.mopub.com
.googletagservices.com
.quantserve.com
.exelator.com
.facebook.net
.google-analytics.com
.googleadservices.com
.scorecardresearch.com
.qwapi.com
.appspot.com
.mobclix.com
.crashlytics.com
.mm.bing.net
.verisign.com
plus some more for specific ipad apps that I had to allow

Http proxy authentication

hi
Could any body tell me how to connect to a resource outside
firewall.I know about the system properties namely httpProxyPort and
httpProxyHost.But can somebody tell me about the how to authenticate from the application.Note i am not using a browser based client.
Thanks in advance
Kappu

can anyone tell me how to do proxy authetication if NTLM authorization is involved...i wrote a java client that is behind MS Proxy server and hence facing problem in establishing connection with sites...i am getting UnknownHost Exception when i try to call conn.connect() i think it's due to NTLM protocol..Can any one help me in this.
Thanks in advance
mano

TopLink Proxy authentication issue

Hello all,
I tried to use proxy authentication for TopLink for connecting to a database via TopLink in a J2EE application deployed on an Oracle iAS 10.1.2. For doing that, I tried to follow the steps described in the TopLink documentation (http://www.oracle.com/technology/products/ias/toplink/doc/1013/main/_html/dblgcfg008.htm#BABDABCF) with the last scenario, "Server Session uses Proxy Connection".
According to the previously mentioned documentation, I created a session event handler for the preLoginEvent session event, the preLogin(SessionEvent event) method that I copied below.
The issue with this is that, when I try to run a TopLink query in a Java DAO class, I obtained some exceptions. There are two cases here:
1-If the code preLogin(SessionEvent event) is exactly as below, it seems that the queried views/tables cannot be seen. The exception obtained is:
Exception [TOPLINK-4002] (Oracle TopLink - 10g Release 3 (10.1.3.0.0) (Build 060118)): oracle.toplink.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: ORA-00942: table or view does not exist
Error Code: 942
Call:SELECT count(*) FROM CIFHUB.SCQA_TEMPLATE
Query:DataReadQuery()
at oracle.toplink.exceptions.DatabaseException.sqlException(DatabaseException.java:290)
at oracle.toplink.internal.databaseaccess.DatabaseAccessor.basicExecuteCall(DatabaseAccessor.java:570)
at oracle.toplink.internal.databaseaccess.DatabaseAccessor.executeCall(DatabaseAccessor.java:442)
at oracle.toplink.threetier.ServerSession.executeCall(ServerSession.java:453)
at oracle.toplink.internal.queryframework.DatasourceCallQueryMechanism.executeCall(DatasourceCallQueryMechanism.java:117)
at oracle.toplink.internal.queryframework.DatasourceCallQueryMechanism.executeCall(DatasourceCallQueryMechanism.java:103)
at oracle.toplink.internal.queryframework.DatasourceCallQueryMechanism.executeSelectCall(DatasourceCallQueryMechanism.java:174)
at oracle.toplink.internal.queryframework.DatasourceCallQueryMechanism.executeSelect(DatasourceCallQueryMechanism.java:156)
at oracle.toplink.queryframework.DataReadQuery.executeNonCursor(DataReadQuery.java:118)
at oracle.toplink.queryframework.DataReadQuery.executeDatabaseQuery(DataReadQuery.java:110)
at oracle.toplink.queryframework.DatabaseQuery.execute(DatabaseQuery.java:603)
at oracle.toplink.queryframework.DataReadQuery.execute(DataReadQuery.java:96)
at oracle.toplink.publicinterface.Session.internalExecuteQuery(Session.java:2062)
at oracle.toplink.publicinterface.Session.executeQuery(Session.java:981)
at oracle.toplink.publicinterface.Session.executeQuery(Session.java:938)
at oracle.toplink.publicinterface.Session.executeSelectingCall(Session.java:1027)
at oracle.service.infra.myservlet.ACSProxyTestServlet.callTopLinkQuery3(ACSProxyTestServlet.java:138)
at oracle.service.infra.myservlet.ACSProxyTestServlet.doGet(ACSProxyTestServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
at oracle.service.infra.servlets.SecurityFilter.doFilter(SecurityFilter.java:105)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:663)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
at java.lang.Thread.run(Thread.java:534)
2 - If in the preLogin(SessionEvent event) code, the line login.setProperty("proxytype", Integer.toString(OracleConnection.PROXYTYPE_USER_NAME)); is uncommented, then another exception is obtained. In this case another exception is obtained: an Invalid User/Password exception is thrown. If I comment this line, the login is successfull, but I obtain the exception at section 1.
I have to tell you in both cases the parameters of the Data source are properly set. I tested the datasource in another servlet where I created directly the connection based on the same datasource taken from the application server's JNDI.
Do you have any hint or idea about this issue?
Thanks a lot in advance!
Regards,
Marinel
public void preLogin(SessionEvent event)
DatabaseLogin login = event.getSession().getLogin();
// Make sure that external connection pooling is used
login.setUsesExternalConnectionPooling(true);
// Custom code to get the connector
try
login.setConnector(new OracleJDBC10_1_0_2ProxyConnector("jdbc/acs_proxyDS"));
} catch (Exception ex)
ex.printStackTrace();
// End of custom code to get connector
// login.setProperty("proxytype", Integer.toString(OracleConnection.PROXYTYPE_USER_NAME));
login.setProperty(OracleConnection.PROXY_USER_NAME, "[email protected]");
login.setProperty(OracleConnection.PROXY_DISTINGUISHED_NAME, "cn=my_name,l=emea,dc=oracle,dc=com");
String[] roles = new String[1];
roles[0] = "Manager";
login.setProperty(OracleConnection.PROXY_ROLES, roles);
}

Hi, I am also working on proxy authentication and am having the same problem as Marinel.
If I use a normal jdbc proxy connection, I can access the table just fine, and using a direct Toplink connection works fine.However, when i try and use proxy authentication via Toplink, i do not have permissions on the table.
From your last update,it seems that if I want to use DISTINGUISED NAME authentication, I should set "proxytype" to OracleConnection.PROXYTYPE_DISTINGUISHED_NAME, and set OracleConnection.PROXY_DISTINGUISHED_NAME to the full user distinguised name.
I have temporarily altered my preLogin Event as below to show these two scenarios, to access the table via normal jdbc proxy connection (and this part works), and then below that I try and set up the Toplink proxy session(which fails).
public void preLogin(SessionEvent event) {
DatabaseLogin login = event.getSession().getLogin();
// Make sure that external connection pooling is used
login.setUsesExternalConnectionPooling(true);
String urlThin =
"<jdbc_url>";
OracleDataSource ds;
OracleConnection oc = null;
try {
// Part 1 - Setup and access the PROXYDUMMY1 table using jdbc proxy sessions
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
ds = new OracleDataSource();
ds.setURL(urlThin);
Properties props = new java.util.Properties();
props.put(OracleConnection.PROXY_DISTINGUISHED_NAME,
"cn=firstname_lastname,l=emea,dc=oracle,dc=com"); props.put("proxytype",OracleConnection.PROXYTYPE_DISTINGUISHED_NAME);
ds.setUser("database_account");
ds.setPassword("database_password");
oc = (OracleConnection)ds.getConnection();
oc.openProxySession (OracleConnection.PROXYTYPE_DISTINGUISHED_NAME, props);
String sql= " SELECT COL1, COL2 FROM PROXYDUMMY1";
Statement stmt = oc.createStatement();
ResultSet rSet = stmt.executeQuery(sql);
System.out.println("==============User requested data=================");
while ( rSet.next() )
System.out.println(rSet.getString(1));
rSet.close();
stmt.close();
//Part 2 - set up the proxy session for use by Toplink
login.setConnector(new OracleJDBC10_1_0_2ProxyConnector(ds));
login.setProperties(props);
} catch (Exception e) {
System.out.println("Exception: ProxyConnection.getConnection: "+e.getMessage());
e.printStackTrace();
}

Annoying Proxy authentication requests

In our lan we use Firefox (various versions, from 8 to 23, also 17 ESR releases) on windows computers (xp and 7 32 bit) . We require a http proxy authentication (squid) with username and password. We usually configure only Internet Options in windows control panel checking the flag on "use automatic configuration script" with an url like "http://proxy/proxy.pac". In this script we give a list of intranet sites (web applications) that don't require a proxy authentication on internet because are internal sites on our lan. So on firefox we use the option "Use system proxy settings". The issue is: during a session on those intranet sites the firefox dialog window for proxy authentication often appears annoying the operator who has to close it every time. We have tried to mitigate the problem disabling firefox automatic updates, add-ons updates, search engines updates, do not track requests, attack sites and web forgeries lists updates, telemetry, health and crash reports. It seems not to be enough to solve the problem.
Are there other settings to set in "about:config" page? workarounds? add-ons?
Thanks for your help in advance.
PS: sorry for my english, I'm still learning.

I have done some other tests and disabling all settings i mentioned above in the topic the issue is solved.
Bye

Strange behaviour when using connection pooling with proxy authentication

All
I have developed an ASP.NET 1.1 Web application that uses ODP.NET 9.2.0.4 accessing Oracle Database 8i (which is to be upgraded to 10g in the coming months). I have enabled connection pooling and implemented proxy authentication.
I am observing a strange behaviour in the live environment. If two users (User 1 and User 2) are executing SQL statements at the same time (concurrent threads in IIS), the following is occurring:
* User 1 opens a new connection, executes a SELECT statement, and closes this connection. The audit log, which uses the USER function, shows User 1 executed this statement.
* User 2 opens the same connection (before it is released to the connection pool?), excutes an INSERT statement, and closes this connection. The audit log shows User 1, not User 2, executed this statement.
Is this a known issue when using connection pooling with proxy authentication? I appreciate your help.
Regards,
Chris

Hi Chris,
I tried to reproduce your complaint, but was unable to. I didnt use auditting however, just a series of "select user from dual" with proxy authentication. You might want to see if you can put together a small complete testcase for this and open a sr with support.
Cheers
Greg

How to configure HTTP Proxy

I want XE to validate DTD references made in XML schema definitions. Metalink note 262708.1 refers to setting HTTP_PROXY environment variable/Registry value to do this through corporate firewalls.
Can I set this in XE? If so, how is it done on Windows XP?

OK, for the record I set the HTTP_PROXY value in HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_XE to
http://<username>:<password>@<http.proxy.server>:<port>
which seemed to do the trick as far as basic MS HTTP/proxy/authentication is concerned. The proxy software/configuration thereon is another matter...

Safari, Proxy Authentication, and Certificate Authorities ( for https )

A recent update to Safari has caused it to not work with our proxy authentication. It will not provide authentication details when looking up SSL certificate authorities, causing certificate errors on all https:// websites. All other traffic (http, https if certificate is bypassed, plugins, etc.) seem to work just fine. Is anyone else having this problem? If so, is there a fix?
It occurs on Mac and PC. I am using SquidGuard with NTLM authentication. All other browsers on our system (IE x.x, FireFox, Chrome, Opera ) don't have this issue.

I have the same problem and it's frustrating as can be.
What happens to me is that When I bring my laptop to work, and put it on the work network and launch Safari, Safari informs me that each of my plugins is invalid and then uninstalls them - I'm effectively not able to use any plug ins at work, and I have to go hunt them down when I get back home (for reference, The extensions are still physically in \users\me\Library\Safari\Extensions - so when I get home I can just double click on all of them)
I opened a case with apple and I encourage you to do the same. Perhaps if enough users complain they will find a gentler way to work with it.
They had me do a capture and after analyzing it said it was an issue with the work network and not being able to valdate the extensions.
It sounds like the same issue you have - as my work network uses a proxy as well.
The rep suggested that I use a different browser at work, but I'm so used to clicking safari, that I do it out of habit.
I really like Safari, and hope they get it fixed - Safari may not get respect in the windows world, but it's really a great browser - especially on a laptop where screen real estate is limited (where I often hit command-shift-\ to hide the address bar to see more of the page)
-Jack

DAP and http proxy authentication

Similar Messages

Maybe you are looking for