HTTP 1.1 firewall tunneling in Dev 6.0

Similar Messages

• RV042 opens ports 80 and 443 when HTTPS enabled in firewall

  I recently installed an RV042 v1.1 vpn router (older hardware revision but using the latest available firmware 1.3.12.19-tm) and set up VPN access with the QuickVPN client.  QuickVPN requires that the HTTPS setting be enabled under the Firewall options, so I did.  I then scanned our static IP with grc.com's ShieldsUP! to check for open or non-stealthed ports and discovered that ports 80 and 443 show as wide open, while port 113 is closed but not stealthed.  If I disable the HTTPS setting under Firewall, then ports 80 and 443 become stealthed.  Is there any way to use QuickVPN and keep these ports stealthed?
  Thank you!
  Tim

  Solved this by forwarding ports 80, 113 and 443 to an unused internal IP address.  Tested QuickVPN after doing this and am still able to log on AND have a full stealth rating from ShieldsUP!

• Sending files via File Adapter through FTP having a HTTP proxy as firewall

  Dear  experts,
  I am having a issue trying to send a file via FTP with the File Adapter. My client has a HTTP proxy with authentification required as firewall  in order to send files via FTP.
  I've tried several solutions but I cannot find a way to add the proxy name, user and password in the communication channel.
  Any ideas?
  Thanks in advance.
  Best Regards

  Hi,
  Unfortunately those changes didn't work. The adapter is not able to establish a connection within the FTP server. These are the parameters I added:
  -Dhttp.proxy.user=<usename>
  -Dhttp.proxy.password=<userpassword>
  -Dhttp.proxyHost=<proxy.domain...>
  -Dhttp.proxyPort=80
  -Dhttp.nonProxyHost="*domain1.com domain2com"
  -Dhttps.proxy.user=<usename>
  -Dhttps.proxy.password=<userpassword>
  -Dhttps.proxyHost=<proxy.domain...>
  -Dhttps.proxyPort=80
  -Dhttps.nonProxyHost="*domain1.com domain2com"
  And just in case, we tried with these other parameters at the same time.
  -Dftp.proxy.user=<usename>
  -Dftp.proxy.password=<userpassword>
  -Dftp.proxyHost=<proxy.domain...>
  -Ddftp.proxyPort=80
  -Dftp.nonProxyHost="*domain1.com domain2com"
  The errors in the adapter engine's log are:
  Error MP: Exception caught with cause com.sap.aii.af.ra.ms.api.RecoverableException: Error when getting an FTP connection from connection pool: com.sap.aii.af.service.util.concurrent.ResourcePoolException: Unable to create new pooled resource: ConnectException: Socket connection timed out: <ftp ip address>
  Error Exception caught by adapter framework: Error when getting an FTP connection from connection pool: com.sap.aii.af.service.util.concurrent.ResourcePoolException: Unable to create new pooled resource: ConnectException: Socket connection timed out: <ftp ip address>
  Error Delivery of the message to the application using connection File_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Error when getting an FTP connection from connection pool: com.sap.aii.af.service.util.concurrent.ResourcePoolException: Unable to create new pooled resource: ConnectException: Socket connection timed out: <ftp ip address>
  By the way, we are using  PI 7.0.
  Thanks in advance
  Edited by: SAPIMSA . on Apr 20, 2011 4:08 PM

• Can an OSX 10.6 Server Firewall tunnel to a Watchguard Firewall?

  I have been tasked with trying to create a VPN tunnel between an Mac server and a Watchguard firewall.  There are little options in which to make this connection work.....
  Is it even possible to create this tunnel between the networks?
  Thanks,
  Tom

  https://discussions.apple.com/community/servers_enterprise_software

• 10.4.11 and HTTPS through corporate firewall

  At work we just moved to 10.4.11 from 10.4.9, and now apparently anything that requires https doesn't work any more in Safari. We first noticed it with email sites like Hotmail, Gmail, Yahoo mail etc. At work we're going through our corporate firewall which is apparently a Windows-based firewall. I'm not in IT so I can't provide details on that.
  It does appear to be a problem with Safari specifically because Firefox still works with https sites through the same firewall. With Safari, I've tried using both a pac file and setting the proxy settings manually, with the same results either way. Additionally, these Macs were working with these sites when they were on 10.4.9.
  Does anybody know what changed in OS X between 10.4.9 and 10.4.11 that might be causing this problem? Does anybody have any potential solutions? Keep in mind that using Firefox is not an option because it's been outlawed in my department, and similarly I'm not in IT here and I have no control over the firewall or changing anything on it.
  Not being able to get to any secure sites in Safari is a real pain. I had to use Firefox just to post this, because it required a secure sign on. On all these machines everything is fully upgraded through 10.4.11, including Safari 3.1.1. Anything to even point me in the right direction would be helpful. Thanks.

  I may not have a solution, but I can tell you that HTTPS works fine for me from behind my corporate firewall (Safari 3.1.1, OS X 10.4.11). If there's a proxy server needed (there is for me, and that's something you seem to have investigated with your IT department) I assume you have the setting for that enabled in System Preferences > Network > active connection > Proxies tab; also, if the box for HTTPS is checked and you are not behind a proxy server, the connection will fail, so UNcheck the box.
  Note that FireFox uses it's own proxy settings (Preferences > Advanced tab > Network tab > Settings button), bypassing the OS X network prefs.
  Hope this helps...

• Not able HTTP servers outside firewall

  Hi
  I unable to connect external web server from my java program.
  Even I used follwing code to in my java program. I am getting
  some problem with encoding the password(base64Encode)
  Please anyone can give code to bypass this corporate firewall
  from my program(I know the password and user name).
  System.getProperties().put( "proxySet", "true" );
  System.getProperties().put( "proxyHost", "myProxyMachineName" );
  System.getProperties().put( "proxyPort", "85" );
  URLConnection connection = url.openConnection();
  String password = "username:password";
  String encodedPassword = base64Encode( password );
  connection.setRequestProperty( "Proxy-Authorization",
  encodedPassword );
  Avanti
  null

  Things looks a little weird with the VLAN 2 interface having an IP address. Once you create the BVI interface that is where all of the layer 3 stuff should go.
  I would so try adding IP NAT inside to the BVI interface.
  Elton
  Sent from Cisco Technical Support iPhone App

• SSH: Tunneling HTTP

  This is what I'm trying to do, the first paragraph, Tunneling HTTP:
  http://www.plenz.com/tunnel-everything
  This is the error I get:
  debug1: Connection to port 8118 forwarding to localhost port 8118 requested.
  debug1: channel 1: new [direct-tcpip]
  channel 1: open failed: connect failed: Connection refused
  debug1: channel 1: free: direct-tcpip: listening port 8118 for localhost port 8118, connect from 127.0.0.1 port 43117, nchannels 2
  /etc/ssh/sshd_config
  Port huhuhu
  ListenAddress 0.0.0.0
  AllowUsers huhuhu huhuhu
  Protocol 2
  HostKey /etc/ssh/ssh_host_dsa_key
  LoginGraceTime 2m
  PermitRootLogin no
  MaxAuthTries 6
  PubkeyAuthentication yes
  AuthorizedKeysFile %h/.ssh/authorized_keys
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  X11Forwarding no
  Subsystem sftp internal-sftp
  Match User huhuhu
  ChrootDirectory /home/sftp
  AllowTcpForwarding no
  ForceCommand internal-sftp
  /etc/ssh/ssh_config is default.
  any idea?
  TIA

  Here is mine.  You're just missing a few options with respect to tunneling:
  $ sed -e '/^\#/d' -e '/^$/d' /etc/ssh/sshd_config
  Port 10201
  ListenAddress 0.0.0.0
  Protocol 2
  LoginGraceTime 30
  PermitRootLogin no
  MaxAuthTries 3
  RSAAuthentication yes
  PubkeyAuthentication yes
  PasswordAuthentication no
  PermitEmptyPasswords no
  ChallengeResponseAuthentication no
  UsePAM no
  AllowAgentForwarding yes
  AllowTcpForwarding yes
  TCPKeepAlive yes
  ClientAliveInterval 180
  PermitTunnel yes
  Subsystem sftp /usr/lib/ssh/sftp-server

• Http tunneling

  I'm facing some problems while doing http tunneling thru proxy and below I'm giving some trace messages.
  Without proxy the system seems to work ok.
  Client -------- proxy ------- Tunnel Server --------- Server
  The tunnel server tries to send back the data to client on the http connection.
  The client is trying to receive data on the http connection.
  The tunnel forwarder throws the following exception. Basically the tunnel forwarder thinks that the socket is closed immediately.
  java.net.SocketException: Socket closed
  at java.net.SocketOutputStream.socketWrite(Native Method)
  at java.net.SocketOutputStream.write(Unknown Source)
  at java.io.ObjectOutputStream.drain(Unknown Source)
  at java.io.ObjectOutputStream.setBlockData(Unknown Source)
  at java.io.ObjectOutputStream.writeObject(Unknown Source)
  at TunnelForwarder.run(TunnelForwarder.java:108)
  java.net.SocketException: Socket closed
  at java.net.SocketOutputStream.socketWrite(Native Method)
  at java.net.SocketOutputStream.write(Unknown Source)
  at java.io.ObjectOutputStream.drain(Unknown Source)
  at java.io.ObjectOutputStream.setBlockData(Unknown Source)
  at java.io.ObjectOutputStream.writeObject(Unknown Source)
  at TunnelForwarder.run
  The client throws the following exception. It thinks that the httpConnection is down immediately.
  java.net.SocketException: Unexpected end of file from server
  at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
  at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
  at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
  at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
  at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
  at TunnelReader.establishConnectionPath(TunnelReader.java:98)
  at TunnelReader.run(TunnelReader.java:124)
  java.lang.NullPointerException
  at TunnelReader.run(TunnelReader.java:130)
  However, the tunnel server shows that the tunnel is maintained
  And even the netstat -n shows that the connection exists
  C:\WINNT>netstat -n
  Active Connections
  Proto Local Address Foreign Address State
  |
  |
  TCP tunnelServer:3299 server:12000 ESTABLISHED
  |
  |
  TCP tunnelServer:9000 proxy:48040 ESTABLISHED
  |
  |
  The http connection is actually brought down by the proxy after a considerably long time (more than a minute).
  Regards,
  Rahuole pawer

  Do not try base your tunnel on urlConnections. After you send the message, you cannot read. The only way is to use 2 connections, because all the proxy servers support only HTTP/1.0, which was depricated by W3C in 1996 after HTTP/1.1 was accomplished. If your proxy does you are lucky. To make your tunnel working over HTTP/1.0 is terrible task of TCP stack rewriting in Java. May be someone has it implemented already. I am interested to look after.

• Architecture of firewall, cache, HTTP, and DMZ

  Assume the Web Cache server is located in the DMZ while the HTTP Server and the (web) application server is located behind the firewall (private LAN).
  1) Some resources mentioned that it is usual to place the web cache server behind the firewall but in front of the application server. If I place the web cache server in the DMZ, is it acceptable?
  2) If the answer to the Que #1 is YES, will the Web Cache server need to be installed with the HTTP Server, too, in order to communicate with the HTTP server and the application server which are located behind the firewall? --Otherwise, how will the HTTP calls from the internet be handled? (If, in this case, we do need the HTTP server in the web cache server, then, we'll have two installations of the HTTP server in DMZ and behind the firewall--is this acceptable?).
  3) Can I only install the HTTP server on the Web Cache server which is located in the DMZ? In this way, the internet calls will be handled by the HTTP Server first then it will route it to the application server behind the firewall, to avoid the installation of two copies of the HTTP servers (in front of and behind the firewall).
  4) Can I use it (The ISA Server 2004) to replace the dedicated firewall?
  If so, I'll have the firewall, the Web Cache, the HTTP server all togerther in one machine, while the Applciation Server and the Database Server will be located bihind this firewall. How feasible and acceptable is this architecture?
  5) Is it feasible and acceptable to have a web cache server to have all the functions of the caching, HTTP forwarding, and firewall functions all togerther in one machine, and place this server in the DMZ?
  Many thanks to help.
  Scott

  Yes, to answer one of your questions, you can place the web cache server in dmz, not an issue. Whether web cache server needs to be installed with HTTP server or not is dependent on how you intend to use it. This is very subjective to whether you want to use it with a browser.

• Tunneling JMS through  http

  hi
  Is there any way to tunnel JMS through http like RMI is tunneled.
  There is class along with the ApplicationServer "com.evermind.server.jms.JMSHttpTunnelServlet" which seems to be a servlet for tunnling JMS through http.
  But there seems to be no documentation or help on how to make use of it.
  Can somebody put some light on it? Or, is it possible to make use of third party JMS server to achieve this
  regards
  Raees

  hi
  Is there any way to tunnel JMS through http like RMI is tunneled.
  There is class along with the ApplicationServer "com.evermind.server.jms.JMSHttpTunnelServlet" which seems to be a servlet for tunnling JMS through http.
  But there seems to be no documentation or help on how to make use of it.
  Can somebody put some light on it? Or, is it possible to make use of third party JMS server to achieve this
  regards
  Raees

• Jdk6  RMI Tunneling  - ServletHandler - GET Operation no supported

  Hi there
  I have downloaded the jdk6 docummentacion and I want to use the RMI tunneling sample. I have already set up the Apache/Tomcat in order to to a rewrite of the rmi-cgi call to the servlet
  RewriteEngine on
  RewriteLog /var/log/httpd/rewrite.log
  RewriteLogLevel 0
  RewriteRule cgi-bin/java-rmi\.cgi$ http://myhost/maindb_dev/rmi/tunnel
  And testing the call to the cgi program it changes the url to the servlet one. So the configuration of the Servlet is OK
  Then running the RMIClient provided by the jdk
  it catches a remote exception
  Error: Error unmarshaling return header; nested exception is:
       java.io.IOException: HTTP request failed
  java.rmi.UnmarshalException: Error unmarshaling return header; nested exception is:
       java.io.IOException: HTTP request failed
       at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:209)
       at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:359)
       at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
       at java.rmi.Naming.lookup(Naming.java:84)
       at SampleRMIClient.main(SampleRMIClient.java:89)
  Caused by: java.io.IOException: HTTP request failed
       at sun.rmi.transport.proxy.HttpSendSocket.readNotify(HttpSendSocket.java:159)
       at sun.rmi.transport.proxy.HttpSendInputStream.read(HttpSendInputStream.java:66)
       at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
       at java.io.BufferedInputStream.read(BufferedInputStream.java:237)
       at java.io.DataInputStream.readByte(DataInputStream.java:248)
       at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:195)
       ... 4 more
  At the tomcat side the servletHandler outputs the following
  400Java RMI Client ErrorGET Operation not supported: Can only forward POST requests.
  So what it seems is that the RMI implementation uses a GET request instead of a POST. That is the one handle by the Servlet.
  Any body solved this?
  Thanks in advance
  Alfonso.

  Hello,
  JSR 262 (Web Services Connector for JMX Agents) offers an HTTP based Connector that is compliant with JConsole.
  The standard is not yet final but is already in public review and we don't expect major changes.
  The latest Reference Implementation (early access 3) can be downloaded from http://ws-jmx-connector.dev.java.net
  Reusing your Connector presentation I would say :
  Use of JMX WS Connector
  Advantages
  * Standard
  * Firewall friendly
  Disadvantages
  * Standalone. You need to add jars (quite a bunch actually) to JConsole classpath.
  * Less efficient than RMI or JMXMP.
  References
  Project web site : http://ws-jmx-connector.dev.java.net
  Article that cover the EA3 announcement : http://blogs.sun.com/jmxnetbeans/entry/web_services_connector_for_jmx#comments
  Article that details the Connector architecture :
  http://blogs.sun.com/jmxnetbeans/entry/up_the_metro_stack_to
  Thanks.
  Jean-Francois

• Can any body help me in reading from HTTPS URL

  I need to read an HTTPS URL and store the response within a table .
  How will I manage to do it from within a servlet using URLConnection and openStream as it does'nt work .
  How will JSSE help in this regard .
  Since I also need to give the userid and password to get into the file and read the file
  https://anyhost.com/readthisfile.html
  somnath
  Web Developer

  Hi,
  The Java Secure Socket Extension (JSSE) library from Sun Microsystems lets you access a secure Web server from behind a firewall via
  proxy tunneling. To do this, the JSSE application needs to set the https.ProxyHost and https.ProxyPort system properties. The
  tunneling code in JSSE checks for "HTTP 1.0" in the proxy's response. If your proxy, like many, returns "HTTP 1.1", you will get an
  IOException. In this case, you need to implement your own HTTPS tunneling protocol.
  In this article, I will show you how to create a secure socket that tunnels through the firewall, and pass it to the HTTPS stream handler to
  open HTTPS URLs using the URLConnection class.
  Open the http tunnel socket to the proxy
  The first step to creating your secure socket is to open the tunneling socket to the proxy port. The code needed to do this proxy
  handshaking can be found in the sample code SSLClientSocketWithTunneling.java that comes with the JSSE distribution. First, a normal socket is created that connects to
  the proxy port on the proxy host (line 65). After the socket is created, it is passed to the doTunnelHandshake() method where the proxy's tunneling protocol is called:
  54 SSLSocketFactory factory =
  55 (SSLSocketFactory)SSLSocketFactory.getDefault();
  56
  57 /*
  58 * Set up a socket to do tunneling through the proxy.
  59 * Start it off as a regular socket, then layer SSL
  60 * over the top of it.
  61 */
  62 tunnelHost = System.getProperty("https.proxyHost");
  63 tunnelPort = Integer.getInteger("https.proxyPort").intValue();
  64
  65 Socket tunnel = new Socket(tunnelHost, tunnelPort);
  66 doTunnelHandshake(tunnel, host, port);
  In doTunnelHandshake(), an http "CONNECT" command is sent to the proxy, with the secure site's hostname and port number as the parameters (line 161). In the original
  tunneling code on line 206 in JSSE, it then checks for "HTTP/1.0 200" in the proxy's reply. If your organization's proxy replies with "HTTP 1.1", an IOException will be
  thrown. To get around this, the code here checks for the reply "200 Connection Established", which indicates that tunneling is successful (line 207). You can modify the
  code to check for the expected corresponding response from your proxy:
  139 private void doTunnelHandshake(Socket tunnel, String host, int port)
  140 throws IOException
  141 {
  142 OutputStream out = tunnel.getOutputStream();
  143 String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n"
  144 + "User-Agent: "
  145 + sun.net.www.protocol.http.HttpURLConnection.userAgent
  146 + "\r\n\r\n";
  147 byte b[];
  148 try {
  149 /*
  150 * We really do want ASCII7 -- the http protocol doesn't change
  151 * with locale.
  152 */
  153 b = msg.getBytes("ASCII7");
  154 } catch (UnsupportedEncodingException ignored) {
  155 /*
  156 * If ASCII7 isn't there, something serious is wrong, but
  157 * Paranoia Is Good (tm)
  158 */
  159 b = msg.getBytes();
  160 }
  161 out.write(b);
  162 out.flush();
  163
  164 /*
  165 * We need to store the reply so we can create a detailed
  166 * error message to the user.
  167 */
  168 byte reply[] = new byte[200];
  169 int replyLen = 0;
  170 int newlinesSeen = 0;
  171 boolean headerDone = false; /* Done on first newline */
  172
  173 InputStream in = tunnel.getInputStream();
  174 boolean error = false;
  175
  176 while (newlinesSeen < 2) {
  177 int i = in.read();
  178 if (i < 0) {
  179 throw new IOException("Unexpected EOF from proxy");
  180 }
  181 if (i == '\n') {
  182 headerDone = true;
  183 ++newlinesSeen;
  184 } else if (i != '\r') {
  185 newlinesSeen = 0;
  186 if (!headerDone && replyLen < reply.length) {
  187 reply[replyLen++] = (byte) i;
  188 }
  189 }
  190 }
  191
  192 /*
  193 * Converting the byte array to a string is slightly wasteful
  194 * in the case where the connection was successful, but it's
  195 * insignificant compared to the network overhead.
  196 */
  197 String replyStr;
  198 try {
  199 replyStr = new String(reply, 0, replyLen, "ASCII7");
  200 } catch (UnsupportedEncodingException ignored) {
  201 replyStr = new String(reply, 0, replyLen);
  202 }
  203
  204 /* We check for Connection Established because our proxy returns
  205 * HTTP/1.1 instead of 1.0 */
  206 //if (!replyStr.startsWith("HTTP/1.0 200")) {
  207 if(replyStr.toLowerCase().indexOf(
  208 "200 connection established") == -1){
  209 throw new IOException("Unable to tunnel through "
  210 + tunnelHost + ":" + tunnelPort
  211 + ". Proxy returns \"" + replyStr + "\"");
  212 }
  213
  214 /* tunneling Handshake was successful! */
  215 }
  Overlay http tunnel socket with SSL socket
  After you have successfully created the tunneling socket, you overlay it with the SSL socket. Again, this is not difficult to do:
  54 SSLSocketFactory factory =
  55 (SSLSocketFactory)SSLSocketFactory.getDefault();
  56
  57 /*
  58 * Set up a socket to do tunneling through the proxy.
  59 * Start it off as a regular socket, then layer SSL
  60 * over the top of it.
  61 */
  62 tunnelHost = System.getProperty("https.proxyHost");
  63 tunnelPort = Integer.getInteger("https.proxyPort").intValue();
  64
  65 Socket tunnel = new Socket(tunnelHost, tunnelPort);
  66 doTunnelHandshake(tunnel, host, port);
  67
  68 /*
  69 * Ok, let's overlay the tunnel socket with SSL.
  70 */
  71 SSLSocket socket =
  72 (SSLSocket)factory.createSocket(tunnel, host, port, true);
  73
  74 /*
  75 * register a callback for handshaking completion event
  76 */
  77 socket.addHandshakeCompletedListener(
  78 new HandshakeCompletedListener() {
  79 public void handshakeCompleted(
  80 HandshakeCompletedEvent event) {
  81 System.out.println("Handshake finished!");
  82 System.out.println(
  83 "\t CipherSuite:" + event.getCipherSuite());
  84 System.out.println(
  85 "\t SessionId " + event.getSession());
  86 System.out.println(
  87 "\t PeerHost " + event.getSession().getPeerHost());
  88 }
  89 }
  90 );
  The code had called the SSLSocketFactory's getDefault() method earlier to get an instance of the SSLSocketFactory (line 54, repeated above). Next, it passes the
  tunneling socket that was created in the previous step to the createSocket() method of the SSLSocketFactory. The createSocket() method returns an SSLSocket that is
  connected to the destination host and port via the proxy tunnel. You can optionally add a HandshakeCompletedListener to the socket if you wish to be informed when the
  SSL handshaking is completed.
  The SSLSocket created is basically ready for use to transfer secure contents. The startHandshake() method is called to start the SSL handshaking (line 98). After which, you
  can issue the http "GET" command to retrieve the secure pages (line 105):
  91
  92 /*
  93 * send http request
  94 *
  95 * See SSLSocketClient.java for more information about why
  96 * there is a forced handshake here when using PrintWriters.
  97 */
  98 socket.startHandshake();
  99
  100 PrintWriter out = new PrintWriter(
  101 new BufferedWriter(
  102 new OutputStreamWriter(
  103 socket.getOutputStream())));
  104
  105 out.println("GET http://www.verisign.com/index.html HTTP/1.0");
  106 out.println();
  107 out.flush();
  However, issuing http commands to the tunneling SSL socket to access Webpages is not ideal because it would mean having to rewrite the whole http protocol handler from
  scratch. Instead, you should use the HTTPS URL APIs that the JSSE already includes for that purpose. To do this, you have to pass the tunneling SSL socket to the HTTPS URL
  stream handler.
  Pass SSL socket to HTTPS URL stream handler
  The JSSE library has an HttpsURLConnection class that is in the com.sun.net.ssl package, which extends the java.net.URLConnection class. An HttpsURLConnection object
  is returned by the URL object's openConnection() method when "HTTPS" is specified as the protocol. The HttpsURLConnection class has a method, setSSLSocketFactory(),
  that lets you set an SSLSocketFactory of your choice. To pass the tunneling SSL socket to the HTTPS URL stream handler, you would set the setSSLSocketFactory()
  method's parameter with a socket factory that returns the tunneling SSL socket that you created previously.
  To do this, you would wrap the code discussed previously in an SSLTunnelSocketFactory class that extends from the SSLSocketFactory class. The SSLSocketFactory is an
  abstract class. To extend it, you must implement the createSocket() method to return the tunneling SSL socket that you created earlier:
  12 public SSLTunnelSocketFactory(String proxyhost, String proxyport){
  13 tunnelHost = proxyhost;
  14 tunnelPort = Integer.parseInt(proxyport);
  15 dfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
  16 }
  44 public Socket createSocket(Socket s, String host, int port,
  45 boolean autoClose)
  46 throws IOException,UnknownHostException
  47 {
  48
  49 Socket tunnel = new Socket(tunnelHost,tunnelPort);
  50
  51 doTunnelHandshake(tunnel,host,port);
  52
  53 SSLSocket result = (SSLSocket)dfactory.createSocket(
  54 tunnel,host,port,autoClose);
  55
  56 result.addHandshakeCompletedListener(
  57 new HandshakeCompletedListener() {
  58 public void handshakeCompleted(HandshakeCompletedEvent event) {
  59 System.out.println("Handshake finished!");
  60 System.out.println(
  61 "\t CipherSuite:" + event.getCipherSuite());
  62 System.out.println(
  63 "\t SessionId " + event.getSession());
  64 System.out.println(
  65 "\t PeerHost " + event.getSession().getPeerHost());
  66 }
  67 }
  68 );
  69
  70 result.startHandshake();
  71
  72 return result;
  73 }
  Notice that the SSLTunnelSocketFactory contains a default SSLSocketFactory object. The default SSLSocketFactory object can be instantiated from a call to the static
  method getDefault() (line 15). You need this SSLSocketFactory object to overlay the tunnel socket with the SSL socket, as discussed earlier. You also call the default
  object's getDefaultCipherSuites() and getSupportedCipherSuites() methods when implementing the corresponding abstract methods of the SSLSocketFactory super
  class. For implementation details, please refer to the complete source code for the SSLTunnelSocketFactory in Resources.
  Tunnel through the proxy via URLConnection
  To tunnel through the proxy via URLConnection in your JSSE application, after you call the openConnection() method, check if the returned object is that of the
  HttpsURLConnection. If so, you instantiate your SSLTunnelSocketFactory object and set it in the setSSLSocketFactory() method (lines 22 through 25):
  10 public class URLTunnelReader {
  11 private final static String proxyHost = "proxy.sg.ibm.com";
  12 private final static String proxyPort = "80";
  13
  14 public static void main(String[] args) throws Exception {
  15 System.setProperty("java.protocol.handler.pkgs",
  16 "com.sun.net.ssl.internal.www.protocol");
  17 //System.setProperty("https.proxyHost",proxyHost);
  18 //System.setProperty("https.proxyPort",proxyPort);
  19
  20 URL verisign = new URL("https://www.verisign.com");
  21 URLConnection urlc = verisign.openConnection(); //from secure site
  22 if(urlc instanceof com.sun.net.ssl.HttpsURLConnection){
  23 ((com.sun.net.ssl.HttpsURLConnection)urlc).setSSLSocketFactory
  24 (new SSLTunnelSocketFactory(proxyHost,proxyPort));
  25 }
  26
  27 BufferedReader in = new BufferedReader(
  28 new InputStreamReader(
  29 urlc.getInputStream()));
  30
  31 String inputLine;
  32
  33 while ((inputLine = in.readLine()) != null)
  34 System.out.println(inputLine);
  35
  36 in.close();
  37 }
  38 }
  You can then access the HTTPS URLs using the APIs provided by the URLConnection class. You don't need to worry about the format of the http GET and POST commands,
  which you would if you used the SSL Socket APIs.
  The complete source code for the SSLTunnelSocketFactory and the application code that connects to a secure URL using proxy tunneling is included in Resources. To
  compile and run the application, you would need to download and install Sun's JSSE from its Website, also listed in Resources.
  Conclusion
  If your JSSE application could not tunnel through your organization's firewall, you need to implement your own tunneling socket. The sample code included with the JSSE
  distribution shows you how to open an SSL socket tunnel. This article goes one step further to show you how to pass the tunneling socket to the HTTPS URL stream handler,
  and saves you the trouble of rewriting a http handler
  I hope this will help you.
  Thanks
  Bakrudeen

• XI 3.1 Infoview HTTPS/SSL configuration

  How do I setup Infoview so I can access it via https from outside our LAN?
  Our environment currently runs on Tomcat 5.5 and I have SSO configured with vintela and kerberos. Everything works great and can access InfoView and CMC from inside our network via http. I would like to set up our environment to access InfoView from the outside and was wondering if I just need to configure Tomcat for https.
  -Our firewall is already configure to allow access to the server via https
  -Looking at the Admin Guide, doesn't seem like I need WACS
  -Looking at the Admin Guide chapter 6, I'm not sure if I need to implement this either.

  Thank you very much for the help.
  I actually used the Tomcat keytool to create a cert for my dev environment ( http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html ) but followed your instructions for the rest. I now have a https connection for the server.
  I currently have the default port set up for 80 and 433 for https. The problem I have now is that when I go to https://{server name}/InfoViewApp, it connects but then redirects to http://{server name}:8080/InfoViewApp.
  Do you know where I change this redirect from 8080 to 80?
  Current Settings in Business Objects\Tomcat55\conf\server.xml
  <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
      <Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="16384" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="80" redirectPort="443"/>
      <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
      <Connector port="443" maxHttpHeaderSize="8192"...

• Tunneling result unspecified/No available router to dest weblogic 10.0 MP1

  Hi,
  I have some problems with my weblogic installation. I would like to desploy via eclipse and get the following error messages.
  Some configuration input:
  -firewall is off
  Eclipse
  base directory: ${project_path}
  Goals: install weblogic:deploy
  weblogic.home .......bea\wlserver_10.0
  Maven-Runtime: .......\apache-maven-2.1.0
  Also I added some datasources. But in my opinion I did no further configurations.
  [INFO] [weblogic:deploy]
  [INFO] Weblogic Deployment beginning with parameters DeployMojoBase[adminServerHostName = 127.0.0.1, adminServerProtocol = http, adminServerPort = 7001, userId = weblogic, password = weblogic, artifactPath = ..........info_ear-0.0.1-SNAPSHOT, projectPackaging = ear, name = ..........info_ear, targetNames = AdminServer, remote = false]
  [INFO] Weblogic Deployment parameters [-adminurl, http://127.0.0.1:7001, -username, weblogic, -password, weblogic, -name, ..........info_ear, -targets, AdminServer, -source, ..........info_ear-0.0.1-SNAPSHOT, -deploy]
  weblogic.Deployer invoked with options: -adminurl http://127.0.0.1:7001 -username weblogic -name bs_country_info_ear -targets AdminServer -source ..........info_ear-0.0.1-SNAPSHOT -deploy
  javax.enterprise.deploy.spi.exceptions.DeploymentManagerCreationException
       at weblogic.deploy.api.spi.deploy.WebLogicDeploymentManagerImpl.<init>(WebLogicDeploymentManagerImpl.java:121)
       at weblogic.deploy.api.spi.factories.internal.DeploymentFactoryImpl.getDeploymentManager(DeploymentFactoryImpl.java:84)
       at weblogic.deploy.api.tools.SessionHelper.getDeploymentManager(SessionHelper.java:432)
       at weblogic.deploy.api.tools.deployer.Jsr88Operation.connect(Jsr88Operation.java:304)
       at weblogic.deploy.api.tools.deployer.Deployer.perform(Deployer.java:137)
       at weblogic.deploy.api.tools.deployer.Deployer.runBody(Deployer.java:88)
       at weblogic.utils.compiler.Tool.run(Tool.java:158)
       at weblogic.utils.compiler.Tool.run(Tool.java:115)
       at weblogic.Deployer.run(Deployer.java:70)
       at org.codehaus.mojo.weblogic.DeployMojoBase.executeDeployer(DeployMojoBase.java:510)
       at org.codehaus.mojo.weblogic.DeployMojo.execute(DeployMojo.java:49)
       at org.apache.maven.plugin.DefaultPluginManager.executeMojo(DefaultPluginManager.java:483)
       at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoals(DefaultLifecycleExecutor.java:678)
       at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeStandaloneGoal(DefaultLifecycleExecutor.java:553)
       at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoal(DefaultLifecycleExecutor.java:523)
       at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoalAndHandleFailures(DefaultLifecycleExecutor.java:371)
       at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeTaskSegments(DefaultLifecycleExecutor.java:332)
       at org.apache.maven.lifecycle.DefaultLifecycleExecutor.execute(DefaultLifecycleExecutor.java:181)
       at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:356)
       at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:137)
       at org.apache.maven.cli.MavenCli.main(MavenCli.java:356)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:592)
       at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
       at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
       at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
       at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
  Caused by: weblogic.deploy.api.spi.exceptions.ServerConnectionException
       at weblogic.deploy.api.spi.deploy.internal.ServerConnectionImpl.init(ServerConnectionImpl.java:143)
       at weblogic.deploy.api.spi.deploy.WebLogicDeploymentManagerImpl.getNewConnection(WebLogicDeploymentManagerImpl.java:148)
       at weblogic.deploy.api.spi.deploy.WebLogicDeploymentManagerImpl.<init>(WebLogicDeploymentManagerImpl.java:118)
       ... 28 more
  Caused by: javax.naming.CommunicationException [Root exception is java.net.ConnectException: http://127.0.0.1:7001: Destination unreachable; nested exception is:
       java.net.ProtocolException: Tunneling result unspecified - is the HTTP server at host: 'localhost' and port: '7001' a WebLogic Server?; No available router to destination]
       at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)
       at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773)
       at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:363)
       at weblogic.jndi.Environment.getContext(Environment.java:307)
       at weblogic.jndi.Environment.getContext(Environment.java:277)
       at weblogic.jndi.Environment.createInitialContext(Environment.java:200)
       at weblogic.jndi.Environment.getInitialContext(Environment.java:184)
       at weblogic.jndi.Environment.getInitialContext(Environment.java:162)
       at weblogic.deploy.api.spi.deploy.internal.ServerConnectionImpl.getContext(ServerConnectionImpl.java:330)
       at weblogic.deploy.api.spi.deploy.internal.ServerConnectionImpl.getEnvironment(ServerConnectionImpl.java:302)
       at weblogic.deploy.api.spi.deploy.internal.ServerConnectionImpl.init(ServerConnectionImpl.java:141)
       ... 30 more
  Caused by: java.net.ConnectException: http://127.0.0.1:7001: Destination unreachable; nested exception is:
       java.net.ProtocolException: Tunneling result unspecified - is the HTTP server at host: 'localhost' and port: '7001' a WebLogic Server?; No available router to destination
       at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:204)
       at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:154)
       at weblogic.jndi.WLInitialContextFactoryDelegate$1.run(WLInitialContextFactoryDelegate.java:342)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:337)
       ... 38 more
  Caused by: java.rmi.ConnectException: Destination unreachable; nested exception is:
       java.net.ProtocolException: Tunneling result unspecified - is the HTTP server at host: 'localhost' and port: '7001' a WebLogic Server?; No available router to destination
       at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:472)
       at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:323)
       at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:263)
       at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:206)
       at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:226)
       at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:189)
       ... 43 more
  Unable to connect to 'http://127.0.0.1:7001': Destination unreachable; nested exception is:
       java.net.ProtocolException: Tunneling result unspecified - is the HTTP server at host: 'localhost' and port: '7001' a WebLogic Server?; No available router to destination. Ensure the url represents a running admin server and that the credentials are correct. If using http protocol, tunneling must be enabled on the admin server.
  The last lines are very confuse because I can connect to the web interface of the weblogic server. That's no problem.
  Does anyone have some ideas to solve my problem?
  Thanks!
  Edited by: user3467436 on 07.08.2009 02:09

  I think you must enable HTTP tunneling in WebLogic Server, Go to Administration Console at Environment > Servers > AdminServer > Protocols > HTTP and set Enable Tunneling= true.
  Alternatively you can change [http://localhost:7001] by [t3://localhost:7001] in Eclipse deployment tool.

• Help needed for CORBA over Http through proxy server[Very Urgent]

  Hi Friendz,
  I am new to J2EE. Right now I am learning RMI, Corba now.
  In RMI, to pass through Http to bypass firewall or through proxy sever, we can use either Http to port or Http to CGI/Servlet i.e., Http tunneling.
  In the same, I am running a simple corba application, i want my corba application to pass through my proxy server using http which is configured to address 127.0.0.1 and port 8118.
  How to pass my corba application through proxy server. please help me and it is very urgent.
  Is it possible or not, please let me know some comments about this topic
  Thanks in advance Friends for your help

  This is so extremely urgent that it needs to be asked multiple times.
  http://forum.java.sun.com/thread.jspa?threadID=762950